Jump to content

Recommended Posts

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6874

Windows 6.1.7600 (Safe Mode)

Internet Explorer 8.0.7600.16385

6/16/2011 8:58:23 PM

mbam-log-2011-06-16 (20-58-23).txt

Scan type: Quick scan

Objects scanned: 147931

Time elapsed: 2 minute(s), 29 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

.

DDS (Ver_2011-06-12.02) - NTFSx86

Internet Explorer: 8.0.7600.16385

Run by Joe at 0:21:11 on 2011-06-17

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1913.1112 [GMT -7:00]

.

AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\windows\system32\igfxsrvc.exe

C:\Program Files\TOSHIBA\Utilities\KeNotify.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\windows\system32\taskeng.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\windows\system32\igfxext.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\windows\System32\svchost.exe -k LocalServicePeerNet

C:\windows\system32\wbem\wmiprvse.exe

C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

C:\windows\system32\SearchIndexer.exe

C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\windows\system32\DllHost.exe

C:\windows\system32\DllHost.exe

C:\windows\system32\conhost.exe

.

============== Pseudo HJT Report ===============

.

uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\18.6.0.29\ips\IPSBHO.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [MyTOSHIBA] "c:\program files\toshiba\my toshiba\MyToshiba.exe" /AUTO

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

mRun: [<NO NAME>]

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [sVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL

mRun: [HWSetup] "c:\program files\toshiba\utilities\HWSetup.exe" hwSetUP

mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe

mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

mRun: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60

mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe

mRun: [NortonOnlineBackupReminder] "c:\program files\toshiba\toshiba online backup\activation\TobuActivation.exe" UNATTENDED

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office11\REFIEBAR.DLL

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{0E56D16E-E361-4B5D-ACC6-F067DB2020A8} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{0E56D16E-E361-4B5D-ACC6-F067DB2020A8}\2456162734F6D60234F637471602D4563716 : DhcpNameServer = 10.10.1.1 172.27.10.92 172.27.10.93

TCP: Interfaces\{0E56D16E-E361-4B5D-ACC6-F067DB2020A8}\760347F6E697 : DhcpNameServer = 68.190.192.35 71.9.127.107 24.205.192.61

TCP: Interfaces\{0E56D16E-E361-4B5D-ACC6-F067DB2020A8}\C696E6B6379737 : DhcpNameServer = 10.229.151.251 10.229.151.250 4.2.2.1

TCP: Interfaces\{C69908FA-99E1-422D-9023-B4F19A790028} : DhcpNameServer = 192.168.0.1

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: igfxcui - igfxdev.dll

mASetup: {01250B8F-D947-4F8A-9408-FE8E3EE2EC92} - c:\program files\toshiba\my toshiba\MyToshiba.exe /SETUP

.

============= SERVICES / DRIVERS ===============

.

R0 BlackBox;BlackBox SR2;c:\windows\system32\drivers\BlackBox.sys [2011-6-12 35712]

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1206000.01d\symds.sys [2011-5-31 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1206000.01d\symefa.sys [2011-5-31 744568]

R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\bashdefs\20110616.003\BHDrvx86.sys [2011-6-16 810616]

R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\ipsdefs\20110615.001\IDSvix86.sys [2011-6-15 367736]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1206000.01d\ironx86.sys [2011-5-31 136312]

R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\nav\1206000.01d\symnets.sys [2011-5-31 296568]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-8-10 185712]

R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]

R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\18.6.0.29\ccsvchst.exe [2011-5-31 130008]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-6-15 105592]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-9-10 167936]

R3 RTL8187B;Realtek RTL8187B Wireless 802.11bg 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2009-9-10 374272]

R3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2009-9-10 54136]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-9-17 111960]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-26 135664]

S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-16 366640]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-26 135664]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-9-10 171008]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-11 1343400]

.

=============== Created Last 30 ================

.

2011-06-17 03:12:01 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-13 05:27:15 35712 ----a-w- c:\windows\system32\drivers\BlackBox.sys

2011-06-13 04:20:28 802304 ----a-w- c:\windows\system32\FntCache.dll

2011-06-13 04:20:28 739840 ----a-w- c:\windows\system32\d2d1.dll

2011-06-13 04:20:28 1074176 ----a-w- c:\windows\system32\DWrite.dll

2011-06-13 04:12:25 -------- d-----w- c:\windows\en

2011-06-13 04:09:54 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll

2011-06-13 04:09:54 515416 ----a-w- c:\windows\system32\XAudio2_5.dll

2011-06-13 04:09:54 453456 ----a-w- c:\windows\system32\d3dx10_42.dll

2011-06-13 04:09:13 469256 ----a-w- c:\program files\common files\windows live\.cache\a6667f951cc297f2b\InstallManager_WLE_WLE.exe

2011-06-13 04:08:53 15712 ----a-w- c:\program files\common files\windows live\.cache\9b525dc01cc297f20\MeshBetaRemover.exe

2011-06-13 04:08:22 94040 ----a-w- c:\program files\common files\windows live\.cache\886795cb1cc297f18\DSETUP.dll

2011-06-13 04:08:22 525656 ----a-w- c:\program files\common files\windows live\.cache\886795cb1cc297f18\DXSETUP.exe

2011-06-13 04:08:22 1691480 ----a-w- c:\program files\common files\windows live\.cache\886795cb1cc297f18\dsetup32.dll

2011-06-13 04:08:18 94040 ----a-w- c:\program files\common files\windows live\.cache\85b8c05d1cc297f17\DSETUP.dll

2011-06-13 04:08:18 525656 ----a-w- c:\program files\common files\windows live\.cache\85b8c05d1cc297f17\DXSETUP.exe

2011-06-13 04:08:18 1691480 ----a-w- c:\program files\common files\windows live\.cache\85b8c05d1cc297f17\dsetup32.dll

2011-06-13 04:07:26 -------- d-----w- c:\users\joe\appdata\local\Windows Live

2011-06-12 07:55:47 -------- d-----w- c:\users\joe\appdata\roaming\Malwarebytes

2011-06-12 07:55:36 -------- d-----w- c:\programdata\Malwarebytes

2011-06-12 07:55:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-10 17:46:20 -------- d-----w- c:\users\joe\appdata\local\NPE

2011-06-10 17:30:42 -------- d-----w- c:\users\joe\appdata\local\Diagnostics

2011-06-10 17:23:45 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-01 02:36:13 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2011-06-01 02:36:13 -------- d-----w- c:\program files\Symantec

2011-06-01 02:36:13 -------- d-----w- c:\program files\common files\Symantec Shared

2011-06-01 02:36:03 744568 ----a-w- c:\windows\system32\drivers\nav\1206000.01d\symefa.sys

2011-06-01 02:36:03 516216 ----a-w- c:\windows\system32\drivers\nav\1206000.01d\srtsp.sys

2011-06-01 02:36:03 50168 ----a-w- c:\windows\system32\drivers\nav\1206000.01d\srtspx.sys

2011-06-01 02:36:03 340088 ----a-w- c:\windows\system32\drivers\nav\1206000.01d\symds.sys

2011-06-01 02:36:03 296568 ----a-w- c:\windows\system32\drivers\nav\1206000.01d\symnets.sys

2011-06-01 02:36:03 136312 ----a-w- c:\windows\system32\drivers\nav\1206000.01d\ironx86.sys

2011-06-01 02:35:47 -------- d-----w- c:\windows\system32\drivers\nav\1206000.01D

2011-06-01 02:35:29 -------- d-----w- c:\windows\system32\drivers\NAV

2011-06-01 02:35:27 -------- d-----w- c:\program files\Norton AntiVirus

2011-06-01 02:23:47 -------- d-----w- c:\program files\NortonInstaller

2011-05-27 21:27:02 747356 ----a-w- c:\windows\system32\PerfStringBackup.TMP

2011-05-27 20:15:31 6962000 ---ha-w- c:\programdata\microsoft\windows defender\definition updates\{0e61626e-1b97-4281-ac50-341e30ff6e65}\mpengine.dll

2011-05-27 20:15:07 26496 ---ha-w- c:\windows\system32\drivers\Diskdump.sys

2011-05-19 19:02:31 123904 ----a-w- c:\windows\system32\poqexec.exe

.

==================== Find3M ====================

.

2011-04-09 06:13:06 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-04-09 06:13:06 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-03-25 03:06:46 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys

2011-03-25 03:06:25 284160 ----a-w- c:\windows\system32\drivers\usbport.sys

2011-03-25 03:06:23 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2011-03-25 03:06:12 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys

2011-03-25 03:06:11 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys

2011-03-25 03:06:10 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2011-03-25 03:06:06 5888 ----a-w- c:\windows\system32\drivers\usbd.sys

.

============= FINISH: 0:21:45.69 ===============

Attach.txt

ark.txt

Link to post
Share on other sites

  • Replies 54
  • Created
  • Last Reply

Top Posters In This Topic

Hello divinetiger and welcome to Malwarebytes! :welcome:

I am D-FRED-BROWN and I will be helping you. :)

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

--------------------------

Please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):

  • TDSSKiller_log.txt
how the PC is running now?
-------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Please go here to see a list of programs that should be disabled.
**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**
Please include the C:\ComboFix.txt in your next reply for further review.
Also, please let me know if any problems still remain.
-------------
Please download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-------------

In your next reply, please include:

  • C:\ComboFix.txt
  • TDSSKiller log
  • Security Check checkup.txt

Link to post
Share on other sites

I downloaded the file. Right clicked it and selected "extract all".

I then opened the tdsskiller file and double clicked "TDSSKiller.exe" but nothing happens. It hour-glasses a bit, then nothing. I also tried to right click-open and then right click-run as administrator. Both had the same result.

-DT

Link to post
Share on other sites

ComboFix 11-06-26.01 - Joe 06/26/2011 11:47:22.1.1 - x86

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1913.1231 [GMT -7:00]

Running from: c:\users\Joe\Desktop\ComboFix.exe

AV: Norton AntiVirus *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\xp

c:\programdata\xp\EBLib.dll

c:\programdata\xp\TPwSav.sys

c:\users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery

c:\users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery\Uninstall Windows 7 Recovery.lnk

c:\users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Recovery\Windows 7 Recovery.lnk

c:\users\Joe\Desktop\Windows 7 Recovery.lnk

c:\users\Joe\GoToAssistDownloadHelper.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-05-26 to 2011-06-26 )))))))))))))))))))))))))))))))

.

.

2011-06-26 18:54 . 2011-06-26 18:54 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-06-26 18:43 . 2011-06-26 18:45 -------- d-----w- C:\32788R22FWJFW

2011-06-17 03:12 . 2011-05-29 16:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-13 05:27 . 2011-06-17 05:42 35712 ----a-w- c:\windows\system32\drivers\BlackBox.sys

2011-06-13 04:20 . 2011-02-19 05:33 802304 ----a-w- c:\windows\system32\FntCache.dll

2011-06-13 04:20 . 2011-02-19 05:32 1074176 ----a-w- c:\windows\system32\DWrite.dll

2011-06-13 04:20 . 2011-02-19 05:32 739840 ----a-w- c:\windows\system32\d2d1.dll

2011-06-13 04:12 . 2011-06-13 04:12 -------- d-----w- c:\windows\en

2011-06-13 04:09 . 2009-09-05 00:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll

2011-06-13 04:09 . 2009-09-05 00:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll

2011-06-13 04:09 . 2009-09-05 00:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll

2011-06-13 04:09 . 2011-06-13 04:09 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\a6667f951cc297f2b\InstallManager_WLE_WLE.exe

2011-06-13 04:08 . 2011-06-13 04:08 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\9b525dc01cc297f20\MeshBetaRemover.exe

2011-06-13 04:08 . 2011-06-13 04:08 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\886795cb1cc297f18\DSETUP.dll

2011-06-13 04:08 . 2011-06-13 04:08 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\886795cb1cc297f18\DXSETUP.exe

2011-06-13 04:08 . 2011-06-13 04:08 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\886795cb1cc297f18\dsetup32.dll

2011-06-13 04:08 . 2011-06-13 04:08 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\85b8c05d1cc297f17\DSETUP.dll

2011-06-13 04:08 . 2011-06-13 04:08 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\85b8c05d1cc297f17\DXSETUP.exe

2011-06-13 04:08 . 2011-06-13 04:08 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\85b8c05d1cc297f17\dsetup32.dll

2011-06-13 04:07 . 2011-06-26 17:17 -------- d-----w- c:\users\Joe\AppData\Local\Windows Live

2011-06-12 07:55 . 2011-06-12 07:55 -------- d-----w- c:\users\Joe\AppData\Roaming\Malwarebytes

2011-06-12 07:55 . 2011-06-12 07:55 -------- d-----w- c:\programdata\Malwarebytes

2011-06-12 07:55 . 2011-06-17 03:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-10 17:46 . 2011-06-13 05:27 -------- d-----w- c:\users\Joe\AppData\Local\NPE

2011-06-10 17:30 . 2011-06-23 07:03 -------- d-----w- c:\users\Joe\AppData\Local\Diagnostics

2011-06-10 17:23 . 2011-06-17 07:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-01 02:36 . 2011-06-01 02:38 -------- d-----w- c:\program files\Common Files\Symantec Shared

2011-06-01 02:36 . 2011-06-01 02:36 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2011-06-01 02:36 . 2011-06-01 02:36 -------- d-----w- c:\program files\Symantec

2011-06-01 02:35 . 2011-06-01 02:36 -------- d-----w- c:\windows\system32\drivers\NAV

2011-06-01 02:35 . 2011-06-01 02:35 -------- d-----w- c:\program files\Norton AntiVirus

2011-06-01 02:23 . 2011-06-01 02:41 -------- d-----w- c:\program files\NortonInstaller

2011-05-27 21:27 . 2011-06-26 17:49 747356 ----a-w- c:\windows\system32\PerfStringBackup.TMP

2011-05-27 20:15 . 2011-05-09 20:46 6962000 ---ha-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0E61626E-1B97-4281-AC50-341E30FF6E65}\mpengine.dll

2011-05-27 20:15 . 2011-04-22 19:36 26496 ---ha-w- c:\windows\system32\drivers\Diskdump.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-13 04:10 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-04-09 06:13 . 2011-05-11 21:13 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-04-09 06:13 . 2011-05-11 21:13 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-04-09 05:56 . 2011-05-19 19:02 123904 ----a-w- c:\windows\system32\poqexec.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MyTOSHIBA"="c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe" [2009-08-06 264048]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-22 39408]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-23 4240760]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-06 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-06 174104]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-06 151064]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-29 7625248]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-21 1545512]

"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-07-10 352256]

"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 425984]

"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-01-14 34088]

"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-05 476512]

"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]

"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]

"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-11-29 1294712]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-09-17 611672]

"NortonOnlineBackupReminder"="c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-07-16 529256]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-26 135664]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-26 135664]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-17 171008]

R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-11 1343400]

R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-23 691696]

S0 BlackBox;BlackBox SR2; [x]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1206000.01D\SYMDS.SYS [2011-01-27 340088]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1206000.01D\SYMEFA.SYS [2011-03-15 744568]

S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20110616.003\BHDrvx86.sys [2011-05-19 810616]

S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20110624.050\IDSvix86.sys [2011-06-03 367736]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1206000.01D\Ironx86.SYS [2011-01-27 136312]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NAV\1206000.01D\SYMNETS.SYS [2011-03-22 296568]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2009-08-11 185712]

S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]

S2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-06-01 105592]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-23 167936]

S3 RTL8187B;Realtek RTL8187B Wireless 802.11bg 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-07-01 374272]

S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-29 54136]

S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-09-17 111960]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]

2009-08-06 16:15 264048 ---ha-w- c:\program files\TOSHIBA\My Toshiba\MyToshiba.exe

.

Contents of the 'Scheduled Tasks' folder

.

2011-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc27946295572c.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-26 20:41]

.

2011-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cc279463d1ee30.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-26 20:41]

.

.

------- Supplementary Scan -------

.

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.0.1

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NAV]

"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-06-26 12:00:01

ComboFix-quarantined-files.txt 2011-06-26 19:00

.

Pre-Run: 205,824,528,384 bytes free

Post-Run: 205,913,600,000 bytes free

.

- - End Of File - - E983C2B1AD8262C9023E4EADFDE3EB5A

AND NOW SECURITY CHECK RESULTS:

Results of screen317's Security Check version 0.99.16

Windows 7 (UAC is enabled)

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

Norton AntiVirus

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 14

Out of date Java installed!

Adobe Flash Player

````````````````````````````````

Process Check:

objlist.exe by Laurent

Norton ccSvcHst.exe

``````````End of Log````````````

Link to post
Share on other sites

Hi again. :)

Are you still experiencing any redirects?

Please do the following ;) :

----------

Please download and run the following file: http://download.bleepingcomputer.com/grinler/beta/unhide.exe

Let me know if that restores your missing Start Menu and Desktop shortcuts.

Please note that if you have recently delted your temporary files, you will be unable to restore these missing shortcuts.

----------

Please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):

  • TDSSKiller_log.txt

how the PC is running now?

----------

Please include the TDSSKiller report in your next reply, and let me know of any issues you've encountered. :)

Link to post
Share on other sites

Try this:

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Once you are in Safe Mode, locate and run TDSSKiller.exe (or divinetiger.exe ;)). If you are successful, please post the log that it produces.

Link to post
Share on other sites

Please download maxhandle.exe by noahdfear to your desktop

  • Double click and run the application
  • An active internet connection is required so that maxhandle.exe may download a tool from SysInternals (every time it is run).
  • Log is saved to c:\maxhandle.txt
  • If Max++ is not found Nothing found! is echoed to the screen - no log is produced.

Please post the results for my review

----------

Please do the following:

  • Please download aswMBR.exe from here and save it to your Desktop.
  • Double click aswMBR.exe to start the tool. (Vista - Win 7 Rt click to run as Administrator)
  • Click Scan
  • Upon completion of the scan, click Save log and save it to your Desktop, and post that log in your next reply. Do NOT attempt any Fix at this time!
  • This will also create a file on your Desktop named MBR.dat. Right click that file and select Send To->Compressed (zipped) folder. Attach that zipped folder in your next reply as well.

----------

Please include the maxhandle report (if one was created), and the aswMBR log and MBR.dat zip file in your next reply.

Link to post
Share on other sites

aswMBR version 0.9.7.675 Copyright© 2011 AVAST Software

Run date: 2011-06-26 13:53:09

-----------------------------

13:53:09.766 OS Version: Windows 6.1.7600

13:53:09.766 Number of processors: 1 586 0x170A

13:53:09.766 ComputerName: JOE-PC UserName: Joe

13:53:11.373 Initialize success

13:56:22.545 AVAST engine defs: 11062601

13:59:39.015 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

13:59:39.015 Disk 0 Vendor: TOSHIBA_ FG00 Size: 238475MB BusType: 3

13:59:39.030 Disk 0 MBR read successfully

13:59:39.030 Disk 0 MBR scan

13:59:39.030 Disk 0 unknown MBR code

13:59:39.046 Disk 0 scanning sectors +488396800

13:59:39.077 Disk 0 scanning C:\windows\system32\drivers

13:59:48.259 Service scanning

13:59:49.138 Disk 0 trace - called modules:

13:59:49.161 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x867241ed]<<

13:59:49.161 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x866f8030]

13:59:49.171 3 CLASSPNP.SYS[8924e59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x858da028]

13:59:49.171 \Driver\iaStor[0x858f8548] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x867241ed

13:59:50.557 AVAST engine scan C:\windows

14:01:39.036 Disk 0 MBR has been saved successfully to "C:\Users\Joe\Desktop\MBR.dat"

14:01:39.052 The log file has been saved successfully to "C:\Users\Joe\Desktop\aswMBR.txt"

aswMBR version 0.9.7.675 Copyright© 2011 AVAST Software

Run date: 2011-06-26 13:53:09

-----------------------------

13:53:09.766 OS Version: Windows 6.1.7600

13:53:09.766 Number of processors: 1 586 0x170A

13:53:09.766 ComputerName: JOE-PC UserName: Joe

13:53:11.373 Initialize success

13:56:22.545 AVAST engine defs: 11062601

13:59:39.015 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

13:59:39.015 Disk 0 Vendor: TOSHIBA_ FG00 Size: 238475MB BusType: 3

13:59:39.030 Disk 0 MBR read successfully

13:59:39.030 Disk 0 MBR scan

13:59:39.030 Disk 0 unknown MBR code

13:59:39.046 Disk 0 scanning sectors +488396800

13:59:39.077 Disk 0 scanning C:\windows\system32\drivers

13:59:48.259 Service scanning

13:59:49.138 Disk 0 trace - called modules:

13:59:49.161 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x867241ed]<<

13:59:49.161 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x866f8030]

13:59:49.171 3 CLASSPNP.SYS[8924e59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x858da028]

13:59:49.171 \Driver\iaStor[0x858f8548] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x867241ed

13:59:50.557 AVAST engine scan C:\windows

14:01:39.036 Disk 0 MBR has been saved successfully to "C:\Users\Joe\Desktop\MBR.dat"

14:01:39.052 The log file has been saved successfully to "C:\Users\Joe\Desktop\aswMBR.txt"

14:17:07.514 Disk 0 MBR has been saved successfully to "C:\Users\Joe\Desktop\MBR.dat"

14:17:07.536 The log file has been saved successfully to "C:\Users\Joe\Desktop\aswMBR.txt"

MBR.zip

Link to post
Share on other sites

Let's try running TDSSKiller with this method:

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)

There are 3 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click and choose Run as Admin

You only need to get one of them to run, not all of them.

rkill.exe

rkill.com

rkill.scr

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested on another computer and then transfer them to the desktop of the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.

Before we can do anything we must first end the processes that belong to Windows XP Recovery so that it does not interfere with the cleaning procedure.

Double-click on the RKill.exe icon in order to automatically attempt to stop any processes associated with Windows XP Recovery and other Rogue programs.

===

Do not reboot your computer,

>>> Double-click on TDSSKiller.exe to run the application.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Link to post
Share on other sites

This log file is located at C:\rkill.log.

Please post this only if requested to by the person helping you.

Otherwise you can close this log when you wish.

Rkill was run on 06/26/2011 at 16:43:37.

Operating System: Windows 7 Home Premium

Processes terminated by Rkill or while it was running:

Rkill completed on 06/26/2011 at 16:43:54.

Rkill completed on 06/26/2011 at 16:44:02.

Still not able to run TDSSKiller.exe

Link to post
Share on other sites

Download Rootkit Unhooker and save it to your Desktop.

Close all open programs and browsers, then double-click RKUnhookerLE.exe to run it.

Vista/Windows 7 users right-click and select Run As Administrator.

  • Click the Report tab, then click Scan
  • Check Drivers, Stealth Code, Files, and Code Hooks
  • UNcheck the rest, then click OK
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  • Wait until the scanner has finished then go File > Save Report
  • Save the report somewhere you can find it. Click Close
  • Copy the entire contents of the report and paste it in your next reply.
    Note: You may get the following warning---just ignore it, click OK and continue. Rootkit Unhooker has detected a parasite inside itself!
    It is recommended to remove parasite, okay?

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.