Page 1 of 2 12 LastLast
Results 1 to 10 of 18
  1. #1
    Member
    Join Date
    Jul 2012
    Posts
    32
    Points
    0

    Default I have Google Redirect Virus

    My system is infected with a google redirect virus.
    Xps 410 Model Dxp061
    Intel dual core 1.8 ghz
    3 gigs ram
    250 gig HD 7200rpm
    used about 106 gigs on drive
    Vista Premium 32 bit
    Service pack 2

    I am now running Avast Antivirus-free version. Became infected prior to using Avast about 1 wk ago.
    I have always used Malwarebytes with great success.
    I keep getting Avast pop up windows stating the following three warnings-Win64:Sirefef-A[Trj]
    C:\Windows\Installer\{8b0fe886-8396-cca6-d3fe-545bd64e2c3f}\U\80000000.@,
    Win32:Malwre-gen
    C:Windows\Installer\...00000004.@,
    Win32ownloader=PKU [Trj]
    all are in Process: C:\Windows\system32\services.exe. Also everytime I search I am redirected
    to several sites-Click it Fast is the most common. Avast warnings pop up everytime I change to a different web page.

    I have run Avast complete and boot scans,
    Malwarebytes, TDSSkiller, Trendmicro anti threat and Sophos antivirus- All find and delete or
    Quarantine items only to have the virus return. I have run these scans in safe mode as well.
    I wonder if I should maybe reload my OS-would that be easier or fix the problem?

    Here are the logs required and I will be very greatfull for any help or suggestions!
    Thanks,
    Mark

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 4:10:08 PM, on 7/31/2012
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.19272)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\real\realplayer\Update\realsched.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\mark\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\real\realplayer\update\realsched.exe" -osboot
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
    O4 - HKUS\S-1-5-21-593768033-2711096058-602453444-1001\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (file missing)

    --
    End of file - 4734 bytes

    Malwarebytes Anti-Malware 1.62.0.1300
    Malwarebytes : Free anti-malware download

    Database version: v2012.07.31.09

    Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)
    Internet Explorer 8.0.6001.19272
    mark :: MARK-PC [administrator]

    7/31/2012 9:46:36 AM
    mbam-log-2012-07-31 (09-46-36).txt

    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 376381
    Time elapsed: 1 hour(s), 18 minute(s), 49 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 2
    C:\Windows\Installer\{8b0fe886-8396-cca6-d3fe-545bd64e2c3f}\U\00000004.@ (Rootkit.Zaccess) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{8b0fe886-8396-cca6-d3fe-545bd64e2c3f}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.

    (end)

    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 07/31/2012 at 07:48 PM

    Application Version : 5.5.1012

    Core Rules Database Version : 8987
    Trace Rules Database Version: 6799

    Scan type : Complete Scan
    Total Scan Time : 01:02:17

    Operating System Information
    Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
    UAC Off - Administrator

    Memory items scanned : 496
    Memory threats detected : 0
    Registry items scanned : 36195
    Registry threats detected : 0
    File items scanned : 56315
    File threats detected : 1

    Adware.Tracking Cookie
    C:\Users\mark\AppData\Local\Temp\Cookies\7ARJE3U4.txt [ /doubleclick.net ].

    **If I duplicated my issue please excuse me!!**

  2. #2
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    Hi Marksr12,

    Hello and welcome to Help2Go!

    We apologize for the delay in responding to your request for help. Here at Help2Go we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

    Please take note:

    1. If you have since resolved the original problem you were having, we would appreciate you letting us know.
    2. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
      • If you are unsure about any of these characteristics just post what you can and we will guide you.
    3. Please tell us if you have your original Windows CD/DVD available.
    4. If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
    5. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
    6. Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
    7. If you have already posted a DDS log, please do so again, as your situation may have changed.
    8. Use the 'Add Reply and add the new log to this thread.


    We need to see some information about what is happening in your machine. Please perform the following scans and our expert will be along as soon as possible to guide you in the cleaning process:

    DDS:
    Download DDS and save it to your desktop from here or here or here.
    Disable any script blocker, and then double click dds.scr to run the tool.

    * When done, DDS will open two (2) logs:

    1. DDS.txt
    2. Attach.txt

    Save both reports to your desktop post the contents of the DDS.txt log. Save the other report in case I need to look at it later.


    Next:

    GMER:

    Please download GMER from one of the following locations and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zipped Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

    • Disconnect from the Internet and close all running programs.
    • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
    • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
    • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


    • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
    • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
    • Now click the Scan button. If you see a rootkit warning window, click OK.
    • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
    • Click the Copy button and paste the results into your next reply.
    • Exit GMER and re-enable all active protection when done.

    -- If you encounter any problems, try running GMER in Safe Mode
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  3. #3
    Member
    Join Date
    Jul 2012
    Posts
    32
    Points
    0

    Default

    Hello DonnaB,


    Thanks for your response!
    I don't know what version of Windows Vista Premium I have but is is a 32 bit OS.
    I do have the original install OS CD. Yes I have tried several times to remove the malware
    without actual pro help...just performed some steps I searched on the net.
    I have been in and deleted a couple of items in regedit. All in all my system works well-for now,
    I only have redirect problems when I am on line. That is when Avast pops up the warning windows
    in my original thread.

    So I downloaded DDS and ran it with no problems. Log is below.
    I downloaded GMER and ran the rootkik/malware scan with no warnings, however I am not
    sure it finished as I did not recieved a meesage of any type-just went by activity light had stopped.
    Log is posted below.

    When I ran the full system scan as per your instructions I recieved the message: b97n93lb has stopped
    working. I hit the debug button and the program closed. Tried again but when I opened GMER my system restarted. So I tried in Safemode-without networking-and had the same result. After a normal restart I ran Rkill and opened GMER to scan again. Seems like it scaned a little longer but then the same error message
    as above. Tried again and system restarted. I was unable to save any information or logs-unless they are
    somewhere on my system than you may know about. I was not connected to the net during any of the GMER scans.

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    .
    ==== Disk Partitions =========================
    .
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    32 bit Windows Card Reader Driver
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Photoshop Elements 2.0
    Adobe Reader X (10.1.3)
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ASIO4ALL
    AudioBox version 1.2
    avast! Free Antivirus
    Bonjour
    Canon Inkjet Printer Driver Add-On Module
    Canon Utilities Easy-PhotoPrint EX
    CapMan
    CCleaner
    CDDRV_Installer
    Conexant D850 PCI V.92 Modem
    ConvertHelper 2.2
    Creative ALchemy
    Creative Audio Control Panel
    Creative MediaSource 5
    Creative Software AutoUpdate
    Creative Sound Blaster Properties
    Creative System Information
    Creative WaveStudio 7
    Defraggler
    Dell Driver Download Manager
    Dell Resource CD
    Dell Support Center
    Dell System Customization Wizard
    DellSupport
    Digital Line Detect
    DigiTech RP250 Drivers
    DigiTech X-Edit 2.4.1
    DivX Setup
    Documentation & Support Launcher
    EZdrummer Lite Installer
    EZXCocktail
    Free Studio version 5.3.5
    FYZip 1.00
    Games, Music, & Photos Launcher
    Google Desktop
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Intel(R) Matrix Storage Manager
    Intel(R) Viiv(TM) Software
    Internet Service Offers Launcher
    IrfanView (remove only)
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 30
    K-Lite Codec Pack 4.2.5 (Basic)
    KhalInstallWrapper
    Logitech SetPoint
    Logitech Updater
    Malwarebytes Anti-Malware version 1.62.0.1300
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft Works
    MobileMe Control Panel
    Modem Diagnostic Tool
    Mozilla Firefox 11.0 (x86 en-US)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Native Instruments Controller Editor
    Native Instruments Guitar Rig 3
    Native Instruments Guitar Rig 4
    Native Instruments Guitar Rig Mobile I/O
    Native Instruments Guitar Rig Session I/O
    Native Instruments Komplete 7 Players
    Native Instruments Kontakt 4
    Native Instruments Kontakt Factory Selection
    Native Instruments Kore Player
    Native Instruments Reaktor 5
    Native Instruments Reaktor Factory Selection
    Native Instruments Rig Kontrol 3
    Native Instruments Service Center
    NVIDIA 3D Vision Controller Driver
    NVIDIA 3D Vision Controller Driver 296.10
    NVIDIA 3D Vision Driver 296.10
    NVIDIA Control Panel 296.10
    NVIDIA Display Control Panel
    NVIDIA Graphics Driver 296.10
    NVIDIA HD Audio Driver 1.3.12.0
    NVIDIA Install Application
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.12.0213
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 1.7.11
    NVIDIA Update Components
    PreSonus Studio One
    PreSonus Studio One 2
    QuickTime
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    RealUpgrade 1.1
    Roxio Creator Audio
    Roxio Creator BDAV Plugin
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Drag-to-Disc
    Roxio Express Labeler
    Roxio MyDVD DE
    Roxio Update Manager
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    SigmaTel Audio
    SnapShot
    Sonic Activation Module
    Sony Ericsson Mobile Phone Monitor
    Sound Blaster X-Fi Xtreme Audio
    Spybot - Search & Destroy
    SUPERAntiSpyware
    System Requirements Lab
    TT-Dynamic-Range 1.1
    U3Launcher
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    URL Assistant
    User's Guides
    VC80CRTRedist - 8.0.50727.4053
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    .
    ==== End Of File ===========================

    GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover
    Rootkit quick scan 2012-08-01 11:04:53
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.VT10
    Running: b97n931b.exe; Driver: C:\Users\mark\AppData\Local\Temp\pxldypoc.sys


    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x91727744]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
    Device \FileSystem\fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    ---- EOF - GMER 1.0.15 ----

  4. #4
    Member
    Join Date
    Jul 2012
    Posts
    32
    Points
    0

    Default

    Quote Originally Posted by DonnaB View Post
    Hi Marksr12,

    Hello and welcome to Help2Go!

    We apologize for the delay in responding to your request for help. Here at Help2Go we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

    Please take note:

    1. If you have since resolved the original problem you were having, we would appreciate you letting us know.
    2. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
      • If you are unsure about any of these characteristics just post what you can and we will guide you.
    3. Please tell us if you have your original Windows CD/DVD available.
    4. If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
    5. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
    6. Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
    7. If you have already posted a DDS log, please do so again, as your situation may have changed.
    8. Use the 'Add Reply and add the new log to this thread.


    We need to see some information about what is happening in your machine. Please perform the following scans and our expert will be along as soon as possible to guide you in the cleaning process:

    DDS:
    Download DDS and save it to your desktop from here or here or here.
    Disable any script blocker, and then double click dds.scr to run the tool.

    * When done, DDS will open two (2) logs:

    1. DDS.txt
    2. Attach.txt

    Save both reports to your desktop post the contents of the DDS.txt log. Save the other report in case I need to look at it later.


    Next:

    GMER:

    Please download GMER from one of the following locations and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zipped Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

    • Disconnect from the Internet and close all running programs.
    • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
    • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
    • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


    • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
    • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
    • Now click the Scan button. If you see a rootkit warning window, click OK.
    • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
    • Click the Copy button and paste the results into your next reply.
    • Exit GMER and re-enable all active protection when done.

    -- If you encounter any problems, try running GMER in Safe Mode

    Hello DonnaB,


    Thanks for your response!
    I don't know what version of Windows Vista Premium I have but is is a 32 bit OS.
    I do have the original install OS CD. Yes I have tried several times to remove the malware
    without actual pro help...just performed some steps I searched on the net.
    I have been in and deleted a couple of items in regedit. All in all my system works well-for now,
    I only have redirect problems when I am on line. That is when Avast pops up the warning windows
    in my original thread.

    So I downloaded DDS and ran it with no problems. Log is below.
    I downloaded GMER and ran the rootkik/malware scan with no warnings, however I am not
    sure it finished as I did not recieved a meesage of any type-just went by activity light had stopped.
    Log is posted below.

    When I ran the full system scan as per your instructions I recieved the message: b97n93lb has stopped
    working. I hit the debug button and the program closed. Tried again but when I opened GMER my system restarted. So I tried in Safemode-without networking-and had the same result. After a normal restart I ran Rkill and opened GMER to scan again. Seems like it scaned a little longer but then the same error message
    as above. Tried again and system restarted. I was unable to save any information or logs-unless they are
    somewhere on my system than you may know about. I was not connected to the net during any of the GMER scans.

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    .
    ==== Disk Partitions =========================
    .
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    32 bit Windows Card Reader Driver
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Photoshop Elements 2.0
    Adobe Reader X (10.1.3)
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ASIO4ALL
    AudioBox version 1.2
    avast! Free Antivirus
    Bonjour
    Canon Inkjet Printer Driver Add-On Module
    Canon Utilities Easy-PhotoPrint EX
    CapMan
    CCleaner
    CDDRV_Installer
    Conexant D850 PCI V.92 Modem
    ConvertHelper 2.2
    Creative ALchemy
    Creative Audio Control Panel
    Creative MediaSource 5
    Creative Software AutoUpdate
    Creative Sound Blaster Properties
    Creative System Information
    Creative WaveStudio 7
    Defraggler
    Dell Driver Download Manager
    Dell Resource CD
    Dell Support Center
    Dell System Customization Wizard
    DellSupport
    Digital Line Detect
    DigiTech RP250 Drivers
    DigiTech X-Edit 2.4.1
    DivX Setup
    Documentation & Support Launcher
    EZdrummer Lite Installer
    EZXCocktail
    Free Studio version 5.3.5
    FYZip 1.00
    Games, Music, & Photos Launcher
    Google Desktop
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Intel(R) Matrix Storage Manager
    Intel(R) Viiv(TM) Software
    Internet Service Offers Launcher
    IrfanView (remove only)
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 30
    K-Lite Codec Pack 4.2.5 (Basic)
    KhalInstallWrapper
    Logitech SetPoint
    Logitech Updater
    Malwarebytes Anti-Malware version 1.62.0.1300
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft Works
    MobileMe Control Panel
    Modem Diagnostic Tool
    Mozilla Firefox 11.0 (x86 en-US)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Native Instruments Controller Editor
    Native Instruments Guitar Rig 3
    Native Instruments Guitar Rig 4
    Native Instruments Guitar Rig Mobile I/O
    Native Instruments Guitar Rig Session I/O
    Native Instruments Komplete 7 Players
    Native Instruments Kontakt 4
    Native Instruments Kontakt Factory Selection
    Native Instruments Kore Player
    Native Instruments Reaktor 5
    Native Instruments Reaktor Factory Selection
    Native Instruments Rig Kontrol 3
    Native Instruments Service Center
    NVIDIA 3D Vision Controller Driver
    NVIDIA 3D Vision Controller Driver 296.10
    NVIDIA 3D Vision Driver 296.10
    NVIDIA Control Panel 296.10
    NVIDIA Display Control Panel
    NVIDIA Graphics Driver 296.10
    NVIDIA HD Audio Driver 1.3.12.0
    NVIDIA Install Application
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.12.0213
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 1.7.11
    NVIDIA Update Components
    PreSonus Studio One
    PreSonus Studio One 2
    QuickTime
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    RealUpgrade 1.1
    Roxio Creator Audio
    Roxio Creator BDAV Plugin
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Drag-to-Disc
    Roxio Express Labeler
    Roxio MyDVD DE
    Roxio Update Manager
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    SigmaTel Audio
    SnapShot
    Sonic Activation Module
    Sony Ericsson Mobile Phone Monitor
    Sound Blaster X-Fi Xtreme Audio
    Spybot - Search & Destroy
    SUPERAntiSpyware
    System Requirements Lab
    TT-Dynamic-Range 1.1
    U3Launcher
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    URL Assistant
    User's Guides
    VC80CRTRedist - 8.0.50727.4053
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    .
    ==== End Of File ===========================

    GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover
    Rootkit quick scan 2012-08-01 11:04:53
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.VT10
    Running: b97n931b.exe; Driver: C:\Users\mark\AppData\Local\Temp\pxldypoc.sys


    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x91727744]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
    Device \FileSystem\fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    ---- EOF - GMER 1.0.15 ---

  5. #5
    Member
    Join Date
    Jul 2012
    Posts
    32
    Points
    0

    Default

    Oops,
    I think Iposted the wrong text. Here is the other. Sorry!

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.19272 BrowserJavaVersion: 1.6.0_30
    Run by mark at 10:55:39 on 2012-08-01
    .
    ============== Running Processes ===============
    .
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Bar = Preserve
    uStart Page = Google
    uWindow Title = Internet Explorer provided by Dell
    mStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0070427
    uInternet Settings,ProxyOverride = *.local;<local>
    uURLSearchHooks: H - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    mRun: [<NO NAME>]
    mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    uPolicies-explorer: HideSCAHealth = 1 (0x1)
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    LSP: mswsock.dll
    Trusted Zone: hrsaccount.com\www
    DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{836457CE-C7D7-490A-A81E-4CF582C8B7F9} : DhcpNameServer = 209.18.47.61 209.18.47.62
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\mark\appdata\roaming\mozilla\firefox\profiles\t5kzejt3.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    .
    =============== Created Last 30 ================
    .
    2012-07-31 19:48:47 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2012-07-31 19:48:47 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-07-31 19:07:45 -------- d-----w- c:\users\mark\appdata\roaming\SpeedyPC Software
    2012-07-31 19:07:45 -------- d-----w- c:\users\mark\appdata\roaming\DriverCure
    2012-07-31 19:07:32 -------- d-----w- c:\programdata\SpeedyPC Software
    2012-07-31 16:35:19 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
    2012-07-30 21:07:39 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-07-30 21:07:38 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-07-30 21:06:59 41224 ----a-w- c:\windows\avastSS.scr
    2012-07-30 21:06:16 -------- d-----w- c:\program files\AVAST Software
    2012-07-30 16:03:08 97859 ----a-w- c:\windows\system32\drivers\klick.dat
    2012-07-30 16:03:08 115369 ----a-w- c:\windows\system32\drivers\klin.dat
    2012-07-30 15:50:34 -------- d-----w- c:\programdata\PLAV
    2012-07-30 15:48:38 -------- d-----w- c:\programdata\ParetoLogic Anti-Virus PLUS
    2012-07-30 15:48:37 -------- d-----w- c:\program files\ParetoLogic
    2012-07-29 18:18:35 -------- d-----w- c:\windows\system32\MpEngineStore
    2012-07-28 23:14:59 54016 ----a-w- c:\windows\system32\drivers\dopkmav.sys
    2012-07-25 13:01:03 60280 ----a-w- c:\windows\system32\drivers\paeusbaudiodsp.sys
    2012-07-25 13:01:03 42872 ----a-w- c:\windows\system32\drivers\paeusbaudioks.sys
    2012-07-25 13:01:03 195448 ----a-w- c:\windows\system32\drivers\paeusbaudio.sys
    2012-07-18 13:10:45 -------- d-----w- c:\users\mark\appdata\roaming\xsecva
    2012-07-08 22:44:42 -------- d-----w- c:\windows\Microsoft Antimalware
    2012-07-07 19:53:29 984064 ----a-w- c:\windows\system32\crypt32.dll
    2012-07-07 19:53:29 98304 ----a-w- c:\windows\system32\cryptnet.dll
    2012-07-07 19:53:29 133120 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-07-07 19:53:28 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
    2012-07-07 19:08:55 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-07-07 19:08:55 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-07-07 18:57:38 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2012-07-07 18:57:06 88576 ----a-w- c:\windows\system32\wudriver.dll
    2012-07-07 18:56:57 33792 ----a-w- c:\windows\system32\wuapp.exe
    2012-07-07 18:56:57 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2012-07-05 10:56:19 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
    2012-07-05 10:56:19 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll
    .
    ==================== Find3M ====================
    .
    2012-07-18 12:48:05 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-07-18 12:48:05 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-07-03 18:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-05-15 19:51:08 2045440 ----a-w- c:\windows\system32\win32k.sys
    2012-05-15 06:37:49 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-05-15 06:32:25 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-05-15 06:32:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-05-15 06:31:44 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2012-05-15 06:31:43 71680 ----a-w- c:\windows\system32\iesetup.dll
    2012-05-15 05:01:56 385024 ----a-w- c:\windows\system32\html.iec
    2012-05-15 03:26:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-05-15 03:23:41 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2010-12-27 22:32:44 301688 ----a-w- c:\program files\dpclat.exe
    2010-04-25 20:57:32 13864888 ----a-w- c:\program files\DVDFab7040.exe
    .
    ============= FINISH: 10:56:38.79 ===============

  6. #6
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello,

    Do you have a USB Flash Drive you can use?
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  7. #7
    Member
    Join Date
    Jul 2012
    Posts
    32
    Points
    0

    Default Usb Drive

    Quote Originally Posted by fireman4it View Post
    Hello,

    Do you have a USB Flash Drive you can use?
    Yes I do have A drive I can Use fireman4it. Thanks for ypur interest and help.
    Seems I am having trouble logging in-could it be the virus?

  8. #8
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.


    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.


    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.


    On the System Recovery Options menu you will get the following options:
      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

    [/quote]
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  9. #9
    Member
    Join Date
    Jul 2012
    Posts
    32
    Points
    0

    Default

    Quote Originally Posted by fireman4it View Post
    Hello,

    Do you have a USB Flash Drive you can use?
    Here is the log you requested. If you can suggest something to do, I could not replay to your last response.
    Everytime I tried to replay I am sent to the log in window and try over and over to log in but can't. Maybe its operator error.
    Hope you get this response. Thanks!


    Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 25-07-2012 01
    Ran by SYSTEM at 01-08-2012 23:40:23
    Running from G:\
    Windows Vista (TM) Home Premium (X86) OS Language: English(US)
    The current controlset is ControlSet003

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [] [x]
    HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x]
    HKLM\...\Run: [TkBellExe] "C:\Program Files\real\realplayer\update\realsched.exe" -osboot [296056 2011-11-25] (RealNetworks, Inc.)
    HKLM\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4273976 2012-07-03] (AVAST Software)
    HKU\Default\...\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup [446976 2006-11-11] (Gteko Ltd.)
    HKU\mark\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [8704 2006-11-02] (Microsoft Corporation)
    HKU\mark\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [4777856 2012-07-09] (SUPERAntiSpyware.com)
    Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [X]
    Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
    AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

    ================================ Services (Whitelisted) ==================

    2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE.EXE" [116608 2011-08-11] (SUPERAntiSpyware.com)
    4 AlertService; "C:\Program Files\Intel\IntelDH\CCU\AlertService.exe" [195032 2006-11-18] (Intel(R) Corporation)
    2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-07-03] (AVAST Software)
    2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [21504 2008-01-18] (Microsoft Corporation)
    4 ISSM; "C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe" [81880 2006-11-18] (Intel(R) Corporation)
    4 LBTServ; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [121360 2008-05-01] (Logitech, Inc.)
    4 M1 Server; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [32216 2006-11-18] ()
    4 MCLServiceATL; "C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe" [174552 2006-11-18] (Intel(R) Corporation)
    4 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2348352 2012-02-29] (NVIDIA Corporation)
    4 Remote UI Service; "C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe" [550872 2006-11-18] (Intel(R) Corporation)
    4 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
    4 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter [202544 2007-11-15] (SupportSoft, Inc.)
    4 Stereo Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [382272 2012-02-29] (NVIDIA Corporation)
    2 CVPNDRVA; C:\Windows\System32\LHidKe.dll [x]
    2 navap; C:\Windows\System32\netmdsb.dll [x]
    2 RoxWatch9; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe" [x]

    ========================== Drivers (Whitelisted) =============

    2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [21256 2012-07-03] (AVAST Software)
    2 aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [57656 2012-07-03] (AVAST Software)
    1 AswRdr; C:\Windows\System32\Drivers\AswRdr.sys [35928 2012-07-03] (AVAST Software)
    1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [721000 2012-07-03] (AVAST Software)
    1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [353688 2012-07-03] (AVAST Software)
    1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [54232 2012-07-03] (AVAST Software)
    2 dsunidrv; \??\C:\Program Files\DellSupport\Drivers\dsunidrv.sys [7424 2006-08-17] (Gteko Ltd.)
    3 IntelDH; C:\Windows\System32\Drivers\IntelDH.sys [5504 2007-04-27] (Intel Corporation)
    2 nmsgopro; C:\Windows\System32\DRIVERS\nmsgopro.sys [28672 2006-09-27] (Gteko Ltd.)
    2 nmsunidr; C:\Windows\System32\DRIVERS\nmsunidr.sys [7424 2006-10-19] (Gteko Ltd.)
    3 P17; C:\Windows\System32\drivers\P17.sys [1148416 2009-08-03] (Creative Technology Ltd.)
    3 P17xfi; C:\Windows\System32\drivers\P17xfi.sys [1174528 2007-11-21] (Creative Technology Ltd.)
    3 p17xfilt; C:\Windows\System32\drivers\p17xfilt.sys [1664384 2007-10-10] (Creative)
    3 paeusbaudio; C:\Windows\System32\DRIVERS\paeusbaudio.sys [195448 2012-05-24] ()
    3 paeusbaudiodsp; C:\Windows\System32\DRIVERS\paeusbaudiodsp.sys [60280 2012-05-24] ()
    3 paeusbaudioks; C:\Windows\System32\DRIVERS\paeusbaudioks.sys [42872 2012-05-24] ()
    3 pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [47360 2009-11-28] (VSO Software)
    1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    3 STHDA; C:\Windows\System32\drivers\stwrt.sys [647680 2007-02-07] (SigmaTel, Inc.)
    3 TSHWMDTCP; \??\C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys [18904 2006-11-18] ()
    3 US122; C:\Windows\System32\Drivers\US122.sys [131968 2007-08-29] (Frontier Design Group, LLC)
    3 US122DL; C:\Windows\System32\Drivers\US122DL.sys [18304 2007-08-29] (Frontier Design Group)
    3 Us122WdmService; C:\Windows\System32\Drivers\US122Wdm.sys [39168 2007-08-29] (Frontier Design Group, LLC)
    4 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [x]
    3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
    3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
    3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
    3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
    1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [x]
    3 SDDMI2; \??\C:\Windows\system32\DDMI2.sys [x]
    0 skvsuw; C:\Windows\System32\drivers\blbwhv.sys [x]
    3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam.sys [x]

    ========================== NetSvcs (Whitelisted) ===========

    NETSVC: CVPNDRVA -> C:\Windows\system32\LHidKe.dll ==> No File.
    NETSVC: navap -> C:\Windows\system32\netmdsb.dll ==> No File.

    ============ One Month Created Files and Folders ==============

    2012-08-01 08:58 - 2012-08-01 09:17 - 00001437 ____A C:\Users\mark\Desktop\Help2go My response 2.txt
    2012-08-01 08:04 - 2012-08-01 08:04 - 00001557 ____A C:\Users\mark\Desktop\Gmer log.log
    2012-08-01 07:51 - 2012-08-01 07:51 - 00004440 ____A C:\Users\mark\Desktop\Help2go instructions.txt
    2012-08-01 07:48 - 2012-08-01 07:48 - 00302592 ____A C:\Users\mark\Desktop\b97n931b.exe
    2012-08-01 07:47 - 2012-08-01 07:47 - 00607260 ____R (Swearware) C:\Users\mark\Desktop\dds.scr
    2012-08-01 07:30 - 2012-08-01 07:39 - 00000000 ____D C:\Users\mark\Desktop\Virus
    2012-07-31 11:48 - 2012-07-31 11:48 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2012-07-31 11:07 - 2012-07-31 11:07 - 00000000 ____D C:\Users\mark\AppData\Roaming\SpeedyPC Software
    2012-07-31 11:07 - 2012-07-31 11:07 - 00000000 ____D C:\Users\mark\AppData\Roaming\DriverCure
    2012-07-31 08:35 - 2012-07-31 08:35 - 00205072 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmcomm.sys
    2012-07-31 06:22 - 2012-07-31 06:22 - 04731392 ____A (AVAST Software) C:\Users\mark\Downloads\aswMBR.exe
    2012-07-31 06:19 - 2012-07-31 06:19 - 00000036 ____A C:\Users\mark\AppData\Local\housecall.guid.cache
    2012-07-30 20:43 - 2012-07-30 20:43 - 00004086 ____A C:\Users\mark\Desktop\King of the Road.txt
    2012-07-30 20:32 - 2012-07-30 20:33 - 09932828 ____A C:\Users\mark\Desktop\Roger Miller - King of the Road - With Lyrics_.flv
    2012-07-30 13:07 - 2012-07-03 08:21 - 00721000 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
    2012-07-30 13:07 - 2012-07-03 08:21 - 00353688 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
    2012-07-30 13:07 - 2012-07-03 08:21 - 00057656 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
    2012-07-30 13:07 - 2012-07-03 08:21 - 00054232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
    2012-07-30 13:07 - 2012-07-03 08:21 - 00035928 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
    2012-07-30 13:07 - 2012-07-03 08:21 - 00021256 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
    2012-07-30 13:06 - 2012-07-30 13:06 - 00000000 ____D C:\Program Files\AVAST Software
    2012-07-30 13:06 - 2012-07-03 08:21 - 00227648 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
    2012-07-30 13:06 - 2012-07-03 08:21 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
    2012-07-30 08:03 - 2012-07-30 08:03 - 00115369 ____A C:\Windows\System32\Drivers\klin.dat
    2012-07-30 08:03 - 2012-07-30 08:03 - 00097859 ____A C:\Windows\System32\Drivers\klick.dat
    2012-07-30 07:50 - 2012-08-01 15:00 - 00000396 ____A C:\Windows\Tasks\ParetoLogic Anti-Virus PLUS_dbsummary.job
    2012-07-30 07:49 - 2012-07-30 07:59 - 00000420 ____A C:\Windows\Tasks\ParetoLogic Anti-Virus PLUS.job
    2012-07-30 07:48 - 2012-07-30 08:11 - 00000000 ____D C:\Program Files\ParetoLogic
    2012-07-29 10:18 - 2012-07-29 10:18 - 00000000 ____D C:\Windows\System32\MpEngineStore
    2012-07-28 15:44 - 2012-07-28 15:44 - 00000000 ____A C:\Users\mark\dll
    2012-07-28 15:14 - 2012-07-28 15:14 - 00054016 ____A C:\Windows\System32\Drivers\dopkmav.sys
    2012-07-28 15:14 - 2012-07-28 15:14 - 00000512 ____A C:\Windows\Minidump\bcnln
    2012-07-25 16:55 - 2012-07-31 01:52 - 00000000 ____D C:\Users\mark\Documents\cc5565
    2012-07-25 05:01 - 2012-05-24 10:51 - 00195448 ____A () C:\Windows\System32\Drivers\paeusbaudio.sys
    2012-07-25 05:01 - 2012-05-24 10:51 - 00060280 ____A () C:\Windows\System32\Drivers\paeusbaudiodsp.sys
    2012-07-25 05:01 - 2012-05-24 10:51 - 00042872 ____A () C:\Windows\System32\Drivers\paeusbaudioks.sys
    2012-07-25 05:00 - 2012-07-25 11:18 - 00000705 ____A C:\Users\Public\Desktop\AudioBox.lnk
    2012-07-18 05:10 - 2012-07-25 13:33 - 00000000 ____D C:\Users\mark\AppData\Roaming\xsecva
    2012-07-15 04:50 - 2012-07-15 04:50 - 00000632 ____A C:\Windows\Tasks\ohgjkko
    2012-07-10 17:25 - 2012-07-10 17:25 - 00000681 ____A C:\Users\mark\Documents\This ones for you.txt
    2012-07-10 13:13 - 2012-07-12 10:19 - 00000000 ____D C:\Users\mark\Documents\New Music 2012
    2012-07-08 14:44 - 2012-07-09 14:01 - 00000000 ____D C:\Windows\Microsoft Antimalware
    2012-07-07 11:53 - 2012-04-23 08:00 - 00984064 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-07-07 11:53 - 2012-04-23 08:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-07-07 11:53 - 2012-04-23 08:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-07-07 11:11 - 2012-05-15 11:51 - 02045440 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-07-07 11:11 - 2012-05-14 22:37 - 01212416 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-07-07 11:11 - 2012-05-14 22:37 - 00916992 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-07-07 11:11 - 2012-05-14 22:37 - 00105984 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-07-07 11:11 - 2012-05-14 22:35 - 00206848 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
    2012-07-07 11:11 - 2012-05-14 22:33 - 06007808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-07-07 11:11 - 2012-05-14 22:33 - 00629760 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-07-07 11:11 - 2012-05-14 22:33 - 00611840 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
    2012-07-07 11:11 - 2012-05-14 22:33 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-07-07 11:11 - 2012-05-14 22:33 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
    2012-07-07 11:11 - 2012-05-14 22:32 - 01469440 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-07-07 11:11 - 2012-05-14 22:32 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
    2012-07-07 11:11 - 2012-05-14 22:32 - 00025600 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-07-07 11:11 - 2012-05-14 22:31 - 11111424 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-07-07 11:11 - 2012-05-14 22:31 - 02000384 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-07-07 11:11 - 2012-05-14 22:31 - 00387584 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
    2012-07-07 11:11 - 2012-05-14 22:31 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
    2012-07-07 11:11 - 2012-05-14 22:31 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-07-07 11:11 - 2012-05-14 22:31 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
    2012-07-07 11:11 - 2012-05-14 22:31 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
    2012-07-07 11:11 - 2012-05-14 22:31 - 00055808 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
    2012-07-07 11:11 - 2012-05-14 21:01 - 00385024 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
    2012-07-07 11:11 - 2012-05-14 19:26 - 00133632 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-07-07 11:11 - 2012-05-14 19:25 - 00174080 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
    2012-07-07 11:11 - 2012-05-14 19:24 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
    2012-07-07 11:11 - 2012-05-14 19:23 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-07-07 11:11 - 2012-05-01 06:03 - 00180736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-07-07 11:11 - 2012-03-30 04:39 - 00905600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2012-07-07 11:11 - 2012-03-20 15:28 - 00053120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
    2012-07-07 11:11 - 2012-03-01 06:46 - 00219648 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
    2012-07-07 11:11 - 2012-03-01 06:46 - 00160768 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
    2012-07-07 11:11 - 2012-02-29 06:08 - 01172480 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
    2012-07-07 11:11 - 2012-02-29 05:44 - 00683008 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
    2012-07-07 11:11 - 2012-02-29 05:41 - 01069056 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
    2012-07-07 11:08 - 2012-04-03 00:16 - 03602816 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
    2012-07-07 11:08 - 2012-04-03 00:16 - 03550080 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-07-07 10:57 - 2012-06-02 14:19 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-07-07 10:57 - 2012-06-02 14:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-07-07 10:57 - 2012-06-02 14:19 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-07-07 10:57 - 2012-06-02 14:19 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-07-07 10:57 - 2012-06-02 14:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-07-07 10:57 - 2012-06-02 14:12 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-07-07 10:57 - 2012-06-02 14:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-07-07 10:56 - 2012-06-02 12:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-07-07 10:56 - 2012-06-02 12:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-07-02 15:10 - 2012-07-02 15:10 - 00000960 ____A C:\Users\mark\Documents\Carne Guisada.txt


    ============ 3 Months Modified Files ========================

    2012-08-01 20:35 - 2006-11-02 05:01 - 00032586 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-08-01 20:35 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-08-01 20:35 - 2006-11-02 04:47 - 00003696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2012-08-01 20:35 - 2006-11-02 04:47 - 00003696 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2012-08-01 17:09 - 2012-04-21 14:54 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-08-01 15:00 - 2012-07-30 07:50 - 00000396 ____A C:\Windows\Tasks\ParetoLogic Anti-Virus PLUS_dbsummary.job
    2012-08-01 09:17 - 2012-08-01 08:58 - 00001437 ____A C:\Users\mark\Desktop\Help2go My response 2.txt
    2012-08-01 08:17 - 2012-06-28 20:16 - 00000370 ____A C:\rkill.log
    2012-08-01 08:04 - 2012-08-01 08:04 - 00001557 ____A C:\Users\mark\Desktop\Gmer log.log
    2012-08-01 07:51 - 2012-08-01 07:51 - 00004440 ____A C:\Users\mark\Desktop\Help2go instructions.txt
    2012-08-01 07:48 - 2012-08-01 07:48 - 00302592 ____A C:\Users\mark\Desktop\b97n931b.exe
    2012-08-01 07:47 - 2012-08-01 07:47 - 00607260 ____R (Swearware) C:\Users\mark\Desktop\dds.scr
    2012-08-01 02:40 - 2007-05-05 20:42 - 00037888 ____A C:\Users\mark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-07-31 08:35 - 2012-07-31 08:35 - 00205072 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmcomm.sys
    2012-07-31 06:22 - 2012-07-31 06:22 - 04731392 ____A (AVAST Software) C:\Users\mark\Downloads\aswMBR.exe
    2012-07-31 06:19 - 2012-07-31 06:19 - 00000036 ____A C:\Users\mark\AppData\Local\housecall.guid.cache
    2012-07-30 20:43 - 2012-07-30 20:43 - 00004086 ____A C:\Users\mark\Desktop\King of the Road.txt
    2012-07-30 20:33 - 2012-07-30 20:32 - 09932828 ____A C:\Users\mark\Desktop\Roger Miller - King of the Road - With Lyrics_.flv
    2012-07-30 13:07 - 2006-11-02 02:23 - 00002577 ____A C:\Windows\System32\config.nt
    2012-07-30 08:03 - 2012-07-30 08:03 - 00115369 ____A C:\Windows\System32\Drivers\klin.dat
    2012-07-30 08:03 - 2012-07-30 08:03 - 00097859 ____A C:\Windows\System32\Drivers\klick.dat
    2012-07-30 07:59 - 2012-07-30 07:49 - 00000420 ____A C:\Windows\Tasks\ParetoLogic Anti-Virus PLUS.job
    2012-07-28 15:44 - 2012-07-28 15:44 - 00000000 ____A C:\Users\mark\dll
    2012-07-28 15:14 - 2012-07-28 15:14 - 00054016 ____A C:\Windows\System32\Drivers\dopkmav.sys
    2012-07-28 15:14 - 2012-07-28 15:14 - 00000512 ____A C:\Windows\Minidump\bcnln
    2012-07-25 11:18 - 2012-07-25 05:00 - 00000705 ____A C:\Users\Public\Desktop\AudioBox.lnk
    2012-07-18 04:48 - 2012-04-21 14:54 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
    2012-07-18 04:48 - 2011-06-02 20:18 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
    2012-07-15 04:50 - 2012-07-15 04:50 - 00000632 ____A C:\Windows\Tasks\ohgjkko
    2012-07-15 02:42 - 2011-12-31 04:48 - 00000908 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-10 17:25 - 2012-07-10 17:25 - 00000681 ____A C:\Users\mark\Documents\This ones for you.txt
    2012-07-07 11:57 - 2006-11-02 02:33 - 00718136 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-07-07 11:41 - 2006-11-02 04:47 - 00320392 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-07-05 13:53 - 2011-10-09 15:01 - 00000806 ____A C:\Users\Public\Desktop\CCleaner.lnk
    2012-07-03 10:46 - 2011-06-17 15:23 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-07-03 08:21 - 2012-07-30 13:07 - 00721000 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
    2012-07-03 08:21 - 2012-07-30 13:07 - 00353688 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
    2012-07-03 08:21 - 2012-07-30 13:07 - 00057656 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
    2012-07-03 08:21 - 2012-07-30 13:07 - 00054232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
    2012-07-03 08:21 - 2012-07-30 13:07 - 00035928 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
    2012-07-03 08:21 - 2012-07-30 13:07 - 00021256 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
    2012-07-03 08:21 - 2012-07-30 13:06 - 00227648 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
    2012-07-03 08:21 - 2012-07-30 13:06 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
    2012-07-02 15:10 - 2012-07-02 15:10 - 00000960 ____A C:\Users\mark\Documents\Carne Guisada.txt
    2012-07-01 12:14 - 2012-05-15 07:13 - 02405894 ____A C:\Windows\System32\Drivers\Cat.DB
    2012-07-01 12:08 - 2012-07-01 12:08 - 00000405 ____A C:\Users\mark\Documents\Best Buy July 2012.txt
    2012-06-27 20:19 - 2012-06-27 20:19 - 00000222 ____A C:\Users\mark\Desktop\Internet Options - Shortcut.lnk
    2012-06-18 20:35 - 2012-06-18 20:35 - 00001015 ____A C:\Users\mark\Documents\B & H order Acor Master Key 49.txt
    2012-06-18 07:12 - 2012-06-18 07:12 - 00000406 ____A C:\Users\mark\Documents\Cricket June 2012 payment.txt
    2012-06-13 16:39 - 2012-06-13 16:37 - 00000669 ____A C:\Users\mark\Documents\Syrian Chicken.txt
    2012-06-12 09:26 - 2012-06-12 09:24 - 168561729 ____A C:\Users\mark\Desktop\GoPro HD_ Kirby Chambliss Epic Flight.mp4
    2012-06-06 15:34 - 2012-06-06 15:32 - 103792064 ____A (PreSonus) C:\Users\mark\Downloads\PreSonus Studio One 2 Installer 2.0.6.18491.exe
    2012-06-06 15:34 - 2012-04-11 06:23 - 00000991 ____A C:\Users\Public\Desktop\Studio One 2.lnk
    2012-06-06 15:34 - 2012-04-10 19:51 - 00015256 ____A C:\GEARDIFx_install.log
    2012-06-03 20:35 - 2006-11-02 02:24 - 56731752 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
    2012-06-02 14:19 - 2012-07-07 10:57 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-07-07 10:57 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-07-07 10:57 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-07-07 10:57 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-07-07 10:57 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:12 - 2012-07-07 10:57 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:12 - 2012-07-07 10:57 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 12:19 - 2012-07-07 10:56 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 12:12 - 2012-07-07 10:56 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-02 04:43 - 2012-06-02 04:43 - 00000405 ____A C:\Users\mark\Documents\Best Buy June 2012.txt
    2012-05-25 16:53 - 2012-05-25 16:53 - 03807053 ____A C:\Users\mark\Desktop\Grandma. Zip
    2012-05-24 10:51 - 2012-07-25 05:01 - 00195448 ____A () C:\Windows\System32\Drivers\paeusbaudio.sys
    2012-05-24 10:51 - 2012-07-25 05:01 - 00060280 ____A () C:\Windows\System32\Drivers\paeusbaudiodsp.sys
    2012-05-24 10:51 - 2012-07-25 05:01 - 00042872 ____A () C:\Windows\System32\Drivers\paeusbaudioks.sys
    2012-05-23 19:33 - 2012-05-23 19:33 - 00000411 ____A C:\Users\mark\Documents\Cricket May 2012.txt
    2012-05-22 16:29 - 2012-05-22 16:29 - 00005641 ____A C:\Users\mark\Documents\My Favorite Theme.theme
    2012-05-21 15:40 - 2012-05-21 15:40 - 00000021 ____A C:\Users\mark\Documents\Malware.txt
    2012-05-15 11:51 - 2012-07-07 11:11 - 02045440 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-05-14 22:37 - 2012-07-07 11:11 - 01212416 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-05-14 22:37 - 2012-07-07 11:11 - 00916992 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-05-14 22:37 - 2012-07-07 11:11 - 00105984 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-05-14 22:35 - 2012-07-07 11:11 - 00206848 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
    2012-05-14 22:33 - 2012-07-07 11:11 - 06007808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-05-14 22:33 - 2012-07-07 11:11 - 00629760 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-05-14 22:33 - 2012-07-07 11:11 - 00611840 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
    2012-05-14 22:33 - 2012-07-07 11:11 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-05-14 22:33 - 2012-07-07 11:11 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
    2012-05-14 22:32 - 2012-07-07 11:11 - 01469440 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-05-14 22:32 - 2012-07-07 11:11 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
    2012-05-14 22:32 - 2012-07-07 11:11 - 00025600 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-05-14 22:31 - 2012-07-07 11:11 - 11111424 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-05-14 22:31 - 2012-07-07 11:11 - 02000384 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-05-14 22:31 - 2012-07-07 11:11 - 00387584 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
    2012-05-14 22:31 - 2012-07-07 11:11 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
    2012-05-14 22:31 - 2012-07-07 11:11 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-05-14 22:31 - 2012-07-07 11:11 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
    2012-05-14 22:31 - 2012-07-07 11:11 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
    2012-05-14 22:31 - 2012-07-07 11:11 - 00055808 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
    2012-05-14 21:01 - 2012-07-07 11:11 - 00385024 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
    2012-05-14 19:26 - 2012-07-07 11:11 - 00133632 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-05-14 19:25 - 2012-07-07 11:11 - 00174080 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
    2012-05-14 19:24 - 2012-07-07 11:11 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
    2012-05-14 19:23 - 2012-07-07 11:11 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-05-07 12:33 - 2012-05-07 12:33 - 00000066 ____A C:\Users\mark\Documents\good fuel eco.txt
    2012-05-05 15:06 - 2012-05-05 15:06 - 00000134 ____A C:\Users\mark\Desktop\System - Shortcut.lnk
    2012-05-04 08:02 - 2012-05-04 08:02 - 00002025 ____A C:\Users\mark\Desktop\Microsoft Works Calendar.lnk


    ZeroAccess:
    C:\Windows\Installer\{8b0fe886-8396-cca6-d3fe-545bd64e2c3f}
    C:\Windows\Installer\{8b0fe886-8396-cca6-d3fe-545bd64e2c3f}\@
    C:\Windows\Installer\{8b0fe886-8396-cca6-d3fe-545bd64e2c3f}\L
    C:\Windows\Installer\{8b0fe886-8396-cca6-d3fe-545bd64e2c3f}\U
    C:\Windows\Installer\{8b0fe886-8396-cca6-d3fe-545bd64e2c3f}\L\00000004.@
    C:\Windows\Installer\{8b0fe886-8396-cca6-d3fe-545bd64e2c3f}\L\1afb2d56
    C:\Windows\Installer\{8b0fe886-8396-cca6-d3fe-545bd64e2c3f}\L\201d3dde
    C:\Windows\Installer\{8b0fe886-8396-cca6-d3fe-545bd64e2c3f}\L\55490ac4
    C:\Windows\Installer\{8b0fe886-8396-cca6-d3fe-545bd64e2c3f}\U\00000008.@
    C:\Windows\Installer\{8b0fe886-8396-cca6-d3fe-545bd64e2c3f}\U\000000cb.@

    ZeroAccess:
    C:\Users\mark\AppData\Local\{8b0fe886-8396-cca6-d3fe-545bd64e2c3f}
    C:\Users\mark\AppData\Local\{8b0fe886-8396-cca6-d3fe-545bd64e2c3f}\@
    C:\Users\mark\AppData\Local\{8b0fe886-8396-cca6-d3fe-545bd64e2c3f}\L
    C:\Users\mark\AppData\Local\{8b0fe886-8396-cca6-d3fe-545bd64e2c3f}\U
    C:\Users\mark\AppData\Local\{8b0fe886-8396-cca6-d3fe-545bd64e2c3f}\L\00000004.@
    C:\Users\mark\AppData\Local\{8b0fe886-8396-cca6-d3fe-545bd64e2c3f}\L\1afb2d56

    ZeroAccess :
    C:\Windows\$NtUninstallKB51827$
    C:\Windows\$NtUninstallKB51827$\2810286605\L
    C:\Windows\$NtUninstallKB51827$\2810286605\U
    C:\Windows\$NtUninstallKB51827$\2810286605\L\qnbwvoto

    ZeroAccess :
    C:\Windows\$NtUninstallKB63684$
    C:\Windows\$NtUninstallKB63684$\600955669\L
    C:\Windows\$NtUninstallKB63684$\600955669\U
    C:\Windows\$NtUninstallKB63684$\600955669\L\qnbwvoto

    ZeroAccess:
    C:\Windows\assembly\GAC\Desktop.ini

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 8737764F4FD36D6808EE80578409C843 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 15%
    Total physical RAM: 3069.32 MB
    Available physical RAM: 2587.68 MB
    Total Pagefile: 2844.7 MB
    Available Pagefile: 2674.66 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1983.72 MB

    ======================= Partitions =========================

    1 Drive c: (OS) (Fixed) (Total:179.24 GB) (Free:75.8 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    2 Drive d: () (Fixed) (Total:0.05 GB) (Free:0.04 GB) FAT
    3 Drive e: (RECOVERY) (Fixed) (Total:10 GB) (Free:6.03 GB) NTFS
    4 Drive f: (VISTA_32_PREMIUM) (CDROM) (Total:2.84 GB) (Free:0 GB) CDFS
    5 Drive g: () (Removable) (Total:1.9 GB) (Free:1.9 GB) FAT
    6 Drive h: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
    11 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ---------- ------- ------- --- ---
    Disk 0 Online 233 GB 1025 KB
    Disk 1 Online 1953 MB 0 B
    Disk 2 No Media 0 B 0 B
    Disk 3 No Media 0 B 0 B
    Disk 4 No Media 0 B 0 B
    Disk 5 No Media 0 B 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 47 MB 32 KB
    Partition 2 Primary 10 GB 48 MB
    Partition 3 Primary 179 GB 10 GB
    Partition 0 Extended 44 GB 189 GB
    Partition 4 Logical 41 GB 189 GB
    Partition 5 Logical 3069 MB 230 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 06
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 D FAT Partition 47 MB Healthy

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E RECOVERY NTFS Partition 10 GB Healthy

    ==================================================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 C OS NTFS Partition 179 GB Healthy

    ==================================================================================

    Disk: 0
    Partition 4
    Type : 83
    Hidden: Yes
    Active: No

    There is no volume associated with this partition.

    ==================================================================================

    Disk: 0
    Partition 5
    Type : 82
    Hidden: Yes
    Active: No

    There is no volume associated with this partition.

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 1951 MB 123 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 06
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 G FAT Removable 1951 MB Healthy

    ==================================================================================

    ==========================================================

    Last Boot: 2012-08-01 20:31

    ======================= End Of Log ======================

  10. #10
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    1.
    Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
    • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
      Vista/Windows 7 users right-click and select Run As Administrator.
    • If TDSSKiller does not run, try renaming it.
    • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
    • Click the Start Scan button.
    • Do not use the computer during the scan
    • If the scan completes with nothing found, click Close to exit.
    • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
      Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
    • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C.
    • Copy and paste the contents of that file in your next reply.



    2.
    Install Recovery Console and Run ComboFix

    This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

    Download Combofix from any of the links below, and save it to your desktop.

    Link 1
    Link 2
    • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
    • Close any open windows, including this one.
    • Double click on ComboFix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • If you did not have it installed, you will see the prompt below. Choose YES.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
    should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    • Click on Yes, to continue scanning for malware.
    • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
    Leave your computer alone while ComboFix is running.
    ComboFix will restart your computer if malware is found; allow it to do so.


    Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


    Things to include in your next reply::
    TdssKiller log
    COmbofix.txt
    How is your machine running now?
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




Page 1 of 2 12 LastLast