Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

hijack this1 [Closed]

Started by mandyman22 , Nov 03 2013 04:53 AM

  • This topic is locked This topic is locked
3 replies to this topic

#1 mandyman22

mandyman22

    New Member

  • New Member
  • Pip
  • 1 posts

Posted 03 November 2013 - 04:53 AM

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\LClock\LClock.exe
F:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Internet Download Manager\IDMan.exe
E:\Program Files\Hobbyist Software\VLC Streamer\VLC Streamer Configuration.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\IO3O LLC\Who Is On My Wifi\mywifi.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Documents and Settings\DTS\Application Data\Dropbox\bin\DROPBOX.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Styler\Styler.exe
C:\Documents and Settings\DTS\Start Menu\Programs\Startup\SystemSQL.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\DTS\My Documents\Downloads\Programs\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rnd009.google...com/google.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rnd009.google...com/google.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rnd009.google...com/google.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://rnd009.google...com/google.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rnd009.google...com/google.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - E:\Internet Download Manager\IDMIECC.dll
O2 - BHO: Search-Results Toolbar - {377e5d4d-77e5-476a-8716-7e70a9272da0} - C:\PROGRA~1\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Cubiez Helper - {ABF0158B-728D-42B6-86B9-14060956D3B4} - C:\Documents and Settings\DTS\Local Settings\Application Data\CubiezHelper\CubiezBHO.dll
O2 - BHO: IEWebHook - {AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2} - C:\Documents and Settings\DTS\Application Data\General Downloader\Extensions\IEPlugin32.dll
O2 - BHO: Help the General-Search Project - {CA4520F3-AE13-4FB1-A513-58E23991C86D} - C:\DOCUME~1\DTS\APPLIC~1\GENERA~1\EXTENS~1\GenCrawl.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: Search-Results Toolbar - {377e5d4d-77e5-476a-8716-7e70a9272da0} - C:\PROGRA~1\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [IDMan] E:\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Hobbyist Software VLC Streamer] "e:\Program Files\Hobbyist Software\VLC Streamer\VLC Streamer Configuration.exe" /startup
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User '?')
O4 - HKUS\S-1-5-21-57989841-1935655697-1060284298-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-57989841-1935655697-1060284298-1004\..\Run: [Hobbyist Software VLC Streamer] "e:\Program Files\Hobbyist Software\VLC Streamer\VLC Streamer Configuration.exe" /startup (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User '?')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - S-1-5-21-57989841-1935655697-1060284298-1004 Startup: Dropbox.lnk = C:\Documents and Settings\DTS\Application Data\Dropbox\bin\DROPBOX.EXE (User '?')
O4 - S-1-5-21-57989841-1935655697-1060284298-1004 Startup: Styler.lnk = ? (User '?')
O4 - S-1-5-21-57989841-1935655697-1060284298-1004 Startup: SystemSQL.exe (User '?')
O4 - S-1-5-21-57989841-1935655697-1060284298-1004 Startup: Warcraft Config.lnk = ? (User '?')
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\DTS\Application Data\Dropbox\bin\DROPBOX.EXE
O4 - Startup: Styler.lnk = ?
O4 - Startup: SystemSQL.exe
O4 - Startup: Warcraft Config.lnk = ?
O4 - Global Startup: Who Is On My Wifi.lnk = C:\Program Files\IO3O LLC\Who Is On My Wifi\mywifi.exe
O8 - Extra context menu item: Download all links with IDM - E:\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - E:\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\DOCUME~1\ALLUSE~1\APPLIC~1\Wincert\WIN32C~1.DLL C:\PROGRA~1\SEARCH~1\Datamngr\mgrldr.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Datamngr Coordinator (DatamngrCoordinator) - Unknown owner - C:\Program Files\Search Results Toolbar\Datamngr\DatamngrCoordinator.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: WebCake Desktop Updater - Unknown owner - C:\Program Files\WebCake\WebCakeDesktop.Updater.exe (file missing)

--
End of file - 9415 bytes

unning processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\LClock\LClock.exe
F:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Internet Download Manager\IDMan.exe
E:\Program Files\Hobbyist Software\VLC Streamer\VLC Streamer Configuration.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\IO3O LLC\Who Is On My Wifi\mywifi.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Documents and Settings\DTS\Application Data\Dropbox\bin\DROPBOX.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Styler\Styler.exe
C:\Documents and Settings\DTS\Start Menu\Programs\Startup\SystemSQL.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\DTS\My Documents\Downloads\Programs\HiJackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\DTS\Start Menu\Programs\Startup]
Dropbox.lnk = C:\Documents and Settings\DTS\Application Data\Dropbox\bin\DROPBOX.EXE
Styler.lnk = ?
SystemSQL.exe
Warcraft Config.lnk = ?

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Who Is On My Wifi.lnk = C:\Program Files\IO3O LLC\Who Is On My Wifi\mywifi.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

egui = "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
UnlockerAssistant = "C:\Program Files\Unlocker\UnlockerAssistant.exe"
TaskTray =
SunJavaUpdateSched = "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
SoundMan = SOUNDMAN.EXE
SMSERIAL = C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
LClock = C:\Program Files\LClock\LClock.exe
KernelFaultCheck = %systemroot%\system32\dumprep 0 -k
iTunesHelper = "F:\Program Files\iTunes\iTunesHelper.exe"
APSDaemon = "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Adobe ARM = "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
Sidebar = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
IDMan = E:\Internet Download Manager\IDMan.exe /onboot
Hobbyist Software VLC Streamer = "e:\Program Files\Hobbyist Software\VLC Streamer\VLC Streamer Configuration.exe" /startup

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=C:\DOCUME~1\ALLUSE~1\APPLIC~1\Wincert\WIN32C~1.DLL C:\PROGRA~1\SEARCH~1\Datamngr\mgrldr.dll

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

IDM Helper - E:\Internet Download Manager\IDMIECC.dll - {0055C089-8582-441B-A0BF-17B458C2A3A8}
Search-Results Toolbar - C:\PROGRA~1\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll - {377e5d4d-77e5-476a-8716-7e70a9272da0}
(no name) - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL - {72853161-30C5-4D22-B7F9-0BBC1D38A37E}
(no name) - C:\Program Files\Java\jre7\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
Cubiez Helper - C:\Documents and Settings\DTS\Local Settings\Application Data\CubiezHelper\CubiezBHO.dll - {ABF0158B-728D-42B6-86B9-14060956D3B4}
IEWebHook - C:\Documents and Settings\DTS\Application Data\General Downloader\Extensions\IEPlugin32.dll - {AD4DF010-E2FD-43CE-864A-6BD1EDC59AC2}
(no name) - C:\DOCUME~1\DTS\APPLIC~1\GENERA~1\EXTENS~1\GenCrawl.dll - {CA4520F3-AE13-4FB1-A513-58E23991C86D}
(no name) - C:\Program Files\Java\jre7\bin\jp2ssv.dll - {DBC80044-A445-435b-BC74-9C25C1C588A9}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Adobe Flash Player Updater.job
AppleSoftwareUpdate.job
At1.job
ParetoLogic Registration3.job
ParetoLogic Update Version3 Startup Task.job
ParetoLogic Update Version3.job
RegCure Pro.job

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #4: C:\Program Files\Bonjour\mdnsNSP.dll

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\WINDOWS\system32\webcheck.dll
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
SysTray: C:\WINDOWS\system32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

--------------------------------------------------
End of report, 8,006 bytes
Report generated in 0.100 seconds

Command line options:
   /verbose  - to add additional info on each section
   /complete - to include empty sections and unsuspicious data
   /full     - to include several rarely-important sections
   /force9x  - to include Win9x-only startups even if running on WinNT
   /forcent  - to include WinNT-only startups even if running on Win9x
   /forceall - to include all Win9x and WinNT startups, regardless of platform
   /history  - to list version history only


    Advertisements

Register to Remove

#2 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 04 November 2013 - 10:24 AM

Hi mandyman22,

My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Please stay with this topic until I let you know that your system appears to be "All Clear"

Important: All tools MUST be run from the Desktop.

=========================

The HiJackThis log you posted is not complete and HJT is no longer really used to make system evaluations. With that being said please run the following scans:

=========================

bullseye_zpse9eaf36e.gif Security Check

Download Security Check by screen317 from here or here.

  • Save it to your Desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=========================

bullseye_zpse9eaf36e.gif aswMBR

Download aswMBR.exe and save it to your desktop.

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click Scan
  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

=========================
bullseye_zpse9eaf36e.gif OTL

Download OTL to your desktop.

  • Make sure all other windows are closed and to let it run uninterrupted.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under Custom Scan paste this in

    %USERPROFILE%\..|smtmp;true;true;true /FP
    %temp%\smtmp\*.* /s >
    /md5start
    iexplore.*
    explorer.*
    winlogon.*
    dll
    zx.dll
    hlp.dat
    consrv.dll
    services.*
    /md5stop
    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    dir "%systemdrive%\*" /S /A:L /C
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %PROGRAMFILES%\Internet Explorer\*.dat
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    BASESERVICES
    DRIVES
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
    • You may need two posts to fit them both in.

=========================

In your next post please provide the following:


  • checkup.txt
  • aswMBR.txt
  • attach MBR.zip
  • OTL.txt
  • Extras.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

#3 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 07 November 2013 - 09:24 AM

Hi mandyman22,

Just checking in to see if you still need help?
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

#4 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 09 November 2013 - 09:30 AM

Due to inactivity this topic will be closed.
If you need help please start a new thread.

New members follow the instructions here http://forums.whatth...ed_t106388.html and start a new topic
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·