Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware removal

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Malware removal

Unread postby reeldrag » September 19th, 2011, 8:02 pm

Per instructions I ran DDS.

I originally had a virus that attacked my system, error was w32/blaster.worm. It hide all of my files and stopped all my start up programs. Had pop ups that would not stop.
I was able to get rid of most of the virus and unhide my programs but still can not ran any programs from the start up screen, states folders are empty. Also I can not search from the internet. If I input the website it will work but cannot use the search engine.

Any help will be much appreciated.


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_15
Run by Owner at 19:39:45 on 2011-09-19
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.148 [GMT -4:00]
.
AV: AVG Internet Security 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Enabled*
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\ASUS\Printer Utilities\UsbService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://start.facemoods.com/?a=wbst1
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0417.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers client\YontooIEClient.dll
BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
BHO: DAPIELoader Class: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\dap\DAPIEL~1.DLL
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0417.0\npwinext.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DownloadAccelerator] "c:\program files\dap\DAP.EXE" /STARTUP
uRunOnce: [AutoLaunch] c:\program files\lavasoft\ad-aware\AutoLaunch.exe monthly
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVMixerTray] "c:\program files\nvidia corporation\nvmixer\NVMixerTray.exe"
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [nwiz] nwiz.exe /install
mRun: [PAC7302_Monitor] c:\windows\pixart\pac7302\Monitor.exe
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ScrewDrivers RDP Plugin] c:\program files\tricerat\simplify printing\screwdrivers client v4\install_rdp.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [OpenCloud Security] .\OpenCloud Security.exe
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstall ... VEZPSzctMg"&"inst=NzYtODQ0MjQ2MTMwLVhMKzEtVDEtVUNBTEwrMS1CQVI4RysxLVVDQUxMMisyLVRCOCsyLUZMKzgtRjhNOUErMy1GOE0xMUMrMS1VUEcrMjAxMS1GOE0xMUUrMS1YTzgrMS1ERFQrMA"&"prod=94"&"ver=10.0.1388
dRunOnce: [AutoLaunch] c:\program files\lavasoft\ad-aware\AutoLaunch.exe monthly
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\1\programs\supera~1\bootsafe.lnk - c:\program files\superantispyware\BootSafe.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\1\programs\supera~1\supera~1.lnk - c:\program files\superantispyware\RUNSAS.EXE
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\1\programs\supera~1\supera~2.lnk - c:\program files\superantispyware\SUPERAntiSpyware.exe
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\1\programs\supera~1\supera~3.lnk - c:\program files\superantispyware\SUPERAntiSpyware.chm
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\1\programs\supera~1\supera~4.lnk - c:\program files\superantispyware\SUPERAntiSpyware.exe
uPolicies-explorer: NoInstrumentation = 1 (0x1)
dPolicies-explorer: NoDesktop = 1 (0x1)
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: vzTCPConfig - hxxp://my.verizon.com/micro/speedoptimi ... Config.CAB
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/Dcode/ActiveX/MSDcode.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/share ... insctl.cab
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/ ... 1285110140
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microso ... 1298558015
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/200 ... ader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/ins ... csxp2k.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/aut ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/popcaploader_v10.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/Juni ... Client.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C1614BC0-0686-41A5-ADAE-FFA7D87D1ADB} : DhcpNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 95.64.61.141 www.google.com
Hosts: 95.64.61.142 www.bing.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\pxw7tx3e.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\pxw7tx3e.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\pxw7tx3e.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCoreGecko5.dll
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\pxw7tx3e.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCoreGecko6.dll
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\pxw7tx3e.default\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\pxw7tx3e.default\extensions\{9565115d-c7d6-46d3-bd63-b67b481a4368}\components\RadioWMPCore.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\3.0.40818.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\msn toolbar\platform\4.0.0417.0\npwinext.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-9-2 64160]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]
R1 NEOFLTR_650_14951;Juniper Networks TDI Filter Driver (NEOFLTR_650_14951);c:\windows\system32\drivers\NEOFLTR_650_14951.SYS [2011-8-8 85288]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-9-11 328536]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1036104]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-9-5 366640]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-8-24 92008]
R2 UsbService;Eltima Usb to Ethernet Connector;c:\program files\asus\printer utilities\UsbService.exe [2011-1-2 217088]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-5 22712]
R3 vuhub;Virtual Usb Hub;c:\windows\system32\drivers\vuhub.sys [2011-1-2 66432]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-8-31 133104]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-8-31 133104]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager; [x]
S3 PAC7311;VGA SoC PC-Camera;c:\windows\system32\drivers\PA707UCM.SYS [2005-10-18 154752]
.
=============== Created Last 30 ================
.
2011-09-19 00:32:51 2429440 ----a-w- c:\windows\system32\OpenCloud Security.exe
2011-09-19 00:32:51 -------- d-----w- C:\OpenCloud Security
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\SET1E.tmp
2011-09-08 23:22:47 -------- d-----w- c:\documents and settings\all users\application data\White Sky, Inc
2011-09-08 22:33:32 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-09-08 22:33:26 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe
2011-09-08 22:33:24 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-09-08 22:33:24 785368 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-09-08 22:33:24 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll
2011-09-08 22:33:24 478168 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-09-08 22:33:24 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-09-08 22:33:24 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-09-08 22:33:24 1846232 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-09-08 22:33:24 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-09-07 02:39:30 -------- d-----w- C:\$AVG
2011-09-06 20:08:34 -------- d-----w- c:\windows\system32\drivers\AVG
2011-09-06 00:04:28 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes
2011-09-06 00:03:55 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-05 22:31:51 -------- d-----w- C:\System Recovery
2011-09-05 22:19:55 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-09-05 22:19:14 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-05 22:19:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-05 04:02:26 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-09-03 10:17:37 599040 -c----w- c:\windows\system32\dllcache\crypt32.dll
2011-09-02 23:39:06 295754 ----a-w- c:\windows\system32\shimg.dll
2011-09-01 02:50:42 -------- d-----w- C:\PC Repair
2011-08-31 01:47:17 -------- d-----w- c:\documents and settings\owner\local settings\application data\Solid State Networks
2011-08-25 22:37:41 466944 ----a-w- c:\program files\mozilla firefox\plugins\NPcol400.dll
2011-08-25 22:37:40 -------- d-----w- c:\documents and settings\owner\application data\Catalina Marketing Corp
2011-08-22 21:39:19 -------- d-----w- c:\program files\triCerat
.
==================== Find3M ====================
.
2011-09-03 10:17:37 599040 ------w- c:\windows\system32\crypt32.dll
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2010-08-13 23:01:24 435 ----a-w- c:\program files\0813201019012218.bat
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD1200BB-00GUA0 rev.08.02D08 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x858A84C0]<<
_asm { MOV EAX, [ESP+0x4]; MOV ECX, [0x858af8a4]; PUSH ESI; MOV ESI, [ESP+0xc]; PUSH EDI; MOV EDI, [ESI+0x60]; CMP EAX, [0x858af730]; JNZ 0x1f; MOV [ESP+0xc], ECX; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x86653238]
3 CLASSPNP[0xF7547FD7] -> nt!IofCallDriver[0x804E37D5] -> \Device\0000008d[0x866C9F18]
5 ACPI[0xF743E620] -> nt!IofCallDriver[0x804E37D5] -> [0x866D67F0]
\Driver\atapi[0x864E1458] -> IRP_MJ_CREATE -> 0x858A84C0
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x5f; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x858A82E0
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 19:41:35.53 ===============




.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 8/31/2009 5:57:34 PM
System Uptime: 9/19/2011 6:58:03 PM (1 hours ago)
.
Motherboard: First International Computer, Inc. | | K7MNF-64
Processor: AMD Sempron(tm) 3000+ | Socket A | 1991/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 108 GiB total, 85.884 GiB free.
D: is FIXED (FAT32) - 4 GiB total, 1.672 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
K: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP540: 6/3/2011 9:25:39 AM - Removed AVG 2011
RP541: 6/4/2011 3:29:57 PM - System Checkpoint
RP542: 6/5/2011 8:28:58 PM - System Checkpoint
RP543: 6/6/2011 7:54:47 PM - Revo Uninstaller's restore point - Advanced SystemCare 3
RP544: 6/7/2011 6:38:01 PM - Revo Uninstaller's restore point - Norton Security Scan
RP545: 6/8/2011 7:17:16 PM - System Checkpoint
RP546: 6/9/2011 10:03:17 AM - Removed AVG 2011
RP547: 6/10/2011 5:49:04 PM - System Checkpoint
RP548: 6/11/2011 10:56:47 PM - System Checkpoint
RP549: 6/13/2011 5:12:54 PM - System Checkpoint
RP550: 6/14/2011 5:50:16 PM - System Checkpoint
RP551: 6/15/2011 6:50:46 PM - System Checkpoint
RP552: 6/16/2011 7:07:12 PM - System Checkpoint
RP553: 6/17/2011 11:45:28 PM - System Checkpoint
RP554: 6/19/2011 9:17:33 AM - System Checkpoint
RP555: 6/20/2011 10:55:11 AM - System Checkpoint
RP556: 6/21/2011 11:35:34 AM - System Checkpoint
RP557: 6/22/2011 4:33:19 PM - System Checkpoint
RP558: 6/23/2011 5:31:29 PM - System Checkpoint
RP559: 6/24/2011 5:17:46 PM - Removed AVG 2011
RP560: 6/25/2011 7:24:17 PM - System Checkpoint
RP561: 6/26/2011 10:25:43 PM - System Checkpoint
RP562: 6/27/2011 6:22:27 PM - Removed AVG 2011
RP563: 6/29/2011 8:09:27 PM - System Checkpoint
RP564: 6/30/2011 8:53:43 PM - System Checkpoint
RP565: 7/1/2011 10:29:22 PM - System Checkpoint
RP566: 7/2/2011 10:57:16 PM - System Checkpoint
RP567: 7/5/2011 2:54:20 PM - System Checkpoint
RP568: 7/6/2011 3:39:33 PM - System Checkpoint
RP569: 7/11/2011 9:35:25 PM - System Checkpoint
RP570: 7/14/2011 10:29:35 PM - System Checkpoint
RP571: 7/15/2011 10:33:41 PM - System Checkpoint
RP572: 7/16/2011 11:11:27 PM - System Checkpoint
RP573: 7/18/2011 9:12:41 PM - System Checkpoint
RP574: 7/19/2011 9:27:42 PM - System Checkpoint
RP575: 7/20/2011 11:04:53 PM - System Checkpoint
RP576: 7/21/2011 10:23:45 PM - Removed AVG 2011
RP577: 7/21/2011 10:26:35 PM - Removed AVG 2011
RP578: 7/22/2011 10:31:06 PM - System Checkpoint
RP579: 7/23/2011 11:31:05 PM - System Checkpoint
RP580: 7/25/2011 12:31:05 AM - System Checkpoint
RP581: 7/26/2011 1:12:35 AM - System Checkpoint
RP582: 7/27/2011 2:12:35 AM - System Checkpoint
RP583: 7/28/2011 3:12:36 AM - System Checkpoint
RP584: 7/28/2011 10:02:50 PM - Software Distribution Service 3.0
RP585: 7/28/2011 10:08:09 PM - Software Distribution Service 3.0
RP586: 7/28/2011 10:59:22 PM - Software Distribution Service 3.0
RP587: 7/29/2011 5:47:50 PM - Software Distribution Service 3.0
RP588: 7/31/2011 8:46:11 PM - System Checkpoint
RP589: 8/1/2011 8:56:12 PM - System Checkpoint
RP590: 8/2/2011 9:56:18 PM - System Checkpoint
RP591: 8/3/2011 10:56:20 PM - System Checkpoint
RP592: 8/4/2011 9:17:51 PM - Installed PC VGA Camera
RP593: 8/4/2011 9:28:57 PM - Removed Webcam 2200
RP594: 8/4/2011 9:29:14 PM - Configured PC VGA Camera
RP595: 8/4/2011 9:33:26 PM - Installed Webcam 2200
RP596: 8/9/2011 9:45:33 PM - Software Distribution Service 3.0
RP597: 8/10/2011 10:48:24 PM - System Checkpoint
RP598: 8/11/2011 11:20:25 PM - System Checkpoint
RP599: 8/12/2011 11:32:15 PM - System Checkpoint
RP600: 8/14/2011 12:21:30 AM - System Checkpoint
RP601: 8/15/2011 1:20:20 AM - System Checkpoint
RP602: 8/16/2011 6:19:40 PM - System Checkpoint
RP603: 8/17/2011 7:15:59 PM - System Checkpoint
RP604: 8/18/2011 8:14:12 PM - System Checkpoint
RP605: 8/20/2011 1:49:20 AM - System Checkpoint
RP606: 8/21/2011 2:04:47 AM - System Checkpoint
RP607: 8/22/2011 2:46:01 AM - System Checkpoint
RP608: 8/22/2011 5:39:17 PM - Installed ScrewDrivers Client v4 (rdp only).
RP609: 8/23/2011 10:04:17 PM - System Checkpoint
RP610: 8/24/2011 10:24:14 PM - System Checkpoint
RP611: 8/24/2011 11:00:17 PM - Software Distribution Service 3.0
RP612: 8/25/2011 11:14:29 PM - System Checkpoint
RP613: 8/27/2011 12:13:24 AM - System Checkpoint
RP614: 8/27/2011 5:19:54 PM - Revo Uninstaller's restore point - ArcSoft Magic-i 3
RP615: 8/27/2011 5:22:15 PM - Removed Magic-i
RP616: 8/27/2011 5:24:46 PM - Revo Uninstaller's restore point - ArcSoft WebCam Companion 2
RP617: 8/27/2011 5:25:02 PM - Removed WebCam Companion
RP618: 8/27/2011 5:41:44 PM - Revo Uninstaller's restore point - ArcSoft VideoImpression 2
RP619: 8/27/2011 5:42:49 PM - Removed VideoImpression
RP620: 8/28/2011 6:18:05 PM - System Checkpoint
RP621: 8/29/2011 8:10:41 PM - System Checkpoint
RP622: 8/30/2011 8:40:12 PM - System Checkpoint
RP623: 8/30/2011 9:49:46 PM - Removed Adobe Reader 7.0
RP624: 8/30/2011 9:50:22 PM - Installed Adobe Reader X (10.1.0).
.
==== Installed Programs ======================
.
2350
2350_Help
2350Trb
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.0)
Adobe Shockwave Player 11.5
Advanced SystemCare 4
AiO_Scan
AiOSoftware
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Auslogics Disk Defrag
AVG 2011
Bonjour
BufferChm
CardRd81
CCScore
Copy
Coupon Printer for Windows
CP_AtenaShokunin1Config
cp_dwShrek2Albums1
cp_dwShrek2Cards1
CR2
CreativeProjects
CreativeProjectsTemplates
CueTour
Destinations
Digital Media Reader
Director
DocProc
DocumentViewer
Download Accelerator Plus (DAP)
ESSBrwr
ESSCDBK
ESScore
ESSCT
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
ESSTUTOR
ESSvpaht
ESSvpot
Fax
Free Window Registry Repair
FrostWire 4.18.3
Google Update Helper
HLPIndex
HLPPDOCK
HLPRFO
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Driver Diagnostics
HP Image Zone 4.7
HP Product Assistant
HP PSC & OfficeJet 4.7
HP PSC 2350 series
HP Update
HPSystemDiagnostics
InstantShare
iTunes
Java 2 Runtime Environment, SE v1.4.2
Java(TM) 6 Update 15
Juniper Networks Host Checker
Juniper Networks Secure Application Manager
Juniper Networks Setup Client
Juniper Networks Setup Client Activex Control
Juniper Terminal Services Client
Kodak EasyShare software
KSU
Malwarebytes' Anti-Malware version 1.51.1.1800
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Default Manager
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007 Trial
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mozilla Firefox 6.0.2 (x86 en-US)
MSN Toolbar
MSN Toolbar Platform
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Nero BurnRights
Nero OEM
Notifier
NVIDIA Drivers
NvMixer
OTtBP
OTtBPSDK
PanoStandAlone
PC VGA Camera
PhotoGallery
PhotoScape
PowerDVD
ProductContext
QFolder
QuickTime
Readme
RealPlayer Basic
Revo Uninstaller 1.83
Safari
Scan
ScannerCopy
ScrewDrivers Client v4 (rdp only)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2530548)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2559049)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
SFR
SHASTA
SKIN0001
SkinsHP1
SKINXSDK
Skype web features
Skype™ 4.1
SoftV92 Data Fax Modem with SmartCP
SUPERAntiSpyware
TomTom HOME 2.7.6.2056
TomTom HOME Visual Studio Merge Modules
TrayApp
Unload
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VPRINTOL
WebFldrs XP
WebReg
Windows Backup Utility
Windows Genuine Advantage Validation Tool (KB892130)
Windows Live ID Sign-in Assistant
Windows XP Service Pack 3
WIRELESS
Yontoo Layers Client 1.10.01
.
==== Event Viewer Messages From Past Week ========
.
9/18/2011 5:34:09 PM, error: PSched [14103] - QoS [Adapter {C1614BC0-0686-41A5-ADAE-FFA7D87D1ADB}]: The netcard driver failed the query for OID_GEN_LINK_SPEED.
9/15/2011 6:51:15 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
9/15/2011 5:31:19 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
9/15/2011 5:31:19 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/15/2011 5:28:57 PM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: Access is denied.
9/15/2011 5:28:21 PM, error: SRService [104] - The System Restore initialization process failed.
9/13/2011 8:19:25 PM, error: DCOM [10005] - DCOM got error "%487" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
9/13/2011 8:19:14 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
9/13/2011 8:00:06 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Installer service to connect.
9/13/2011 8:00:06 PM, error: Service Control Manager [7000] - The Windows Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/13/2011 7:59:54 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
9/13/2011 7:47:26 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the SSDP Discovery Service service to connect.
9/13/2011 7:47:26 PM, error: Service Control Manager [7000] - The SSDP Discovery Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/13/2011 7:45:29 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
9/13/2011 7:44:29 PM, error: Service Control Manager [7022] - The AVGIDSAgent service hung on starting.
.
==== End Of File ===========================
reeldrag
Active Member
 
Posts: 4
Joined: September 18th, 2011, 6:59 pm
Advertisement
Register to Remove

Re: Malware removal

Unread postby Alander » September 24th, 2011, 8:09 am

Hello, I Am Alander :)

Welcome to the Malware Removal forums.

I would be glad to take a look at your log and help you with solving any malware problems.

DDS logs can take a while to research so please be patient while I work on your log and I will post back here with any recommendations.

As I am still training, everything that I post to you, must be checked by an Admin or Moderator.

Thus, there may be a tiny bit of a delay between posts. While it shouldn't be too long, you can be assured you will get the best possible advice.


  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
User avatar
Alander
Regular Member
 
Posts: 1599
Joined: September 15th, 2007, 2:04 pm
Location: Singapore

Re: Malware removal

Unread postby Alander » September 26th, 2011, 11:33 am

Hi Sorry for the delay.

Step1
Is this computer is used to connect to a business or educational network? I need to know to give the appropriate instructions.

Step2
P2P Advisory!
IMPORTANT There are signs of one or more P2P (Peer to Peer) File Sharing Programs installed on your computer.
FrostWire 4.18.3

As long as you have the P2P program(s) installed, per Forum Policy, I can offer you no further assistance.

By using any form of P2P networking to download files you can anticipate infestations of malware to occur. The P2P program
itself, may be safe but the files may not... use P2P at your own risk! Keep in mind that this practice may be the source of your current malware infestation.
Reference... siting risk factors, using P2P programs: How to Prevent the Online Invasion of Spyware and Adware

If you choose NOT to remove the program(s)...indicate that in your next reply and this topic will be closed.
Otherwise, please perform the following steps:


Remove Program(s)
  1. Click on Start > Control Panel and double click on Add/Remove Programs.
  2. Locate the following program:

    Advanced SystemCare 4
    Java 2 Runtime Environment, SE v1.4.2
    Java(TM) 6 Update 15
    Coupon Printer for Windows
    Free Window Registry Repair
    FrostWire 4.18.3
    Yontoo Layers Client 1.10.01
  3. Click on the Change/Remove button to uninstall it.
    Repeat steps 2 and 3 for each program listed.
  4. When the program(s) have been uninstalled... Close Add/Remove Programs. Close Control Panel.

Step 3
Run CKScanner

  • Please download CKScanner from Here
  • Important: - Save it to your desktop.
  • Double-click CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
User avatar
Alander
Regular Member
 
Posts: 1599
Joined: September 15th, 2007, 2:04 pm
Location: Singapore

Re: Malware removal

Unread postby reeldrag » September 26th, 2011, 5:27 pm

I can network with my work server. But I can reinstall if necessary.
reeldrag
Active Member
 
Posts: 4
Joined: September 18th, 2011, 6:59 pm

Re: Malware removal

Unread postby reeldrag » September 26th, 2011, 9:42 pm

I have removed the requested programs and ran the CKscanner
here are the results:

CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11.VELBLA
----- EOF -----
reeldrag
Active Member
 
Posts: 4
Joined: September 18th, 2011, 6:59 pm

Re: Malware removal

Unread postby deltalima » September 27th, 2011, 8:15 am

I see you are posting for help for a "Business" computer.

May I draw your attention to THIS topic, which you should have read before posting for help.

The section Posting for help for business machines explains why we do not offer help for such computers.

This topic is now closed
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 32 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware