Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Please check my DDS- Is my computer infected? I need to know

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Please check my DDS- Is my computer infected? I need to know

Unread postby MRG1 » December 15th, 2011, 4:29 pm

I have been having multiple problems with my computer. It’s possible my computer may have a virus, worm or Trojan. (Using Windows 7- IE8) DDS Listed Below

Would someone please look at my DDS listed at the bottom of my post? If my computer has a problem, then I need to get it fixed. If not, then I need high speed or something….Thank you!
I have a boot disc, backup disc(s) and a copy of Windows 7.
Software- Amazon Kindle, Microsoft Office + the usual. No games or share.

I have dial-up. About a week ago, my internet connection has slowed down to a crawl. Some pages download much faster than others. I called ISP and they said it might be due to holiday traffic. (Up until then, my connection was acceptable. I don’t wan to assume that this is a connection problem.) My computer is less than a year old.
Sometimes, but not all the time- (Some days are worse than others.) For days the connection will be great and I won’t have any problems.
1) Some pages load, appearing to be off line.
2) Some days I have pages that are frequently kicked off and Windows wants me to check for problems with my connection. It never comes up with an answer.
3) Some pages disappear to a blank white page, until it is loaded.
4) Some pages require constant refreshing- nothing but white page.
5) My browser usually screws up once a day. Certain parts of IE8 fade and I can’t get to it- Tab won’t close, etc.
6) Everything will be fine for awhile and I am getting work done and then- all of a sudden my connection is no where!
7) Some pictures or graphics not loading or slow to download-
8) IE Freezes

Other problems-
1) When I first start the computer and everything is loading, I will see two boxes flash on the screen. One is empty and I think from Microsoft Office sidebar. The other box tells me “GFXUI” is missing.

2) I ran a diagnostic from Lenovo. It told me the following-
Not configured for valid IP address?
TLS Status if off- Might have difficulties browsing using websites that use Internet Explorer.
I have Adobe Flash (latest version) I was told by the diagnostic, that It could not find my Flash Active X Plugin.
I returned Internet Options back to default settings. It does not seem to have helped. I don’t know…

What I have done-

1) Tried to reinstall IE8. Microsoft would not let me download, saying it was installed on my machine.
2) Ran CC Cleaner
3) Did System Restore- It’s obvious it did not help- I don’t know.
4) Have updated and scanned with Microsoft Essentials. It did not find anything.
5) Windows Defender. It did not find anything
6) Avast AntiVirus + Malwearbytes- Ran scans. NADA
7) Tried to download Microsoft System Sweeper- Connection is too slow. Unsuccessful
8) Installed HiJack This- Unable to copy and paste log.
Copyright (c) 1993-2009 Microsoft Corp.
## This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
## This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
## Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
## For example:
## 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost

9) Downloaded tdsskiller. I have not installed (I don’t know how to use it)


DDS

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Mary at 14:16:05 on 2011-12-15
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.2539 [GMT -6:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k AcfXAudioService
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\SysWOW64\UMonit.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Lenovo\FanSpeedControl\LenovoFSC.exe
C:\Program Files (x86)\jmesoft\hotkey.exe
C:\Program Files (x86) (x86)\Lexmark 9500 Series\lxdoamon.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\Macromed\Flash\FlashUtil64_11_1_102_ActiveX.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft Office\Office\Winword.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://att.net/
uSearch Bar = Preserve
mWinlogon: Userinit=userinit.exe
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [LenovoFSC] C:\Program Files (x86)\Lenovo\FanSpeedControl\LenovoFSC.exe
mRun: [jmekey] C:\Program Files (x86)\jmesoft\hotkey.exe
mRun: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [lxdomon.exe] "C:\Program Files (x86) (x86)\Lexmark 9500 Series\lxdomon.exe"
mRun: [lxdoamon] "C:\Program Files (x86) (x86)\Lexmark 9500 Series\lxdoamon.exe"
mRun: [Lexmark 9500 Series] "C:\Program Files (x86) (x86)\Lexmark 9500 Series\fm3032.exe" /s
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
dRunOnce: [WLStart] "C:\Program Files (x86)\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
TCP: Interfaces\{B34CB3CE-DD40-458C-AFE9-8870248AA1A7} : NameServer = 68.94.156.1 68.94.157.1
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [LenovoFSC] C:\Program Files (x86)\Lenovo\FanSpeedControl\LenovoFSC.exe
mRun-x64: [jmekey] C:\Program Files (x86)\jmesoft\hotkey.exe
mRun-x64: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [lxdomon.exe] "C:\Program Files (x86) (x86)\Lexmark 9500 Series\lxdomon.exe"
mRun-x64: [lxdoamon] "C:\Program Files (x86) (x86)\Lexmark 9500 Series\lxdoamon.exe"
mRun-x64: [Lexmark 9500 Series] "C:\Program Files (x86) (x86)\Lexmark 9500 Series\fm3032.exe" /s
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?]
R2 AcfXAudioService;AcfXAudioService;C:\windows\system32\svchost.exe -k AcfXAudioService [2009-7-13 20992]
R3 acfva;acfva;C:\windows\system32\DRIVERS\ACFVA64.sys --> C:\windows\system32\DRIVERS\ACFVA64.sys [?]
R3 dgcfltr;DGC Filter Driver;C:\windows\system32\DRIVERS\ACFDCP64.sys --> C:\windows\system32\DRIVERS\ACFDCP64.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\windows\system32\DRIVERS\MpNWMon.sys --> C:\windows\system32\DRIVERS\MpNWMon.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SuperIO;Lenovo ASD HWM Driver;C:\windows\system32\DRIVERS\spio.sys --> C:\windows\system32\DRIVERS\spio.sys [?]
R3 USTOR2K;USB Mass Storage Windows Driver;C:\windows\system32\DRIVERS\ustor2k.sys --> C:\windows\system32\DRIVERS\ustor2k.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-14 136176]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-14 136176]
S3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;C:\windows\system32\DRIVERS\Rtnic64.sys --> C:\windows\system32\DRIVERS\Rtnic64.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S3 wsvd;wsvd;C:\windows\system32\DRIVERS\wsvd.sys --> C:\windows\system32\DRIVERS\wsvd.sys [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\system32\DRIVERS\yk62x64.sys --> C:\windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2011-12-15 19:21:48 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{51A0E771-7E67-4414-A092-75B28AA6A61E}\offreg.dll
2011-12-15 19:21:47 8822856 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{51A0E771-7E67-4414-A092-75B28AA6A61E}\mpengine.dll
2011-12-15 02:42:10 3145216 ----a-w- C:\windows\System32\win32k.sys
2011-12-15 02:31:39 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2011-12-15 02:31:39 2048 ----a-w- C:\windows\System32\tzres.dll
2011-12-14 16:42:35 43520 ----a-w- C:\windows\System32\csrsrv.dll
2011-12-14 15:30:34 723456 ----a-w- C:\windows\System32\EncDec.dll
2011-12-14 15:30:34 534528 ----a-w- C:\windows\SysWow64\EncDec.dll
2011-12-12 03:02:30 -------- d-----w- C:\Program Files\AVAST Software
2011-12-11 01:40:11 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-12-08 20:54:27 244416 ----a-w- C:\windows\SysWow64\Msflxgrd.ocx
2011-12-08 20:54:27 209192 ----a-w- C:\windows\SysWow64\TABCTL32.OCX
2011-12-08 20:54:27 203976 ----a-w- C:\windows\SysWow64\RICHTX32.OCX
2011-12-08 20:54:27 140288 ----a-w- C:\windows\SysWow64\comdlg32.ocx
2011-12-08 20:54:27 1077336 ----a-w- C:\windows\SysWow64\MSCOMCTL.OCX
2011-11-29 02:31:56 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D13AD045-701E-4FAE-9D0F-C1A5D85C573F}\gapaengine.dll
2011-11-29 02:31:56 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-11-25 18:23:46 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{88A44B5B-2195-43DA-A9E8-20FCA8FF5033}\mpengine.dll
.
==================== Find3M ====================
.
2011-12-05 22:27:56 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-05 05:41:43 1188864 ----a-w- C:\windows\System32\wininet.dll
2011-11-05 04:35:00 981504 ----a-w- C:\windows\SysWow64\wininet.dll
2011-11-05 03:32:47 1638912 ----a-w- C:\windows\System32\mshtml.tlb
2011-11-05 02:48:51 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
2011-09-29 16:29:28 1923952 ----a-w- C:\windows\System32\drivers\tcpip.sys
.


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/10/2011 1:18:25 PM
System Uptime: 12/14/2011 9:40:31 PM (17 hours ago)
.
Motherboard: LENOVO | | To be filled by O.E.M.
Processor: Pentium(R) Dual-Core CPU E5800 @ 3.20GHz | CPU 1 | 1985/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 906 GiB total, 871.646 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP146: 11/28/2011 8:31:24 PM - Windows Update
RP147: 12/3/2011 11:59:31 AM - Windows Update
RP148: 12/4/2011 4:19:41 PM - Removed AT&T Dial Connection Manager
RP149: 12/4/2011 4:20:24 PM - Removed AT&T Dial Connection Manager
RP150: 12/4/2011 4:22:00 PM - Removed AT&T Dial Connection Manager
RP151: 12/8/2011 1:21:30 PM - Windows Update
RP152: 12/8/2011 8:49:52 PM - Installed HiJackThis
RP153: 12/8/2011 8:57:50 PM - Removed HiJackThis
RP154: 12/9/2011 9:45:58 AM - avast! Free Antivirus Setup
RP155: 12/9/2011 12:17:56 PM - Windows Backup
RP156: 12/9/2011 12:46:33 PM - avast! Free Antivirus Setup
RP157: 12/9/2011 12:54:15 PM - Installed HiJackThis
RP158: 12/9/2011 1:22:49 PM - Removed HiJackThis
RP159: 12/11/2011 7:00:04 PM - Windows Backup
RP160: 12/11/2011 9:02:23 PM - avast! Free Antivirus Setup
RP161: 12/12/2011 10:43:28 AM - avast! Free Antivirus Setup
RP162: 12/12/2011 12:20:15 PM - Windows Update
RP163: 12/14/2011 9:32:06 AM - Windows Update
RP164: 12/14/2011 10:39:48 AM - Windows Update
RP165: 12/14/2011 10:42:37 AM - Windows Update
RP166: 12/14/2011 8:31:53 PM - Windows Update
RP167: 12/14/2011 8:40:09 PM - Windows Update
RP168: 12/14/2011 8:42:12 PM - Windows Update
RP169: 12/14/2011 9:29:49 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe Reader 9.3
Amazon Kindle For PC
Amazon MP3 Downloader 1.0.12
Best Buy pc app
FanSpeedControl
Free Window Registry Repair
Genesys USB Mass Storage Device
Google Update Helper
Lenovo Driver and Application Installation
Lenovo Rescue System
LVT
LXH-JME2207FN Hotkey Driver
Microsoft Choice Guard
Microsoft Image Composer 1.5
Microsoft Office 97, Professional Edition
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MSVCRT
Realtek High Definition Audio Driver
Windows Live Communications Platform
Windows Live Essentials
Windows Live Photo Gallery
Windows Live Writer
.
==== Event Viewer Messages From Past Week ========
.
12/8/2011 7:33:47 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.316.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
12/8/2011 2:33:36 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.316.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
12/15/2011 8:37:41 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.982.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
12/15/2011 3:37:29 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.982.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
12/14/2011 9:50:43 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.982.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
12/14/2011 9:19:02 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.982.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
12/14/2011 9:19:02 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.982.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
12/14/2011 8:42:37 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.982.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
12/14/2011 8:42:37 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.982.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
12/14/2011 4:48:17 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.982.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
12/12/2011 7:56:02 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.787.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
12/11/2011 6:11:42 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.787.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
.
==== End Of File ===========================
MRG1
Active Member
 
Posts: 12
Joined: December 15th, 2011, 3:53 pm
Advertisement
Register to Remove

Re: Please check my DDS- Is my computer infected? I need to

Unread postby troy3636 » December 17th, 2011, 1:23 pm

Hello MRG1.

Welcome to the Malware Removal Forum. My name is Troy and I will be assisting you with the malware issues on your computer.
Because I am still in training, all the advice I give must first be checked by an instructor, therefore there may be some delays in my replies.

A few things before we get started
  1. If you have not already done so Please read these forum rules.
  2. Please be aware that removing malware is not without risk and while unrecoverable damage to systems is rare, it can happen and require a re-format and re-install of your operating system. Because of this it is a good idea to back-up anything important saved on your computer.
  3. Any fixes I may post will be specific to your computer and should not be used on other computers.
  4. While we work on your computer please don't install any new programs, try any other fixes, or run any tools other than those requested.
  5. If at any time my instructions are not clear please ask before proceeding.
  6. Failure to respond within 3 days will result in this topic being closed - If you need more time to complete the steps required, please let me know.

I am reviewing your logs now. I will return with further instructions.
User avatar
troy3636
Regular Member
 
Posts: 511
Joined: September 2nd, 2010, 10:10 pm
Location: Wisconsin

Re: Please check my DDS- Is my computer infected? I need to

Unread postby MRG1 » December 17th, 2011, 2:33 pm

I very much appreciate hearing back from someone! I have not downloaded anything new. The only antivirus/ malware software installed/ running is Microsoft Security Essentials and Windows Defender. I update and run, but at this point I don't know if the programs are actually being updated, etc. (Upon your request, I will not run Security Essentials or Defender. Both programs are turned off. ) All other software of this type have been uninstalled.

What about regular updates from Microsoft? Updates were just installed yesterday, so I guess the computer is current for awhile.

If you want updated DDS, let me know-

THANK YOU!
MRG1
Active Member
 
Posts: 12
Joined: December 15th, 2011, 3:53 pm

Re: Please check my DDS- Is my computer infected? I need to

Unread postby troy3636 » December 20th, 2011, 6:47 pm

Hi MRG1,

I appologize for the long delay.
Two more questions.
  1. Have there been any changes in your computer's behavior over the last couple of days?
  2. What is this computer used for?

Troy
User avatar
troy3636
Regular Member
 
Posts: 511
Joined: September 2nd, 2010, 10:10 pm
Location: Wisconsin

Re: Please check my DDS- Is my computer infected? I need to

Unread postby MRG1 » December 20th, 2011, 7:54 pm

Behavior- Yesterday the connection was just awful. When this happens, pages seem off-line or I get kicked off. (Amazon is really bad) At least once a day, no matter what, the pages turn white and I seem to lose everything and I have to restart the machine to get the browser to work right. (I never wait for the pages to come back.) Some pages are very slow and some are not. Today was a good day, as far as being able to get around and get things done.

I have two blogs- Blogger and Wordpress. (I have not worked on the blogs for weeks. Planning to get back to them in 2012.) I take surveys, Facebook, Google, shopping, email- that's it.

Is there anything specific? If I knew what you were looking for-
I am constantly getting into folders on my desktop. I don't notice anything. I don't have much on it- Microsoft Word, Excel, PDF, Kindle etc. Today- All day long the computer made sounds like it was downloading, but nothing showed up.
MRG1
Active Member
 
Posts: 12
Joined: December 15th, 2011, 3:53 pm

Re: Please check my DDS- Is my computer infected? I need to

Unread postby troy3636 » December 21st, 2011, 2:06 pm

Hi MRG1,

There are a few minor items that should be cleaned up.

Step 1
Create a System Restore Point
  1. Click on Start ... Right-click on Computer ... select Properties.
  2. In the left pane click System protection.
    If UAC prompts for an administrator password or approval, type the password or give your "permission to continue".
  3. Select System Protection ...then choose Create.
  4. In the System Restore dialog box, type a description for the restore point ... click Create, again.
    A window will pop up with "The Restore Point was created successfully" confirmation message.
  5. Click OK ...then close the System Restore dialog.
If you do not see the message The Restore Point was created successfully DO NOT continue post back here to let me know.
Please leave the System Restore function "turned on" until we are finished and I give you the 'all clean' sign.

Step 2
OTM
  1. Download OTM.exe by Old Timer and save it to your Desktop.
  2. Right-click OTM and select "Run as Administrator" to run it. If prompted, please allow it.
  3. Right-click then copy the following code, Do not include the word Code. Then paste it into the blank box under "Paste instructions for items to be moved"
    Code: Select all
    :Reg
    [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Toolbar]
    "{21FA44EF-376D-4D53-9B0F-8A89D3229068}"=-
    [HKCU\Software\Microsoft\Internet Explorer\Toolbar]
    "{21FA44EF-376D-4D53-9B0F-8A89D3229068}"=-
    HKLM\Software\Microsoft\Internet Explorer\Toolbar
    "{21FA44EF-376D-4D53-9B0F-8A89D3229068}"=-
    [-HKEY_CLASSES_ROOT\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}]
    :Commands
    [EMPTYFLASH]
    [EMPTYTEMP]
    
  4. Click the Move it button
  5. OTM will create a log and save it in C:\_OTM\Moved Files . It will be named MMDDYYYY_HHMMSS.log, where MMDDYYYY_HHMMSS represent the date and time the fix was performed. Please open the log with notepad and paste the contents in your next reply.

How is your computer behaving now?

Troy
User avatar
troy3636
Regular Member
 
Posts: 511
Joined: September 2nd, 2010, 10:10 pm
Location: Wisconsin

Re: Please check my DDS- Is my computer infected? I need to

Unread postby MRG1 » December 21st, 2011, 8:08 pm

OK- I read your directions carefully and did just exactly what you wrote-

I was able to create a restore point- no problem.

I downloaded and installed OTM. I ran as Administrator. I copied your code and pasted into the "Items to be removed" box. It acted like it was successful, but would not complete. I did not see anywhere to log. The program was busy (round circle) and then the software page went to a transparent white. Windows said the program was not responding. I finally closed OTM, reopened and did the whole thing over again. It did the exact same thing. I don't know if it actually did anything or not. As far as I can tell, nothing has changed-
MRG1
Active Member
 
Posts: 12
Joined: December 15th, 2011, 3:53 pm

Re: Please check my DDS- Is my computer infected? I need to

Unread postby troy3636 » December 22nd, 2011, 2:41 pm

Hi MRG1,

Please try rebooting your computer and then running the OTM script again.
It may take several minutes to process.

Troy
User avatar
troy3636
Regular Member
 
Posts: 511
Joined: September 2nd, 2010, 10:10 pm
Location: Wisconsin

Re: Please check my DDS- Is my computer infected? I need to

Unread postby MRG1 » December 22nd, 2011, 10:54 pm

Ok- I did as you asked, but the exact same thing happened.

The program does say it was successful in taking care of the files you wanted moved. I cannot copy and paste exactly what it says, because the program freezes and failes to respond.

I did find a file marked "Moved Files" in an OTM file, listed in "C" The folders are dated yesterday and today, but they are both completely empty. What I have noticed are notepad sheets, similiar to DDS, with a round tool on top of it. There are two on my desktop and then all over my computer, in all my files, from Word to pictures, etc. When I open, each one says something different.

For example- on the desktop (Labeled desktop.ini)
Notepad #1
[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769
IconResource=%SystemRoot%\system32\imageres.dll,-183
[LocalizedFileNames]
Calculator (2).lnk=@%SystemRoot%\system32\shell32.dll,-22019
Internet Explorer (64-bit).lnk=@%windir%\System32\ie4uinit.exe,-735

Notepad #2
[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21799
Media Center.lnk=@%systemroot%\ehome\ehres.dll,-100
Internet Explorer (64-bit) (2).lnk=@%windir%\System32\ie4uinit.exe,-735
Run.lnk=@%SystemRoot%\system32\shell32.dll,-12710

The only other thing I have noticed. Pages not being thrown off as much- Amazon.com- images very slow to download. Still a slower connection. Had to restart computer twice, due to frozen IE tabs that fail to respond.
Yahoo said my IE was outdated and I should use IE9. I had IE9 and uninstalled it, because I did not like it. As far as I know, I have IE8.

Thank you-
Mary
MRG1
Active Member
 
Posts: 12
Joined: December 15th, 2011, 3:53 pm

Re: Please check my DDS- Is my computer infected? I need to

Unread postby troy3636 » December 23rd, 2011, 9:00 am

Hi MRG1,
Let's check OTM to make sure it did not get corrupted when downloaded then get a fresh DDS scan.

Step 1
SystemLook
Please download SystemLook.exe... by jpshortstuff and save it to your Desktop.
Alternate download site.
  1. Right-click SystemLook.exe and select "Run as administrator" to run it.
    If you receive an "Open file - security warning"... asking "Do you want to run this file?"... press the Run button.
  2. Highlight and copy the following entries: ... into SystemLook's main text entry window.
    Code: Select all
    :file
    %userprofile%\desktop\otm.exe  
    
  3. Press the Look button to start the scan.
    When finished, a Notepad window will open with the results of the scan.
    A file will be created (on your Desktop) with the results of the scan, named "SystemLook.txt"
  4. Please post the contents of the SystemLook.txt file in your next reply.

Step 2
Scan again with DDS
  1. Disable any script blocking software you have running before running DDS.
  2. Double click dds to run the tool.
    A black window will open with some instructions/comments...
  3. When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
    Caution: The above logs will NOT be saved... you must save them to your desktop.
  4. Please post DDS.txt in your next reply.

Please include in your next reply:
  • systemlook.txt
  • DDS.txt
User avatar
troy3636
Regular Member
 
Posts: 511
Joined: September 2nd, 2010, 10:10 pm
Location: Wisconsin

Re: Please check my DDS- Is my computer infected? I need to

Unread postby MRG1 » December 23rd, 2011, 3:46 pm

SystemLook 30.07.11 by jpshortstuff
Log created at 14:50 on 23/12/2011 by Mary
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== file ==========

C:\Users\Mary\desktop\otm.exe - File found and opened.
MD5: FA7568953029C9FE0D9EC1AC2C41C906
Created at 23:38 on 21/12/2011
Modified at 23:38 on 21/12/2011
Size: 523264 bytes
Attributes: --a----
FileDescription:
FileVersion: 3.1.19.0
ProductVersion: 2.1.1.0
OriginalFilename: OTM.exe
InternalName: OTM
ProductName: OTM
CompanyName: OldTimer Tools
LegalCopyright:
Comments: Unicode capable

-= EOF =-

______________________________________________________________________________________________




DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Mary at 14:55:28 on 2011-12-23
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.2910 [GMT -6:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k AcfXAudioService
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\SysWOW64\UMonit.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Lenovo\FanSpeedControl\LenovoFSC.exe
C:\Program Files (x86)\jmesoft\hotkey.exe
C:\Program Files (x86) (x86)\Lexmark 9500 Series\lxdomon.exe
C:\Program Files (x86) (x86)\Lexmark 9500 Series\lxdoamon.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\Macromed\Flash\FlashUtil64_11_1_102_ActiveX.exe
C:\Users\Mary\Desktop\SystemLook.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.att.net/
uSearch Bar = Preserve
mWinlogon: Userinit=userinit.exe
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [LenovoFSC] C:\Program Files (x86)\Lenovo\FanSpeedControl\LenovoFSC.exe
mRun: [jmekey] C:\Program Files (x86)\jmesoft\hotkey.exe
mRun: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [lxdomon.exe] "C:\Program Files (x86) (x86)\Lexmark 9500 Series\lxdomon.exe"
mRun: [lxdoamon] "C:\Program Files (x86) (x86)\Lexmark 9500 Series\lxdoamon.exe"
mRun: [Lexmark 9500 Series] "C:\Program Files (x86) (x86)\Lexmark 9500 Series\fm3032.exe" /s
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
dRunOnce: [WLStart] "C:\Program Files (x86)\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
TCP: Interfaces\{F25CBD7A-BE70-4A36-A6AC-3D9DD3C72D73} : NameServer = 68.94.156.1 68.94.157.1
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [LenovoFSC] C:\Program Files (x86)\Lenovo\FanSpeedControl\LenovoFSC.exe
mRun-x64: [jmekey] C:\Program Files (x86)\jmesoft\hotkey.exe
mRun-x64: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [lxdomon.exe] "C:\Program Files (x86) (x86)\Lexmark 9500 Series\lxdomon.exe"
mRun-x64: [lxdoamon] "C:\Program Files (x86) (x86)\Lexmark 9500 Series\lxdoamon.exe"
mRun-x64: [Lexmark 9500 Series] "C:\Program Files (x86) (x86)\Lexmark 9500 Series\fm3032.exe" /s
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?]
R2 AcfXAudioService;AcfXAudioService;C:\windows\system32\svchost.exe -k AcfXAudioService [2009-7-13 20992]
R3 acfva;acfva;C:\windows\system32\DRIVERS\ACFVA64.sys --> C:\windows\system32\DRIVERS\ACFVA64.sys [?]
R3 dgcfltr;DGC Filter Driver;C:\windows\system32\DRIVERS\ACFDCP64.sys --> C:\windows\system32\DRIVERS\ACFDCP64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SuperIO;Lenovo ASD HWM Driver;C:\windows\system32\DRIVERS\spio.sys --> C:\windows\system32\DRIVERS\spio.sys [?]
R3 USTOR2K;USB Mass Storage Windows Driver;C:\windows\system32\DRIVERS\ustor2k.sys --> C:\windows\system32\DRIVERS\ustor2k.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-14 136176]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-14 136176]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\windows\system32\DRIVERS\MpNWMon.sys --> C:\windows\system32\DRIVERS\MpNWMon.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;C:\windows\system32\DRIVERS\Rtnic64.sys --> C:\windows\system32\DRIVERS\Rtnic64.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S3 wsvd;wsvd;C:\windows\system32\DRIVERS\wsvd.sys --> C:\windows\system32\DRIVERS\wsvd.sys [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\system32\DRIVERS\yk62x64.sys --> C:\windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2011-12-23 19:19:51 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F9152E19-3911-48E0-961F-8C2F8E239C42}\offreg.dll
2011-12-23 19:19:49 8822856 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F9152E19-3911-48E0-961F-8C2F8E239C42}\mpengine.dll
2011-12-21 23:41:37 -------- d-----w- C:\_OTM
2011-12-17 02:52:29 1923952 ----a-w- C:\windows\System32\drivers\tcpip.sys
2011-12-17 01:13:23 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2011-12-17 01:13:23 2048 ----a-w- C:\windows\System32\tzres.dll
2011-12-16 23:24:51 6144 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2011-12-16 23:24:51 6144 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2011-12-16 22:58:59 723456 ----a-w- C:\windows\System32\EncDec.dll
2011-12-16 22:58:59 534528 ----a-w- C:\windows\SysWow64\EncDec.dll
2011-12-16 22:25:56 43520 ----a-w- C:\windows\System32\csrsrv.dll
2011-12-12 03:02:30 -------- d-----w- C:\Program Files\AVAST Software
2011-12-11 01:40:11 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-12-08 20:54:27 244416 ----a-w- C:\windows\SysWow64\Msflxgrd.ocx
2011-12-08 20:54:27 209192 ----a-w- C:\windows\SysWow64\TABCTL32.OCX
2011-12-08 20:54:27 203976 ----a-w- C:\windows\SysWow64\RICHTX32.OCX
2011-12-08 20:54:27 140288 ----a-w- C:\windows\SysWow64\comdlg32.ocx
2011-12-08 20:54:27 1077336 ----a-w- C:\windows\SysWow64\MSCOMCTL.OCX
2011-11-29 02:31:56 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D13AD045-701E-4FAE-9D0F-C1A5D85C573F}\gapaengine.dll
2011-11-29 02:31:56 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-11-25 18:23:46 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{88A44B5B-2195-43DA-A9E8-20FCA8FF5033}\mpengine.dll
.
==================== Find3M ====================
.
2011-12-05 22:27:56 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-01 03:25:37 1638912 ----a-w- C:\windows\System32\mshtml.tlb
2011-10-01 02:42:56 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
.
============= FINISH: 14:55:47.14 ===============


and....




UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/10/2011 1:18:25 PM
System Uptime: 12/23/2011 2:25:33 PM (0 hours ago)
.
Motherboard: LENOVO | | To be filled by O.E.M.
Processor: Pentium(R) Dual-Core CPU E5800 @ 3.20GHz | CPU 1 | 3203/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 906 GiB total, 870.658 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP155: 12/9/2011 12:17:56 PM - Windows Backup
RP156: 12/9/2011 12:46:33 PM - avast! Free Antivirus Setup
RP157: 12/9/2011 12:54:15 PM - Installed HiJackThis
RP158: 12/9/2011 1:22:49 PM - Removed HiJackThis
RP159: 12/11/2011 7:00:04 PM - Windows Backup
RP160: 12/11/2011 9:02:23 PM - avast! Free Antivirus Setup
RP161: 12/12/2011 10:43:28 AM - avast! Free Antivirus Setup
RP162: 12/12/2011 12:20:15 PM - Windows Update
RP163: 12/14/2011 9:32:06 AM - Windows Update
RP164: 12/14/2011 10:39:48 AM - Windows Update
RP165: 12/14/2011 10:42:37 AM - Windows Update
RP166: 12/14/2011 8:31:53 PM - Windows Update
RP167: 12/14/2011 8:40:09 PM - Windows Update
RP168: 12/14/2011 8:42:12 PM - Windows Update
RP169: 12/14/2011 9:29:49 PM - Windows Update
RP170: 12/16/2011 9:40:39 AM - Windows Modules Installer
RP171: 12/16/2011 12:13:08 PM - Windows Modules Installer
RP172: 12/16/2011 12:13:33 PM - Windows Modules Installer
RP173: 12/16/2011 4:26:01 PM - Windows Update
RP174: 12/16/2011 4:53:26 PM - Windows Update
RP175: 12/16/2011 4:59:00 PM - Windows Update
RP176: 12/16/2011 5:24:54 PM - Windows Update
RP177: 12/16/2011 7:13:32 PM - Windows Update
RP178: 12/16/2011 8:52:30 PM - Windows Update
RP179: 12/18/2011 7:00:04 PM - Windows Backup
RP180: 12/20/2011 7:41:13 PM - Windows Update
RP181: 12/21/2011 11:37:03 AM - Windows Update
RP182: 12/21/2011 4:46:25 PM - Windows Modules Installer
RP183: 12/21/2011 5:34:34 PM - 12/21 Remember Me!
.
==== Installed Programs ======================
.
Adobe Reader 9.3
Amazon Kindle For PC
Amazon MP3 Downloader 1.0.12
Best Buy pc app
FanSpeedControl
Free Window Registry Repair
Genesys USB Mass Storage Device
Google Update Helper
Lenovo Driver and Application Installation
Lenovo Rescue System
LVT
LXH-JME2207FN Hotkey Driver
Microsoft Choice Guard
Microsoft Image Composer 1.5
Microsoft Office 97, Professional Edition
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MSVCRT
Realtek High Definition Audio Driver
Windows Live Communications Platform
Windows Live Essentials
Windows Live Photo Gallery
Windows Live Writer
.
==== Event Viewer Messages From Past Week ========
.
12/23/2011 7:06:56 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.1455.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
12/23/2011 2:06:45 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.1455.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
12/22/2011 9:48:28 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.1455.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
12/22/2011 7:17:20 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.1455.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
12/22/2011 2:17:11 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.1455.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
12/22/2011 12:07:01 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.1455.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
12/22/2011 12:07:01 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.1455.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
12/21/2011 9:15:08 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.1455.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
12/21/2011 7:00:05 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.1455.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
12/18/2011 8:40:36 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.1215.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
12/18/2011 8:40:36 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.1215.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
12/18/2011 7:13:01 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.1215.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
12/18/2011 2:12:49 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.1215.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
12/17/2011 8:32:13 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.1215.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
12/17/2011 8:32:13 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.1215.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
12/16/2011 7:47:31 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.982.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
12/16/2011 2:47:19 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.982.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
.
==== End Of File ===========================
MRG1
Active Member
 
Posts: 12
Joined: December 15th, 2011, 3:53 pm

Re: Please check my DDS- Is my computer infected? I need to

Unread postby troy3636 » December 24th, 2011, 11:01 am

Hi MRG1,
I discovered a mistake in my script that I think was causing OTM to hang.
Lets try it again with a corrected script.
I appologize for the inconvenience.

Step 1
Create a System Restore Point
  1. Click on Start ... Right-click on Computer ... select Properties.
  2. In the left pane click System protection.
    If UAC prompts for an administrator password or approval, type the password or give your "permission to continue".
  3. Select System Protection ...then choose Create.
  4. In the System Restore dialog box, type a description for the restore point ... click Create, again.
    A window will pop up with "The Restore Point was created successfully" confirmation message.
  5. Click OK ...then close the System Restore dialog.
If you do not see the message The Restore Point was created successfully DO NOT continue post back here to let me know.
Please leave the System Restore function "turned on" until we are finished and I give you the 'all clean' sign.

Step 2
OTM
  1. Right-click OTM and select "Run as administrator" to run it.
  2. Right-click then copy the following code, Do not include the word Code. Then paste it into the blank box under "Paste instructions for items to be moved"
    Code: Select all
    :Reg
    [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Toolbar]
    "{21FA44EF-376D-4D53-9B0F-8A89D3229068}"=-
    [HKCU\Software\Microsoft\Internet Explorer\Toolbar]
    "{21FA44EF-376D-4D53-9B0F-8A89D3229068}"=-
    [HKLM\Software\Microsoft\Internet Explorer\Toolbar]
    "{21FA44EF-376D-4D53-9B0F-8A89D3229068}"=-
    [-HKEY_CLASSES_ROOT\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}]
    :Commands
    [EMPTYFLASH]
    [EMPTYTEMP]
    
  3. Click the Move it button
  4. OTM will create a log and save it in C:\_OTM\Moved Files . It will be named MMDDYYYY_HHMMSS.log, where MMDDYYYY_HHMMSS represent the date and time the fix was performed. Please open the log with notepad and paste the contents in your next reply.

Troy
User avatar
troy3636
Regular Member
 
Posts: 511
Joined: September 2nd, 2010, 10:10 pm
Location: Wisconsin

Re: Please check my DDS- Is my computer infected? I need to

Unread postby MRG1 » December 25th, 2011, 11:04 pm

Ok- I did everything you asked!

Here are the results: (Found in OTM folder under C, Moved Files- 12252011_205721.log)


All processes killed
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Toolbar\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Mary
->Flash cache emptied: 487 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mary
->Temp folder emptied: 1313348 bytes
->Temporary Internet Files folder emptied: 85928831 bytes
->Java cache emptied: 1262987 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 550624 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67563 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 85.00 mb


OTM by OldTimer - Version 3.1.19.0 log created on 12252011_205721

Files moved on Reboot...
C:\Users\Mary\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Mary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VZ9QQELD\making-of-skjult[2].html moved successfully.
File C:\Users\Mary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CQY08AUT\navbar[4].html not found!
C:\Users\Mary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AKLYZJMH\search[1].html moved successfully.
C:\Users\Mary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AKLYZJMH\sh70[1].html moved successfully.
File C:\Users\Mary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7KQE8JUJ\dLDZ3lSTGgydMmx71yQOvQ[1].eot not found!
File C:\Users\Mary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\7KQE8JUJ\posting[1].html not found!
C:\Users\Mary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

Merry Christmas!
MRG1
Active Member
 
Posts: 12
Joined: December 15th, 2011, 3:53 pm

Re: Please check my DDS- Is my computer infected? I need to

Unread postby troy3636 » December 26th, 2011, 9:50 am

Hi MGR1,

Step 1
Malwarebytes' Anti-Malware

  1. Please start MBAM (Malwarebytes' Anti-Malware).
  2. Press the Update tab.. then press the Check for Updates...button. <<---Important!
  3. Run a Quick scan
  4. When the scan finishes...Check all items except any items (if present) in the C:\System Volume Information folder... then click on Remove Selected.
  5. Let MBAM remove what it can... if there are files to be deleted on reboot... please reboot the machine so MBAM can finish the removal.
    If you rebooted, then you'll need to start MBAM again.
  6. Press the LOG... tab. Locate the most current log file.
    Please copy and paste the most recent log in your next reply.

Please include in your next reply
  • MBAM log
  • How is your computer behaving now?
User avatar
troy3636
Regular Member
 
Posts: 511
Joined: September 2nd, 2010, 10:10 pm
Location: Wisconsin

Re: Please check my DDS- Is my computer infected? I need to

Unread postby MRG1 » December 26th, 2011, 10:56 pm

I reinstalled MBAM (Malwarebytes' Anti-Malware.) I ran a quick scan = 0
I did not have time to install all the updates.
You will hear back from me on Tuesday-

Thank you!
Mary
MRG1
Active Member
 
Posts: 12
Joined: December 15th, 2011, 3:53 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 36 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware