Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Hijack This log help

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Hijack This log help

Unread postby ProblemPerson » December 31st, 2011, 2:57 pm

I am using wifi and I have not tried to update with Ethernet cord yet and I can not at the moment, but I will! but have already scanned it and it did not show anything.
ProblemPerson
Regular Member
 
Posts: 31
Joined: December 20th, 2011, 5:34 pm
Advertisement
Register to Remove

Re: Hijack This log help

Unread postby ProblemPerson » January 1st, 2012, 8:19 pm

I tried updating it and it would not do it. And I reran the scan and i did not have the option to delete nor did I see any thing stating that it had picked anything up. So I have no results to post :/
ProblemPerson
Regular Member
 
Posts: 31
Joined: December 20th, 2011, 5:34 pm

Re: Hijack This log help

Unread postby maxi » January 2nd, 2012, 12:08 pm

Hi problemperson,

Ok we'll have to try something else :)

Step 1
Please download RogueKiller.exe and save it to your desktop.

  • Now quit all running programs.
  • Right click RogueKiller.exe and select " Run as administrator " to run it.
  • When prompted, type 1 and hit Enter.
  • A RKreport.txt should appear on your desktop.
  • Note: If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe .
  • Please post the contents of the RKreport.txt in your next Reply.

Step 2
Please delete the copy of ComboFix from your desktop and download a fresh one from one of the links below.
Link 1.
Link 2.

Now, right after running rogueKiller run ComboFix and see if that works.


In you next reply please include:
The RKreport.txt log.
The ComboFix log. (if it runs).

Regards maxi
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Hijack This log help

Unread postby ProblemPerson » January 2nd, 2012, 3:31 pm

HEY!! I think we got something this time!! It says that "Infection MBR detected!"


RogueKiller V6.2.1 [12/28/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: Josh [Admin rights]
Mode: Scan -- Date : 01/02/2012 14:15:02

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 4 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 185116e48f17d631a19d5e77e64567f9
[BSP] 0275bb52c3d6eab85416b27bfc856294 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] FAT16 [HIDDEN!] Offset (sectors): 63 | Size: 65 Mo
1 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 129024 | Size: 12287 Mo
2 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 24127488 | Size: 487753 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 363cbab2fb2baac6cbb12e716ea866d2
[BSP] 0275bb52c3d6eab85416b27bfc856294 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] FAT16 [HIDDEN!] Offset (sectors): 63 | Size: 65 Mo
1 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 129024 | Size: 12287 Mo
2 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 24127488 | Size: 487753 Mo
3 - [ACTIVE] NTFS [HIDDEN!] Offset (sectors): 976771072 | Size: 1 Mo

Finished : << RKreport[1].txt >>
RKreport[1].txt


Could you possibly get an image of what a combo fix log would look like when it is done? it might be that it is running, closing, and then not saving. Because it looks like it runs but it shuts off after it goes for about 45 seconds.

Thank you again! Mostly for having the patience to work with me!
ProblemPerson
Regular Member
 
Posts: 31
Joined: December 20th, 2011, 5:34 pm

Re: Hijack This log help

Unread postby ProblemPerson » January 2nd, 2012, 3:52 pm

combo fix got farther this time but it keeps telling me that it cant find a file called "NIRKMD" I dont know what that is so I cant go any further with it!
ProblemPerson
Regular Member
 
Posts: 31
Joined: December 20th, 2011, 5:34 pm

Re: Hijack This log help

Unread postby maxi » January 3rd, 2012, 9:04 am

Hi problemperson,

It seems like Mcafee is blocking ComboFix from running. Are you sure you had it disabled ?

Try this:
Double-click the taskbar icon to open the Security Center
Click Advanced Menu (lower left)
Click Configure (left)
Click Computer & Files (upper left)
VirusScan can be disabled on the right.

Do the same via Internet & Network for Firewall Plus

Now try ComboFix again.

Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Hijack This log help

Unread postby ProblemPerson » January 4th, 2012, 1:08 am

It is definitely disabled. Those instructions do not work for me but I know it is disabled because it tells me when running Combo Fix if it is not disabled and will not run at all.
ProblemPerson
Regular Member
 
Posts: 31
Joined: December 20th, 2011, 5:34 pm

Re: Hijack This log help

Unread postby maxi » January 4th, 2012, 10:48 am

Hi problemperson,
It is definitely disabled. Those instructions do not work for me but I know it is disabled because it tells me when running Combo Fix if it is not disabled and will not run at all.

Ok lets try this,


MBRCheck

    Please download MBRCheck.exe and save it to your desktop.
  • Right click on MBRCheck.exe and select " Run as administrator " to run it.
  • A window similar to this should open on your desktop:

Image

  • If you are prompted with options, enter N at the prompt and press Enter
  • Press Enter again.
  • A log will open on your Desktop ...... MBRCheck_mm.dd.yy_hh.mm.ss.txt (where mm.dd.yy_hh.mm.ss are the date and time the scan was run)
  • Please post the contents of the log in your next reply.

Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Hijack This log help

Unread postby ProblemPerson » January 4th, 2012, 12:30 pm

Ok here is the log. But I did not see it do this with combo fix but the MBR Check did NOT open the file but instead saved it to the desktop. could combo fix have done the same?

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron N5010
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 154):
0x03012000 \SystemRoot\system32\ntoskrnl.exe
0x035EE000 \SystemRoot\system32\hal.dll
0x00B98000 \SystemRoot\system32\kdcom.dll
0x00CA2000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CE6000 \SystemRoot\system32\PSHED.dll
0x00CFA000 \SystemRoot\system32\CLFS.SYS
0x00EE1000 \SystemRoot\system32\CI.dll
0x00E00000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EA4000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00FA1000 \SystemRoot\system32\drivers\ACPI.sys
0x00EB3000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00EBC000 \SystemRoot\system32\drivers\msisadrv.sys
0x00D58000 \SystemRoot\system32\drivers\pci.sys
0x00EC6000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00D8B000 \SystemRoot\System32\drivers\partmgr.sys
0x00ED3000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00DA0000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00DAC000 \SystemRoot\system32\drivers\volmgr.sys
0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys
0x00C5C000 \SystemRoot\System32\drivers\mountmgr.sys
0x00C76000 \SystemRoot\system32\drivers\atapi.sys
0x00DC1000 \SystemRoot\system32\drivers\ataport.SYS
0x00DEB000 \SystemRoot\system32\drivers\msahci.sys
0x00C7F000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00C8F000 \SystemRoot\system32\drivers\amdxata.sys
0x010AF000 \SystemRoot\system32\drivers\fltmgr.sys
0x010FB000 \SystemRoot\system32\drivers\fileinfo.sys
0x0110F000 \SystemRoot\system32\drivers\mfehidk.sys
0x0120D000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01000000 \SystemRoot\System32\Drivers\msrpc.sys
0x013AF000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01411000 \SystemRoot\System32\Drivers\cng.sys
0x01484000 \SystemRoot\System32\drivers\pcw.sys
0x01495000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0149F000 \SystemRoot\system32\drivers\ndis.sys
0x01591000 \SystemRoot\system32\drivers\NETIO.SYS
0x013C9000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01602000 \SystemRoot\System32\drivers\tcpip.sys
0x0105E000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x011AB000 \SystemRoot\system32\drivers\mfewfpk.sys
0x0188B000 \SystemRoot\system32\drivers\volsnap.sys
0x018D7000 \SystemRoot\System32\Drivers\spldr.sys
0x018DF000 \SystemRoot\System32\drivers\rdyboost.sys
0x01919000 \SystemRoot\System32\Drivers\mup.sys
0x0192B000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01934000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x0196E000 \SystemRoot\system32\DRIVERS\disk.sys
0x01984000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01800000 \SystemRoot\system32\drivers\cdrom.sys
0x0182A000 \SystemRoot\System32\Drivers\Null.SYS
0x01833000 \SystemRoot\System32\Drivers\Beep.SYS
0x0183A000 \SystemRoot\System32\drivers\vga.sys
0x01848000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x0186D000 \SystemRoot\System32\drivers\watchdog.sys
0x0187D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x019EC000 \SystemRoot\system32\drivers\rdpencdd.sys
0x019F5000 \SystemRoot\system32\drivers\rdprefmp.sys
0x015F1000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01400000 \SystemRoot\System32\Drivers\Npfs.SYS
0x0409B000 \SystemRoot\system32\DRIVERS\tdx.sys
0x040B9000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x040C6000 \SystemRoot\System32\DRIVERS\netbt.sys
0x0410B000 \SystemRoot\system32\drivers\afd.sys
0x04194000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x0419D000 \SystemRoot\system32\DRIVERS\pacer.sys
0x041C3000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x041D9000 \SystemRoot\system32\DRIVERS\mfenlfk.sys
0x041EA000 \SystemRoot\system32\DRIVERS\netbios.sys
0x04000000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x0401B000 \SystemRoot\system32\drivers\termdd.sys
0x0402F000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
0x04039000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
0x04043000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x013F4000 \SystemRoot\system32\drivers\nsiproxy.sys
0x01200000 \SystemRoot\system32\drivers\mssmbios.sys
0x011EF000 \SystemRoot\System32\drivers\discache.sys
0x04239000 \SystemRoot\System32\Drivers\dfsc.sys
0x04257000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x04268000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04828000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x0428E000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04382000 \SystemRoot\System32\drivers\dxgmms1.sys
0x053E6000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x044C9000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x0451F000 \SystemRoot\system32\drivers\HDAudBus.sys
0x056BF000 \SystemRoot\system32\DRIVERS\bcmwl664.sys
0x059AD000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x059BA000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x05600000 \SystemRoot\system32\drivers\i8042prt.sys
0x0561E000 \SystemRoot\system32\drivers\mouclass.sys
0x0562D000 \SystemRoot\system32\drivers\kbdclass.sys
0x0563C000 \SystemRoot\system32\DRIVERS\Impcd.sys
0x05663000 \SystemRoot\system32\drivers\wmiacpi.sys
0x0566C000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x05671000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x05687000 \SystemRoot\system32\drivers\CompositeBus.sys
0x05697000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04543000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x056AD000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04567000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x04596000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x045B1000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x045D2000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x056B9000 \SystemRoot\system32\drivers\swenum.sys
0x04400000 \SystemRoot\system32\drivers\ks.sys
0x059EC000 \SystemRoot\system32\drivers\umbus.sys
0x04443000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0449D000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x03E4A000 \SystemRoot\system32\drivers\HdAudio.sys
0x03EA6000 \SystemRoot\system32\drivers\portcls.sys
0x03EE3000 \SystemRoot\system32\drivers\drmk.sys
0x03F05000 \SystemRoot\system32\drivers\ksthunk.sys
0x03F0B000 \SystemRoot\system32\DRIVERS\IntcDAud.sys
0x03F5E000 \SystemRoot\system32\drivers\mfeavfk.sys
0x02C51000 \SystemRoot\system32\drivers\mfefirek.sys
0x02CC5000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x02CE2000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x02CE4000 \SystemRoot\System32\Drivers\usbvideo.sys
0x00010000 \SystemRoot\System32\win32k.sys
0x02D12000 \SystemRoot\System32\drivers\Dxapi.sys
0x02D1E000 \SystemRoot\system32\DRIVERS\monitor.sys
0x005B0000 \SystemRoot\System32\TSDDD.dll
0x02D2C000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x00630000 \SystemRoot\System32\cdd.dll
0x02D49000 \SystemRoot\System32\Drivers\crashdmp.sys
0x02D57000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x02D63000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x02D6E000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x02D81000 \SystemRoot\system32\drivers\luafv.sys
0x02DA4000 \SystemRoot\system32\drivers\WudfPf.sys
0x02DC5000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x03F94000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x02DDA000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x02C00000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x064EA000 \SystemRoot\system32\drivers\HTTP.sys
0x065B2000 \SystemRoot\system32\DRIVERS\bowser.sys
0x065D0000 \SystemRoot\System32\drivers\mpsdrv.sys
0x06400000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0642D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0647B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x06899000 \SystemRoot\system32\drivers\peauth.sys
0x0693F000 \SystemRoot\System32\Drivers\secdrv.SYS
0x0694A000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x06977000 \SystemRoot\System32\drivers\tcpipreg.sys
0x06989000 \SystemRoot\System32\DRIVERS\srv2.sys
0x06800000 \SystemRoot\System32\DRIVERS\srv.sys
0x069F0000 \SystemRoot\system32\drivers\cfwids.sys
0x064C4000 \SystemRoot\system32\drivers\BCM42RLY.sys
0x02C18000 \SystemRoot\System32\Drivers\fastfat.SYS
0x0649E000 \SystemRoot\system32\drivers\mfeapfk.sys
0x77A90000 \Windows\System32\ntdll.dll
0x48220000 \Windows\System32\smss.exe
0xFFDB0000 \Windows\System32\apisetschema.dll
0xFF610000 \Windows\System32\autochk.exe

Processes (total 54):
0 System Idle Process
4 System
316 C:\Windows\System32\smss.exe
472 csrss.exe
516 C:\Windows\System32\wininit.exe
540 csrss.exe
576 C:\Windows\System32\services.exe
600 C:\Windows\System32\lsass.exe
612 C:\Windows\System32\lsm.exe
720 C:\Windows\System32\winlogon.exe
764 C:\Windows\System32\svchost.exe
848 C:\Windows\System32\svchost.exe
936 C:\Windows\System32\svchost.exe
972 C:\Windows\System32\svchost.exe
1004 C:\Windows\System32\svchost.exe
452 C:\Windows\System32\svchost.exe
532 C:\Windows\System32\svchost.exe
1112 C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
1120 C:\Windows\System32\wlanext.exe
1128 C:\Windows\System32\conhost.exe
1152 C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
1324 C:\Windows\System32\spoolsv.exe
1388 C:\Windows\System32\svchost.exe
1484 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
1532 C:\Windows\System32\mfevtps.exe
1592 C:\Windows\System32\svchost.exe
1628 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
1680 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
1860 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
2316 C:\Windows\System32\svchost.exe
2700 C:\Windows\System32\taskhost.exe
2788 C:\Windows\System32\dwm.exe
2836 C:\Windows\explorer.exe
3016 C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
3024 C:\Windows\System32\igfxtray.exe
3052 C:\Windows\System32\hkcmd.exe
2468 C:\Windows\System32\igfxpers.exe
2960 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
3340 C:\Windows\System32\svchost.exe
3520 C:\Windows\System32\SearchIndexer.exe
928 C:\Program Files\Windows Media Player\wmpnetwk.exe
3552 C:\Windows\System32\taskhost.exe
4796 C:\Windows\System32\svchost.exe
4872 C:\Windows\System32\audiodg.exe
2668 C:\Windows\System32\wuauclt.exe
3840 C:\Program Files\McAfee.com\Agent\mcagent.exe
4536 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
4592 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
2592 <unknown>
1512 C:\Windows\System32\SearchFilterHost.exe
5080 C:\Windows\System32\svchost.exe
4816 C:\Users\Josh\Desktop\MBRCheck.exe
4924 C:\Windows\System32\conhost.exe
1852 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`e0500000 (NTFS)

PhysicalDrive0 Model Number: WDCWD5000BEVT-75A0RT0, Rev: 01.01A01

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
ProblemPerson
Regular Member
 
Posts: 31
Joined: December 20th, 2011, 5:34 pm

Re: Hijack This log help

Unread postby ProblemPerson » January 4th, 2012, 12:31 pm

If combo fix did do it where can I look?
ProblemPerson
Regular Member
 
Posts: 31
Joined: December 20th, 2011, 5:34 pm

Re: Hijack This log help

Unread postby maxi » January 4th, 2012, 5:21 pm

Hi problemperson,
If ComboFix ran the logfile would be located at "C:\ComboFix.txt" but don't worry about that for awhile. Follow the steps below :)

Please run mbrCheck again.
At "Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit", type Y and hit the "Enter".
At "Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.
Enter your choice", type 1 and hit "Enter".
At "Enter the physical disk number to fix (0-99, -1 to cancel):" Enter 0 for drive C:
At "Enter filename to dump to:" Type "mbr-dump.dat" and press Enter
At "Enter the physical disk number to fix (0-99, -1 to cancel):" Enter -1
At the next prompt, press ENTER.
A file mbr-dump.dat will be produced on the desktop.


Please go to http://www.virustotal.com click on 'Browse', and navigate to the file "mbr-dump.dat" on your desktop and send the file.

After you click 'Send file', allow the file to be scanned, and then please post a link to the results page here.

Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Hijack This log help

Unread postby ProblemPerson » January 5th, 2012, 12:58 am

ProblemPerson
Regular Member
 
Posts: 31
Joined: December 20th, 2011, 5:34 pm

Re: Hijack This log help

Unread postby maxi » January 5th, 2012, 9:27 am

Hi problemperson,

Please delete the copy of aswMBR from your Desktop.

Download these two tools to your Desktop but DO NOT run them yet.

Download/run Rkill:

Please download Rkill from one of the following links and save to your Desktop:

One, Two,Three or Four

  • Right-click on Rkill And select " Run as administrator " to run it.
  • A command window will open then disappear upon completion, this is normal.
  • When finished, Notepad will open with a log called, "rkill.log".
  • Please copy and paste the contents of the rkill.log in your next reply.
  • The file is automatically saved... located at C:\rkill.log.
  • Please leave Rkill on the Desktop until otherwise advised.

Note: If your security software warns about Rkill, please ignore and allow the download to continue.


Please download aswMBR and save it to your Desktop.

  • Right click aswMBR.exe and select " Run as administrator " to run it.
  • Click the Scan button.
  • After a short while when the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
  • Click OK > Exit.
  • Note: Do not attempt to fix anything at this stage!
  • Two files will be created, aswMBR.txt & a file named MBR.dat.
  • MBR.dat is a backup of the MBR(master boot record), do not delete it..
  • I strongly suggest you keep a copy of this backup stored on an external device.
  • Copy & Paste the contents of aswMBR.txt into your next reply.

Reboot your Computer

Now try to run the tools in this order:
Rkill
aswMBR


Post both logs in your next reply.
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Hijack This log help

Unread postby ProblemPerson » January 5th, 2012, 1:08 pm

Do you want 4 logs? Because from what you said it sounds like you want to from each one before and one after reboot.
ProblemPerson
Regular Member
 
Posts: 31
Joined: December 20th, 2011, 5:34 pm

Re: Hijack This log help

Unread postby maxi » January 5th, 2012, 1:42 pm

Hi,

I only want two logs. Dont run any tool until after you reboot.

maxi
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.
Advertisement
Register to Remove

PreviousNext

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 121 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware