Jump to content

i cant connect to google or bing


Recommended Posts

hi,

i know quite a lot of people have had the same problem and ive seen another topic where the problem was resolved and i tried to follow the steps on my laptop but none of them worked

when searching for the C:\WINDOWS\system32\drivers\etc folder i can find it but it doesnt have any of the things i am meant to delete in it

i cannot connect to google or bing or yahoo but i can on another laptop on the same internet

i have unchecked the proxy box under internet options>lan settings and still no luck

i have looked all over the internet for how to fix this problem but nothing is working

can anyone help??

Link to post
Share on other sites

  • Replies 51
  • Created
  • Last Reply

Top Posters In This Topic

also for reference

foamer27 had a topic the same and thats the topic i tried to follow and fix on my laptop but i had no luck

i know its the same problem and that i need to do what he done but i'm not too great with computers and can't seem to find the folder that needs deleting

Link to post
Share on other sites

Hello aaron177! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.
  • Post all of your log files, don't attach them.

Download DDS and save it to your desktop from here or here .

Disable any script blocker, and then double click dds.scr to run the tool.

  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt

    [*]Save both reports to your desktop. Post them back to your topic.

Link to post
Share on other sites

wait it's working

heres the first log:

DDS (Ver_10-12-12.01) - NTFS_AMD64

Run by Aaron at 17:29:02.37 on 01/03/2011

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.3327.2049 [GMT 0:00]

AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe

C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\atieclxx.exe

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe

C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe

C:\Program Files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe

C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe

C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe

C:\Program Files (x86)\CyberLink\Shared files\brs.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Aaron\Desktop\dds.pif

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/

uSearch Bar = Preserve

uInternet Settings,ProxyOverride = *.local

uInternet Settings,ProxyServer = http=127.0.0.1:25482

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [Google Update] "C:\Users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe" /c

mRun: [<NO NAME>]

mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe"

mRun: [CPMonitor] "C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe"

mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"

mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"

mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"

mRun: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

uPolicies-explorer: DisallowRun = 1 (0x1)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorUser = 2 (0x2)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

IFEO: image file execution options - svchost.exe

IFEO-X64: image file execution options - svchost.exe

Hosts: 74.125.45.100 4-open-davinci.com

Hosts: 74.125.45.100 securitysoftwarepayments.com

Hosts: 74.125.45.100 privatesecuredpayments.com

Hosts: 74.125.45.100 secure.privatesecuredpayments.com

Hosts: 74.125.45.100 getantivirusplusnow.com

Note: multiple HOSTS entries found. Please refer to Attach.txt

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-4-10 55280]

R0 Sahdad64;HDD Filter Driver;C:\Windows\System32\drivers\Sahdad64.sys [2010-4-10 27120]

R0 Saibad64;Volume Filter Driver;C:\Windows\System32\drivers\Saibad64.sys [2010-4-10 19952]

R1 SaibVdAd64;Virtual Disk Driver;C:\Windows\System32\drivers\SaibVdAd64.sys [2010-4-10 27632]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]

R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/04/11 19:41:10];C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\000.fcl [2009-11-19 146928]

R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;C:\Program Files (x86)\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [2009-6-2 457200]

R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-3-3 202752]

R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2009-9-17 2477304]

R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atipmdag.sys [2010-3-3 6402560]

R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-3-3 188928]

R3 DKRtWrt;DKRtWrt;C:\Windows\System32\drivers\DKRtWrt.sys [2010-4-10 51120]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-6-6 132656]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-14 17920]

S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe [2009-7-24 219632]

S3 RoxMediaDB12;RoxMediaDB12;C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [2009-7-24 1116656]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-3 1255736]

=============== Created Last 30 ================

2011-02-28 20:44:00 5510528 ----a-w- C:\Windows\System32\ntoskrnl.exe

2011-02-28 20:43:59 1739176 ----a-w- C:\Windows\System32\ntdll.dll

2011-02-28 20:43:58 3901824 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2011-02-28 20:43:58 1293120 ----a-w- C:\Windows\SysWow64\ntdll.dll

2011-02-28 20:43:57 3957120 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2011-02-28 19:24:27 612352 ----a-w- C:\Windows\System32\vbscript.dll

2011-02-28 19:24:27 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll

2011-02-28 19:09:07 714752 ----a-w- C:\Windows\System32\kerberos.dll

2011-02-28 19:09:07 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll

2011-02-28 18:20:52 46080 ----a-w- C:\Windows\System32\atmlib.dll

2011-02-28 18:20:52 366080 ----a-w- C:\Windows\System32\atmfd.dll

2011-02-28 18:20:52 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2011-02-28 18:20:52 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll

2011-02-13 23:26:26 83249512 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\wlc483C.tmp

2011-02-10 00:32:59 3127808 ----a-w- C:\Windows\System32\win32k.sys

2011-02-02 21:49:03 -------- d-----w- C:\Program Files\iPod

2011-02-02 21:49:02 -------- d-----w- C:\Program Files\iTunes

==================== Find3M ====================

2011-02-02 21:40:23 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2010-12-20 18:08:40 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2010-12-18 06:15:38 1197056 ----a-w- C:\Windows\System32\wininet.dll

2010-12-18 06:11:41 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2010-12-18 05:32:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2010-12-18 05:29:40 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2010-12-18 04:55:03 482816 ----a-w- C:\Windows\System32\html.iec

2010-12-18 04:20:55 386048 ----a-w- C:\Windows\SysWow64\html.iec

2010-12-18 04:13:40 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2010-12-18 03:47:59 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

============= FINISH: 17:29:32.95 ===============

and heres the second:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.01)

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 10/04/2010 12:03:29

System Uptime: 01/03/2011 16:21:05 (1 hours ago)

Motherboard: ASUSTeK Computer Inc. | | K51AE

Processor: AMD Athlon II Dual-Core M320 | CPU 1 | 798/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 466 GiB total, 420.558 GiB free.

D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP75: 28/02/2011 17:45:42 - Restore Operation

RP76: 28/02/2011 18:06:28 - Installed Java 6 Update 24

RP77: 28/02/2011 20:43:38 - Windows Update

RP78: 01/03/2011 14:42:55 - Windows Update

==== Hosts File Hijack ======================

Hosts: 74.125.45.100 4-open-davinci.com

Hosts: 74.125.45.100 securitysoftwarepayments.com

Hosts: 74.125.45.100 privatesecuredpayments.com

Hosts: 74.125.45.100 secure.privatesecuredpayments.com

Hosts: 74.125.45.100 getantivirusplusnow.com

Hosts: 74.125.45.100 secure-plus-payments.com

Hosts: 74.125.45.100 www.getantivirusplusnow.com

Hosts: 74.125.45.100 www.secure-plus-payments.com

Hosts: 74.125.45.100 www.getavplusnow.com

Hosts: 74.125.45.100 safebrowsing-cache.google.com

Hosts: 74.125.45.100 urs.microsoft.com

Hosts: 74.125.45.100 www.securesoftwarebill.com

Hosts: 74.125.45.100 secure.paysecuresystem.com

Hosts: 74.125.45.100 paysoftbillsolution.com

Hosts: 74.125.45.100 protected.maxisoftwaremart.com

Hosts: 204.152.194.204 www.google.com

Hosts: 204.152.194.204 google.com

Hosts: 204.152.194.204 google.com.au

Hosts: 204.152.194.204 www.google.com.au

Hosts: 204.152.194.204 google.be

Hosts: 204.152.194.204 www.google.be

Hosts: 204.152.194.204 google.com.br

Hosts: 204.152.194.204 www.google.com.br

Hosts: 204.152.194.204 google.ca

Hosts: 204.152.194.204 www.google.ca

Hosts: 204.152.194.204 google.ch

Hosts: 204.152.194.204 www.google.ch

Hosts: 204.152.194.204 google.de

Hosts: 204.152.194.204 www.google.de

Hosts: 204.152.194.204 google.dk

Hosts: 204.152.194.204 www.google.dk

Hosts: 204.152.194.204 google.fr

Hosts: 204.152.194.204 www.google.fr

Hosts: 204.152.194.204 google.ie

Hosts: 204.152.194.204 www.google.ie

Hosts: 204.152.194.204 google.it

Hosts: 204.152.194.204 www.google.it

Hosts: 204.152.194.204 google.co.jp

Hosts: 204.152.194.204 www.google.co.jp

Hosts: 204.152.194.204 google.nl

Hosts: 204.152.194.204 www.google.nl

Hosts: 204.152.194.204 google.no

Hosts: 204.152.194.204 www.google.no

Hosts: 204.152.194.204 google.co.nz

Hosts: 204.152.194.204 www.google.co.nz

Hosts: 204.152.194.204 google.pl

Hosts: 204.152.194.204 www.google.pl

Hosts: 204.152.194.204 google.se

Hosts: 204.152.194.204 www.google.se

Hosts: 204.152.194.204 google.co.uk

Hosts: 204.152.194.204 www.google.co.uk

Hosts: 204.152.194.204 google.co.za

Hosts: 204.152.194.204 www.google.co.za

Hosts: 204.152.194.204 www.google-analytics.com

Hosts: 204.152.194.204 www.bing.com

Hosts: 204.152.194.204 search.yahoo.com

Hosts: 204.152.194.204 www.search.yahoo.com

Hosts: 204.152.194.204 uk.search.yahoo.com

Hosts: 204.152.194.204 ca.search.yahoo.com

Hosts: 204.152.194.204 de.search.yahoo.com

Hosts: 204.152.194.204 fr.search.yahoo.com

Hosts: 204.152.194.204 au.search.yahoo.com

==== Installed Programs ======================

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Photoshop Elements 7.0

Adobe Reader 9.4.1

Adobe Shockwave Player 11.5

Apple Application Support

Apple Software Update

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

CCC Help English

CoreAVC Professional Edition (remove only)

CyberLink PowerDVD 9

DirectX 9 Runtime

Google Chrome

Haali Media Splitter

iPhone/iTouch/iPod to Computer Transfer 7.2.2

Java Auto Updater

Java 6 Update 24

LiveUpdate 3.3 (Symantec Corporation)

Malwarebytes' Anti-Malware

Microsoft AutoRoute 2010

Microsoft Choice Guard

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access database engine 2007 (English)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable Package

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

PowerDVD

QuickTime

Roxio Activation Module

Roxio BackOnTrack

Roxio Burn

Roxio CinePlayer

Roxio CinePlayer Decoder Pack

Roxio Creator 2010 Pro

Roxio Disaster Recovery

Roxio PhotoShow

Roxio Video Capture USB

Safari

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2289158)

Security Update for 2007 Microsoft Office System (KB2344875)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft Office Access 2007 (KB979440)

Security Update for Microsoft Office Excel 2007 (KB2345035)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB982158)

Security Update for Microsoft Office PowerPoint Viewer (KB2413381)

Security Update for Microsoft Office Publisher 2007 (KB2284697)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

SmartSound Quicktracks Plugin

Update for 2007 Microsoft Office System (KB2284654)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2412171)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Update for Outlook 2007 Junk Email Filter (KB2492475)

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Messenger

Windows Live Sign-in Assistant

Windows Live Upload Tool

==== Event Viewer Messages From Past Week ========

28/02/2011 20:46:26, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.

28/02/2011 18:06:05, Error: SRTSPL [11] - Unable to allocate open file data.

28/02/2011 18:06:05, Error: SRTSP [5] - Error loading Symantec real time Anti-Virus driver.

28/02/2011 18:06:05, Error: SRTSP [4] - Error loading virus definitions.

28/02/2011 18:06:05, Error: Service Control Manager [7000] - The SRTSPL service failed to start due to the following error: A device attached to the system is not functioning.

28/02/2011 18:06:05, Error: Service Control Manager [7000] - The SRTSP service failed to start due to the following error: A device attached to the system is not functioning.

28/02/2011 17:55:50, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.

28/02/2011 17:53:56, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SRTSP

28/02/2011 17:53:14, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..

01/03/2011 16:10:05, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect.

01/03/2011 13:20:26, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.

==== End Of File ===========================

thanks for your replies

Link to post
Share on other sites

  • Launch Malwarebytes' Anti-Malware
  • Go to Update" tab and select Check for Updates.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

In your next reply, please post the following logs:

  1. Malwarebytes' Anti-Malware log
  2. a new fresh DDS log only

Link to post
Share on other sites

ok ive done the scan on anti malware, heres the log

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 5922

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

01/03/2011 22:22:54

mbam-log-2011-03-01 (22-22-54).txt

Scan type: Quick scan

Objects scanned: 174535

Time elapsed: 7 minute(s), 0 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

And here is the new dds log:

DDS (Ver_10-12-12.01) - NTFS_AMD64

Run by Aaron at 22:25:34.21 on 01/03/2011

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.3327.1801 [GMT 0:00]

AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe

C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\atieclxx.exe

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe

C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe

C:\Program Files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe

C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe

C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe

C:\Program Files (x86)\CyberLink\Shared files\brs.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Aaron\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Aaron\Desktop\dds.pif

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/

uSearch Bar = Preserve

uInternet Settings,ProxyOverride = *.local

uInternet Settings,ProxyServer = http=127.0.0.1:25482

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [Google Update] "C:\Users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe" /c

mRun: [<NO NAME>]

mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe"

mRun: [CPMonitor] "C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe"

mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"

mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"

mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"

mRun: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

uPolicies-explorer: DisallowRun = 1 (0x1)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorUser = 2 (0x2)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

IFEO: image file execution options - svchost.exe

IFEO-X64: image file execution options - svchost.exe

Hosts: 74.125.45.100 4-open-davinci.com

Hosts: 74.125.45.100 securitysoftwarepayments.com

Hosts: 74.125.45.100 privatesecuredpayments.com

Hosts: 74.125.45.100 secure.privatesecuredpayments.com

Hosts: 74.125.45.100 getantivirusplusnow.com

Note: multiple HOSTS entries found. Please refer to Attach.txt

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-4-10 55280]

R0 Sahdad64;HDD Filter Driver;C:\Windows\System32\drivers\Sahdad64.sys [2010-4-10 27120]

R0 Saibad64;Volume Filter Driver;C:\Windows\System32\drivers\Saibad64.sys [2010-4-10 19952]

R1 SaibVdAd64;Virtual Disk Driver;C:\Windows\System32\drivers\SaibVdAd64.sys [2010-4-10 27632]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]

R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/04/11 19:41:10];C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\000.fcl [2009-11-19 146928]

R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;C:\Program Files (x86)\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [2009-6-2 457200]

R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-3-3 202752]

R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2009-9-17 2477304]

R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atipmdag.sys [2010-3-3 6402560]

R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-3-3 188928]

R3 DKRtWrt;DKRtWrt;C:\Windows\System32\drivers\DKRtWrt.sys [2010-4-10 51120]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-6-6 132656]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-14 17920]

S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe [2009-7-24 219632]

S3 RoxMediaDB12;RoxMediaDB12;C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [2009-7-24 1116656]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-3 1255736]

=============== Created Last 30 ================

2011-02-28 20:44:00 5510528 ----a-w- C:\Windows\System32\ntoskrnl.exe

2011-02-28 20:43:59 1739176 ----a-w- C:\Windows\System32\ntdll.dll

2011-02-28 20:43:58 3901824 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2011-02-28 20:43:58 1293120 ----a-w- C:\Windows\SysWow64\ntdll.dll

2011-02-28 20:43:57 3957120 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2011-02-28 19:24:27 612352 ----a-w- C:\Windows\System32\vbscript.dll

2011-02-28 19:24:27 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll

2011-02-28 19:09:07 714752 ----a-w- C:\Windows\System32\kerberos.dll

2011-02-28 19:09:07 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll

2011-02-28 18:20:52 46080 ----a-w- C:\Windows\System32\atmlib.dll

2011-02-28 18:20:52 366080 ----a-w- C:\Windows\System32\atmfd.dll

2011-02-28 18:20:52 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2011-02-28 18:20:52 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll

2011-02-13 23:26:26 83249512 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\wlc483C.tmp

2011-02-10 00:32:59 3127808 ----a-w- C:\Windows\System32\win32k.sys

2011-02-02 21:49:03 -------- d-----w- C:\Program Files\iPod

2011-02-02 21:49:02 -------- d-----w- C:\Program Files\iTunes

==================== Find3M ====================

2011-02-02 21:40:23 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2010-12-20 18:08:40 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2010-12-18 06:15:38 1197056 ----a-w- C:\Windows\System32\wininet.dll

2010-12-18 06:11:41 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2010-12-18 05:32:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2010-12-18 05:29:40 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2010-12-18 04:55:03 482816 ----a-w- C:\Windows\System32\html.iec

2010-12-18 04:20:55 386048 ----a-w- C:\Windows\SysWow64\html.iec

2010-12-18 04:13:40 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2010-12-18 03:47:59 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

============= FINISH: 22:25:59.65 ===============

Link to post
Share on other sites

**Note: If you need more detailed information, please visit the web page of ComboFix in BleepingComputer. **

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

Please download ComboFix from

Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  1. If you are using Firefox, make sure that your download settings are as follows:
    • Open Tools -> Options -> Main tab
    • Set to Always ask me where to Save the files.

[*]During the download, rename Combofix to Combo-Fix as follows:

CF_download_FF.gif

CF_download_rename.gif

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

[*]Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results.
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    ----------------------------------------------------


  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

  • Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\Combo-Fix.txt for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Link to post
Share on other sites

here is the combofix report

ComboFix 11-03-01.03 - Aaron 02/03/2011 23:05:23.1.2 - x64

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.3327.2041 [GMT 0:00]

Running from: c:\users\Aaron\Downloads\Combo-Fix.exe

AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\Aaron\AppData\Roaming\chrtmp

c:\users\Aaron\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.dll

c:\users\Aaron\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.drv

c:\users\Aaron\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.tmp

c:\users\Aaron\AppData\Roaming\Microsoft\Windows\Recent\CLSV.dll

c:\users\Aaron\AppData\Roaming\Microsoft\Windows\Recent\CLSV.exe

c:\users\Aaron\AppData\Roaming\Microsoft\Windows\Recent\CLSV.tmp

c:\users\Aaron\AppData\Roaming\Microsoft\Windows\Recent\delfile.dll

c:\users\Aaron\AppData\Roaming\Microsoft\Windows\Recent\dudl.tmp

c:\users\Aaron\AppData\Roaming\Microsoft\Windows\Recent\eb.sys

c:\users\Aaron\AppData\Roaming\Microsoft\Windows\Recent\energy.drv

c:\users\Aaron\AppData\Roaming\Microsoft\Windows\Recent\energy.sys

c:\users\Aaron\AppData\Roaming\Microsoft\Windows\Recent\exec.exe

c:\users\Aaron\AppData\Roaming\Microsoft\Windows\Recent\exec.sys

c:\users\Aaron\AppData\Roaming\Microsoft\Windows\Recent\fan.dll

c:\users\Aaron\AppData\Roaming\Microsoft\Windows\Recent\fix.dll

c:\users\Aaron\AppData\Roaming\Microsoft\Windows\Recent\fix.drv

c:\users\Aaron\AppData\Roaming\Microsoft\Windows\Recent\FW.drv

c:\users\Aaron\AppData\Roaming\Microsoft\Windows\Recent\gid.tmp

c:\users\Aaron\AppData\Roaming\Microsoft\Windows\Recent\grid.tmp

c:\users\Aaron\AppData\Roaming\Microsoft\Windows\Recent\hymt.exe

c:\users\Aaron\AppData\Roaming\Microsoft\Windows\Recent\hymt.sys

c:\users\Aaron\AppData\Roaming\Microsoft\Windows\Recent\kernel32.dll

c:\users\Aaron\AppData\Roaming\Microsoft\Windows\Recent\kernel32.drv

c:\users\Aaron\AppData\Roaming\Microsoft\Windows\Recent\pal.exe

c:\users\Aaron\AppData\Roaming\Microsoft\Windows\Recent\pal.sys

c:\users\Aaron\AppData\Roaming\Microsoft\Windows\Recent\PE.dll

c:\users\Aaron\AppData\Roaming\Microsoft\Windows\Recent\PE.exe

c:\users\Aaron\AppData\Roaming\Microsoft\Windows\Recent\PE.tmp

c:\users\Aaron\AppData\Roaming\Microsoft\Windows\Recent\ppal.tmp

c:\users\Aaron\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.drv

c:\users\Aaron\AppData\Roaming\Microsoft\Windows\Recent\sld.dll

c:\users\Aaron\AppData\Roaming\Microsoft\Windows\Recent\SM.drv

c:\users\Aaron\AppData\Roaming\Microsoft\Windows\Recent\SM.sys

c:\users\Aaron\AppData\Roaming\Microsoft\Windows\Recent\std.dll

c:\users\Aaron\AppData\Roaming\Microsoft\Windows\Recent\tjd.drv

c:\users\Aaron\AppData\Roaming\Microsoft\Windows\Recent\tjd.sys

c:\users\Aaron\AppData\Roaming\Microsoft\Windows\Recent\tjd.tmp

.

((((((((((((((((((((((((( Files Created from 2011-02-02 to 2011-03-02 )))))))))))))))))))))))))))))))

.

2011-03-02 23:09 . 2011-03-02 23:09 -------- d-----w- c:\users\Mcx1-AARON-LAPTOP\AppData\Local\temp

2011-03-02 23:09 . 2011-03-02 23:09 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-02-28 20:44 . 2010-10-27 05:18 5510528 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-02-28 20:43 . 2010-10-27 05:16 1739176 ----a-w- c:\windows\system32\ntdll.dll

2011-02-28 20:43 . 2010-10-27 04:43 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2011-02-28 20:43 . 2010-10-27 04:40 1293120 ----a-w- c:\windows\SysWow64\ntdll.dll

2011-02-28 20:43 . 2010-10-27 04:43 3957120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2011-02-28 19:24 . 2011-01-05 06:20 612352 ----a-w- c:\windows\system32\vbscript.dll

2011-02-28 19:24 . 2011-01-05 05:37 428032 ----a-w- c:\windows\SysWow64\vbscript.dll

2011-02-28 19:09 . 2010-12-18 06:11 714752 ----a-w- c:\windows\system32\kerberos.dll

2011-02-28 19:09 . 2010-12-18 05:29 541184 ----a-w- c:\windows\SysWow64\kerberos.dll

2011-02-28 18:20 . 2011-01-07 08:06 46080 ----a-w- c:\windows\system32\atmlib.dll

2011-02-28 18:20 . 2011-01-07 07:27 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2011-02-28 18:20 . 2011-01-07 05:49 366080 ----a-w- c:\windows\system32\atmfd.dll

2011-02-28 18:20 . 2011-01-07 05:33 294400 ----a-w- c:\windows\SysWow64\atmfd.dll

2011-02-28 18:09 . 2011-02-28 18:09 -------- d-----w- c:\program files (x86)\Common Files\Java

2011-02-27 22:39 . 2011-02-27 22:39 -------- d-----w- c:\programdata\McAfee

2011-02-13 23:26 . 2011-02-13 23:26 83249512 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\wlc483C.tmp

2011-02-10 00:32 . 2011-01-05 04:00 3127808 ----a-w- c:\windows\system32\win32k.sys

2011-02-02 21:49 . 2011-02-02 21:49 -------- d-----w- c:\program files\iPod

2011-02-02 21:49 . 2011-02-02 21:49 -------- d-----w- c:\program files\iTunes

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-02-02 21:40 . 2010-06-14 13:54 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2011-01-17 19:41 . 2011-01-17 19:41 710976 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2010-12-20 18:09 . 2011-01-05 22:51 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2010-12-20 18:08 . 2011-01-05 22:51 24152 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-12-20 03:38 . 2010-12-20 03:38 2594584 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2010-12-20 03:37 . 2010-12-20 03:37 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2010-12-20 03:37 . 2010-12-20 03:37 710976 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

"Google Update"="c:\users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe" [2011-01-06 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe" [2009-07-24 240112]

"CPMonitor"="c:\program files (x86)\Roxio 2010\5.0\CPMonitor.exe" [2009-07-21 84464]

"Desktop Disc Tool"="c:\program files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-23 494064]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-02 98304]

"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2009-07-08 115560]

"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]

"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2009-04-27 50472]

"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2009-11-19 75048]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-01-25 421160]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 2 (0x2)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe [2009-07-24 219632]

R3 RoxMediaDB12;RoxMediaDB12;c:\program files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [2009-07-24 1116656]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-03 1255736]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]

S0 Sahdad64;HDD Filter Driver;c:\windows\System32\Drivers\Sahdad64.sys [2009-06-02 27120]

S0 Saibad64;Volume Filter Driver;c:\windows\System32\Drivers\Saibad64.sys [2009-06-02 19952]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-04-10 834544]

S1 SaibVdAd64;Virtual Disk Driver;c:\windows\system32\Drivers\SaibVdAd64.sys [2009-06-02 27632]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/04/11 19:41];c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\000.fcl [2009-11-19 17:41 146928]

S2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files (x86)\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [2009-06-02 457200]

S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-03 202752]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-03-03 6402560]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-03-03 188928]

S3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys [2009-12-10 51120]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-27 132656]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

.

Contents of the 'Scheduled Tasks' folder

2011-03-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2728604360-21572063-2815203505-1000Core.job

- c:\users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-06 20:06]

2011-03-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2728604360-21572063-2815203505-1000UA.job

- c:\users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-06 20:06]

.

--------- x86-64 -----------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.co.uk/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

uInternet Settings,ProxyServer = http=127.0.0.1:25482

.

- - - - ORPHANS REMOVED - - - -

SafeBoot-Symantec Antvirus

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]

"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\000.fcl"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

c:\program files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe

c:\program files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe

.

**************************************************************************

.

Completion time: 2011-03-02 23:16:48 - machine was rebooted

ComboFix-quarantined-files.txt 2011-03-02 23:16

Pre-Run: 449,377,468,416 bytes free

Post-Run: 449,348,411,392 bytes free

- - End Of File - - FA838133654B1602D6087D0448B14206

Link to post
Share on other sites

Run this script and let me know how are things running then.

Open Notepad and copy and paste the text in the code box below into it:

DDS::
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:25482

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.

Link to post
Share on other sites

ComboFix 11-03-02.01 - Aaron 03/03/2011 1:49.2.2 - x64

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.3327.2111 [GMT 0:00]

Running from: c:\users\Aaron\Desktop\ComboFix.exe

Command switches used :: c:\users\Aaron\Desktop\CFScript.txt

AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

((((((((((((((((((((((((( Files Created from 2011-02-03 to 2011-03-03 )))))))))))))))))))))))))))))))

.

2011-03-03 01:53 . 2011-03-03 01:53 -------- d-----w- c:\users\Mcx1-AARON-LAPTOP\AppData\Local\temp

2011-03-03 01:53 . 2011-03-03 01:53 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-02-28 20:44 . 2010-10-27 05:18 5510528 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-02-28 20:43 . 2010-10-27 05:16 1739176 ----a-w- c:\windows\system32\ntdll.dll

2011-02-28 20:43 . 2010-10-27 04:43 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2011-02-28 20:43 . 2010-10-27 04:40 1293120 ----a-w- c:\windows\SysWow64\ntdll.dll

2011-02-28 20:43 . 2010-10-27 04:43 3957120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2011-02-28 19:24 . 2011-01-05 06:20 612352 ----a-w- c:\windows\system32\vbscript.dll

2011-02-28 19:24 . 2011-01-05 05:37 428032 ----a-w- c:\windows\SysWow64\vbscript.dll

2011-02-28 19:09 . 2010-12-18 06:11 714752 ----a-w- c:\windows\system32\kerberos.dll

2011-02-28 19:09 . 2010-12-18 05:29 541184 ----a-w- c:\windows\SysWow64\kerberos.dll

2011-02-28 18:20 . 2011-01-07 08:06 46080 ----a-w- c:\windows\system32\atmlib.dll

2011-02-28 18:20 . 2011-01-07 07:27 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2011-02-28 18:20 . 2011-01-07 05:49 366080 ----a-w- c:\windows\system32\atmfd.dll

2011-02-28 18:20 . 2011-01-07 05:33 294400 ----a-w- c:\windows\SysWow64\atmfd.dll

2011-02-28 18:09 . 2011-02-28 18:09 -------- d-----w- c:\program files (x86)\Common Files\Java

2011-02-27 22:39 . 2011-02-27 22:39 -------- d-----w- c:\programdata\McAfee

2011-02-13 23:26 . 2011-02-13 23:26 83249512 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\wlc483C.tmp

2011-02-10 00:32 . 2011-01-05 04:00 3127808 ----a-w- c:\windows\system32\win32k.sys

2011-02-02 21:49 . 2011-02-02 21:49 -------- d-----w- c:\program files\iPod

2011-02-02 21:49 . 2011-02-02 21:49 -------- d-----w- c:\program files\iTunes

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-02-02 21:40 . 2010-06-14 13:54 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2011-01-17 19:41 . 2011-01-17 19:41 710976 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2010-12-20 18:09 . 2011-01-05 22:51 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2010-12-20 18:08 . 2011-01-05 22:51 24152 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-12-20 03:38 . 2010-12-20 03:38 2594584 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2010-12-20 03:37 . 2010-12-20 03:37 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2010-12-20 03:37 . 2010-12-20 03:37 710976 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

.

((((((((((((((((((((((((((((( SnapShot@2011-03-02_23.13.05 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-07-14 05:10 . 2011-03-01 16:18 42518 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2011-03-02 23:14 42518 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-04-10 11:19 . 2011-03-02 23:14 13210 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2728604360-21572063-2815203505-1000_UserData.bin

- 2010-04-10 11:19 . 2011-03-02 23:13 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-04-10 11:19 . 2011-03-03 01:57 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:46 . 2011-03-03 01:53 76776 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

+ 2010-04-10 11:19 . 2011-03-03 01:57 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2010-04-10 11:19 . 2011-03-02 23:13 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2010-04-10 11:19 . 2011-03-02 23:13 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-04-10 11:19 . 2011-03-03 01:57 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-04-10 14:08 . 2011-03-03 01:57 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-04-10 14:08 . 2011-03-02 23:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-04-10 14:08 . 2011-03-03 01:57 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2010-04-10 14:08 . 2011-03-02 23:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-03-02 23:11 . 2011-03-02 23:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-03-03 01:54 . 2011-03-03 01:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-03-02 23:11 . 2011-03-02 23:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-03-03 01:54 . 2011-03-03 01:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2010-04-10 15:05 . 2011-03-03 01:00 280650 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

- 2009-07-14 02:34 . 2011-03-02 22:37 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat

+ 2009-07-14 02:34 . 2011-03-02 23:27 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

"Google Update"="c:\users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe" [2011-01-06 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe" [2009-07-24 240112]

"CPMonitor"="c:\program files (x86)\Roxio 2010\5.0\CPMonitor.exe" [2009-07-21 84464]

"Desktop Disc Tool"="c:\program files (x86)\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-23 494064]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-02 98304]

"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2009-07-08 115560]

"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]

"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2009-04-27 50472]

"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2009-11-19 75048]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-01-25 421160]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 2 (0x2)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe [2009-07-24 219632]

R3 RoxMediaDB12;RoxMediaDB12;c:\program files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [2009-07-24 1116656]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-03 1255736]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]

S0 Sahdad64;HDD Filter Driver;c:\windows\System32\Drivers\Sahdad64.sys [2009-06-02 27120]

S0 Saibad64;Volume Filter Driver;c:\windows\System32\Drivers\Saibad64.sys [2009-06-02 19952]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-04-10 834544]

S1 SaibVdAd64;Virtual Disk Driver;c:\windows\system32\Drivers\SaibVdAd64.sys [2009-06-02 27632]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/04/11 19:41];c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\000.fcl [2009-11-19 17:41 146928]

S2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files (x86)\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [2009-06-02 457200]

S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-03 202752]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-03-03 6402560]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-03-03 188928]

S3 DKRtWrt;DKRtWrt;c:\windows\system32\DRIVERS\DKRtWrt.sys [2009-12-10 51120]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-05-27 132656]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

.

Contents of the 'Scheduled Tasks' folder

2011-03-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2728604360-21572063-2815203505-1000Core.job

- c:\users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-06 20:06]

2011-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2728604360-21572063-2815203505-1000UA.job

- c:\users\Aaron\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-06 20:06]

.

--------- x86-64 -----------

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.co.uk/

mLocal Page = c:\windows\SysWOW64\blank.htm

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]

"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\000.fcl"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

c:\program files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe

c:\program files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe

.

**************************************************************************

.

Completion time: 2011-03-03 02:00:53 - machine was rebooted

ComboFix-quarantined-files.txt 2011-03-03 02:00

ComboFix2.txt 2011-03-02 23:16

Pre-Run: 452,253,380,608 bytes free

Post-Run: 452,221,386,752 bytes free

- - End Of File - - CF552A8F22E1DFF74F28F8923FB3DACE

Link to post
Share on other sites

Please read carefully.

We can release your IP address settings, flush the DNS resolver cache, then renew you IP address settings.

It will be easier and less error prone, if we create a batch file to do this... please follow these steps:

  1. Copy/paste all text in the code box (below)...to Notepad. (Do not use a Word Processor or WordPad).
    @echo off
    ipconfig /release
    ipconfig /flushdns
    ipconfig /renew
    del %0


  2. Save type as "All Files"
  3. Save the Notepad file on your desktop...as DNSreset.bat..
    Note : The .bat extension is very important
  4. Double click on DNSreset.bat to run it.
    Vista-Win7 users: Right click on DNSreset.bat, select "Run As Administrator" to run it.
    A black CMD window will flash, then disappear...this is normal. The batch file will be deleted when finished.
    The IP address settings should be released and renewed and the DNS cache flushed.

Let me know.

Link to post
Share on other sites

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: EOLS1.gif
  • Select the option YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Now click on Advanced Settings and select the following:

    • Remove found threats
    • Scan archives
    • Scan for potentially unwanted applications
      Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

[*]Now click on: EOLS3.gif

[*]The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.

When completed the Online Scan will begin automatically.

[*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall.

[*]When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!

[*]Now click on: EOLS4.gif

[*]Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

[*]Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Link to post
Share on other sites

Start > All Programs > Accessories > Command Prompt. Right-click on it and 'Run As Administrator'. Type the following and hit enter:

ipconfig /flushdns

You should be able to see a confirmation dialog window:

Windows IP Configuration. Successfully flushed the DNS Resolver Cache.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.