Hi,
Please download a fresh copy of aswMBR and do the fix like you did earlier. Post back the log.
Hi,
Please download a fresh copy of aswMBR and do the fix like you did earlier. Post back the log.
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
Hi
I redowned aswMBR and scanned & fixed. I clicked yes when prompted to restart and there was a Disinfection error. I tried it twice. Both logs are below:
aswMBR version 0.9.5.247 Copyright(c) 2011 AVAST Software
Run date: 2011-05-02 16:47:18
-----------------------------
16:47:18.437 OS Version: Windows 5.1.2600 Service Pack 3
16:47:18.437 Number of processors: 2 586 0xF06
16:47:18.437 ComputerName: TONY UserName:
16:47:19.921 Initialize success
16:47:25.234 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:47:25.234 Disk 0 Vendor: ST332062 3.AD Size: 305245MB BusType: 3
16:47:25.250 Disk 0 MBR read successfully
16:47:25.250 Disk 0 MBR scan
16:47:25.250 Disk 0 TDL4@MBR code has been found
16:47:25.250 Disk 0 MBR hidden
16:47:25.250 Disk 0 MBR [TDL4] **ROOTKIT**
16:47:25.250 Disk 0 trace - called modules:
16:47:25.250 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89c08730]<<
16:47:25.250 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a557870]
16:47:25.250 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> [0x8a5da860]
16:47:25.250 \Driver\iastor[0x89c4b880] -> IRP_MJ_CREATE -> 0x89c08730
16:47:25.250 Scan finished successfully
16:47:27.343 Disk 0 fixing MBR ...
16:47:37.343 Disk 0 MBR restored successfully
16:47:37.343 Verifying disinfection
16:47:52.703 Restarting
16:48:03.703 Disinfection error
16:48:23.984 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Anthony\Desktop\MBR.dat"
16:48:23.984 The log file has been saved successfully to "C:\Documents and Settings\Anthony\Desktop\aswMBR.txt"
aswMBR version 0.9.5.247 Copyright(c) 2011 AVAST Software
Run date: 2011-05-02 16:48:33
-----------------------------
16:48:33.765 OS Version: Windows 5.1.2600 Service Pack 3
16:48:33.765 Number of processors: 2 586 0xF06
16:48:33.765 ComputerName: TONY UserName:
16:48:34.312 Initialize success
16:48:37.281 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:48:37.281 Disk 0 Vendor: ST332062 3.AD Size: 305245MB BusType: 3
16:48:37.281 Disk 0 MBR read successfully
16:48:37.281 Disk 0 MBR scan
16:48:37.281 Disk 0 TDL4@MBR code has been found
16:48:37.281 Disk 0 MBR hidden
16:48:37.281 Disk 0 MBR [TDL4] **ROOTKIT**
16:48:37.281 Disk 0 trace - called modules:
16:48:37.281 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89c08730]<<
16:48:37.281 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a557870]
16:48:37.281 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> [0x8a5da860]
16:48:37.296 \Driver\iastor[0x89c4b880] -> IRP_MJ_CREATE -> 0x89c08730
16:48:37.296 Scan finished successfully
16:48:40.953 Disk 0 fixing MBR ...
16:48:50.953 Disk 0 MBR restored successfully
16:48:50.968 Verifying disinfection
16:49:03.000 Restarting
16:49:14.015 Disinfection error
16:49:26.359 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Anthony\Desktop\MBR.dat"
16:49:26.359 The log file has been saved successfully to "C:\Documents and Settings\Anthony\Desktop\aswMBR2.txt"
Hi,
Please reboot the system (don't run aswMBR, just reboot). After reboot run aswMBR again, scan and try to fix (reboot when tool prompts for it).
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
Hi
Restarted this time. This is the log after the reboot.
aswMBR version 0.9.5.247 Copyright(c) 2011 AVAST Software
Run date: 2011-05-02 17:41:32
-----------------------------
17:41:32.328 OS Version: Windows 5.1.2600 Service Pack 3
17:41:32.328 Number of processors: 2 586 0xF06
17:41:32.328 ComputerName: TONY UserName:
17:41:32.984 Initialize success
17:41:35.156 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:41:35.156 Disk 0 Vendor: ST332062 3.AD Size: 305245MB BusType: 3
17:41:35.156 Disk 0 MBR read successfully
17:41:35.171 Disk 0 MBR scan
17:41:35.171 Disk 0 unknown MBR code
17:41:35.171 Disk 0 scanning sectors +625137345
17:41:35.187 Disk 0 scanning C:\WINDOWS\system32\drivers
17:41:55.609 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Anthony\Desktop\MBR.dat"
17:41:55.609 The log file has been saved successfully to "C:\Documents and Settings\Anthony\Desktop\aswMBR3.txt"
aswMBR version 0.9.5.247 Copyright(c) 2011 AVAST Software
Run date: 2011-05-02 17:41:32
-----------------------------
17:41:32.328 OS Version: Windows 5.1.2600 Service Pack 3
17:41:32.328 Number of processors: 2 586 0xF06
17:41:32.328 ComputerName: TONY UserName:
17:41:32.984 Initialize success
17:41:35.156 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:41:35.156 Disk 0 Vendor: ST332062 3.AD Size: 305245MB BusType: 3
17:41:35.156 Disk 0 MBR read successfully
17:41:35.171 Disk 0 MBR scan
17:41:35.171 Disk 0 unknown MBR code
17:41:35.171 Disk 0 scanning sectors +625137345
17:41:35.187 Disk 0 scanning C:\WINDOWS\system32\drivers
17:41:55.609 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Anthony\Desktop\MBR.dat"
17:41:55.609 The log file has been saved successfully to "C:\Documents and Settings\Anthony\Desktop\aswMBR3.txt"
17:41:58.984 Service scanning
17:42:00.406 Disk 0 trace - called modules:
17:42:00.421 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
17:42:00.421 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a582778]
17:42:00.437 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8a04c030]
17:42:00.437 Scan finished successfully
17:42:18.984 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Anthony\Desktop\MBR.dat"
17:42:19.000 The log file has been saved successfully to "C:\Documents and Settings\Anthony\Desktop\aswMBR3.txt"
Looks a bit more promising
Please do some surfing and let me know if those earlier symptoms still exist.
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
Hi
I have been surfing for about a hour and no random tabs opening. I've restarted the computer a couple of times and no freezing. Looks like most of the symptoms have disappeared.
Good. May I see fresh dds logs, please?
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
Hi Last DDS Logs:
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Anthony at 18:05:50.10 on 03/05/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1268 [GMT 1:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscript.exe
C:\Documents and Settings\Anthony\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\progra~1\skype\phone\ieplugin\SKYPEI~1.DLL
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20101106122251.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\anthony\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\progra~1\skype\phone\ieplugin\SKYPEI~1.DLL
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\anthony\applic~1\mozilla\firefox\profiles\knygsyoc.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/radio/aod/mainframe.shtml?http://www.bbc.co.uk/radio/aod/radio...&pageType=1883
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\documents and settings\anthony\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npBBCPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-5-6 386840]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-5-6 84072]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-5-6 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-5-6 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-5-6 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-5-6 271480]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\McrdSvc.exe [2005-10-20 96256]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-5-6 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-5-6 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-5-6 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-5-6 55840]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-5-6 152960]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-5-6 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-5-6 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-5-6 88544]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\c:\windows\system32\drivers\nsdriver.sys --> c:\windows\system32\drivers\NSDriver.sys [?]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2007-2-17 17149]
S3 Fadpu16E;Fadpu16E;\??\c:\docume~1\anthony\locals~1\temp\fadpu16e.sys --> c:\docume~1\anthony\locals~1\temp\Fadpu16E.sys [?]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-5-6 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-5-6 84264]
.
=============== Created Last 30 ================
.
2011-04-30 21:36:40 50176 ----a-w- c:\windows\system32\proquota.exe
2011-04-30 21:36:40 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2011-04-30 21:17:49 -------- d-sha-r- C:\cmdcons
2011-04-30 21:14:27 98816 ----a-w- c:\windows\sed.exe
2011-04-30 21:14:27 89088 ----a-w- c:\windows\MBR.exe
2011-04-30 21:14:27 256512 ----a-w- c:\windows\PEV.exe
2011-04-30 21:14:27 161792 ----a-w- c:\windows\SWREG.exe
2011-04-22 13:19:02 -------- d-----w- c:\docume~1\anthony\applic~1\Malwarebytes
2011-04-22 13:18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-22 13:18:53 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-04-22 13:18:49 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-22 13:18:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-18 22:26:25 -------- d-----w- c:\program files\iPod
2011-04-18 22:26:22 -------- d-----w- c:\program files\iTunes
2011-04-18 22:23:35 -------- d-----w- c:\program files\Bonjour
2011-04-06 15:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 15:20:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 15:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 15:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
.
==================== Find3M ====================
.
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
2011-02-18 16:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-11 13:25:52 229888 ----a-w- c:\windows\system32\fxscover.exe
2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-04 17:48:32 456192 ----a-w- c:\windows\system32\encdec.dll
2011-02-04 17:48:30 291840 ----a-w- c:\windows\system32\sbe.dll
2011-02-02 17:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 18:07:02.73 ===============
Hi,
Uninstall old Adobe Reader versions and get the latest one ((Adobe Reader X + 10.0.1 update for it)) here or get Foxit Reader here. Make sure you don't (unless you want to) install toolbar if choose Foxit Reader! You may also check free readers introduced here.
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...
Updating Java:
- Download the latest version of Java Runtime Environment (JRE) 6 Update 25.
- Click the
Download
button to the right.- Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.- The page will refresh.
- Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
- Close any programs you may have running - especially your web browser.
- Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
- Check any item with Java Runtime Environment (JRE or J2SE) in the name.
- Click the Remove or Change/Remove button.
- Repeat as many times as necessary to remove each Java versions.
- Reboot your computer once all Java components are removed.
- Then from your desktop double-click on jre-6u25-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.
Post back fresh dds logs + a description of remaining issues (if any).
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
Hi
I clicked on your link to update JAVA and then clicked on the download JRE, but then it doesn't give me any combobox to select windows. it just gives me an option to accept the licence agreement. when i accepted it doesn't refresh. Link below:
http://www.oracle.com/technetwork/ja...ad-346243.html
have i clicked on the wrong download?