Page 1 of 2 12 LastLast
Results 1 to 10 of 19

Thread: System Care Antivirus Problem

  1. #1
    Member geeky's Avatar
    Join Date
    Aug 2006
    Posts
    32

    Unhappy System Care Antivirus Problem

    Hi

    A program calling its self System Care Antivirus has installed on my laptop. It is preventing anything from running please help.

    DDS.txt:
    DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
    Internet Explorer: 9.0.8112.16470
    Run by Jane at 20:45:11 on 2013-04-08
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3999.3233 [GMT 1:00]
    .
    AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\Explorer.EXE
    C:\Windows\system32\ctfmon.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.orange.co.uk/
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cnnb
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cnnb
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cnnb
    uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    mWinlogon: Userinit = userinit.exe
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: CDelHotkeys Object: {78875F5C-A685-4405-8DC5-D48DC65452B0} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
    BHO: AOL Toolbar BHO: {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: AOL Toolbar: {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll
    TB: Delicious Toolbar: {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
    TB: AOL Toolbar: {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll
    TB: Delicious Toolbar: {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
    TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    EB: Delicious Sidebar: {9D19C405-BA93-461B-871F-97992CC45972} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
    uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    uRun: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
    uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    uRun: [iasap] rundll32.exe "C:\Users\Jane\AppData\Roaming\iasap.dll",GetHtmlCharset
    uRun: [ndxmsr] "C:\Windows\System32\rundll32.exe" "C:\Users\Jane\AppData\Roaming\ndxmsr.dll",_ascii_strtod
    uRun: [{21FF751D-F6C0-2F71-DA24-A558EB9B5010}] C:\Users\Jane\AppData\Roaming\Qao\uvzape.exe
    uRun: [redbj] "C:\Windows\System32\rundll32.exe" "C:\Users\Jane\AppData\Roaming\redbj.dll",AnyFileFlags
    uRunOnce: [F84159B29EC9513B0000F84061765553] C:\ProgramData\F84159B29EC9513B0000F84061765553\F84159B29EC9513B0000F84061765553.exe
    mRun: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
    mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
    mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    StartupFolder: C:\Users\Jane\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Jane\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\Users\Jane\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
    StartupFolder: C:\Users\Jane\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\_uninst_.lnk - C:\Users\Jane\AppData\Local\Temp\_uninst_.bat
    uPolicies-System: WallpaperStyle = 2
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: HideFastUserSwitching = dword:0
    mPolicies-System: WallpaperStyle = 2
    IE: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-GB\local\search.html
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {2C887991-08F0-11DC-A9B2-0012F0B227DD} - {B8D8B1D0-83AF-451B-8CD9-8F1BF4ED8FEA} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
    IE: {2C887992-08F0-11DC-A9B2-0012F0B227DD} - {9D19C405-BA93-461b-871F-97992CC45972}
    IE: {2C887993-08F0-11DC-A9B2-0012F0B227DD} - {4D3D441F-9543-4941-B664-2EDCF9FC1B56} - C:\Program Files (x86)\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
    DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} - hxxp://simcity.ea.com/play/classic/SimCityX.cab
    DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{0985480C-B9DE-442A-B6E8-415D3C5ED732} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{3C990A9B-BB12-424C-B447-CC5ADF365E53} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{3C990A9B-BB12-424C-B447-CC5ADF365E53}\14E64627F696461405 : DHCPNameServer = 192.168.43.1
    TCP: Interfaces\{3C990A9B-BB12-424C-B447-CC5ADF365E53}\341627C647F6E6F525F6F6D637F575966496 : DHCPNameServer = 192.168.15.254
    TCP: Interfaces\{3C990A9B-BB12-424C-B447-CC5ADF365E53}\671696C62716361757564736C65726 : DHCPNameServer = 207.119.38.1 209.142.169.250 66.112.11.88
    TCP: Interfaces\{3C990A9B-BB12-424C-B447-CC5ADF365E53}\671696C677966696 : DHCPNameServer = 207.119.31.1 209.142.169.250 66.112.11.88
    TCP: Interfaces\{3C990A9B-BB12-424C-B447-CC5ADF365E53}\96261686E6F536F6E666562756E63696E676 : DHCPNameServer = 172.16.2.5 172.18.82.11 4.2.2.2
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    x64-mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cnnb
    x64-mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cnnb
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
    x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    x64-DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-2-3 52856]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-1 187392]
    S2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2010-8-31 89600]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
    S2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
    S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-14 227896]
    S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2010-2-7 139264]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-25 59392]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-7 1255736]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
    .
    =============== Created Last 30 ================
    .
    2013-04-08 19:07:36 -------- d-----w- C:\ProgramData\Kaspersky Lab
    2013-04-08 18:34:57 -------- d-----w- C:\ProgramData\Kaspersky Lab Setup Files
    2013-04-08 18:00:24 -------- d-----w- C:\ProgramData\F84159B29EC9513B0000F84061765553
    2013-04-08 18:00:16 446464 ----a-w- C:\Users\Jane\AppData\Roaming\redbj.dll
    2013-04-08 17:59:54 733184 ----a-w- C:\Users\Jane\AppData\Roaming\ndxmsr.dll
    2013-04-08 17:59:03 186880 ----a-w- C:\Users\Jane\AppData\Roaming\iasap.dll
    2013-04-08 17:58:44 -------- d-----w- C:\Users\Jane\AppData\Roaming\Rooselu
    2013-04-08 17:58:44 -------- d-----w- C:\Users\Jane\AppData\Roaming\Qao
    2013-04-06 15:04:06 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{520523F7-D538-41DB-94B8-CFD5A6D6A23D}\mpengine.dll
    2013-04-06 15:03:30 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
    2013-03-23 06:25:59 763424 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
    .
    ==================== Find3M ====================
    .
    2013-03-21 20:15:22 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-03-21 20:15:22 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-03-12 00:10:56 282744 ------w- C:\Windows\System32\MpSigStub.exe
    2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
    2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
    2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
    2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
    2013-02-02 06:57:02 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2013-02-02 06:47:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2013-02-02 06:47:19 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2013-02-02 06:42:18 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2013-02-02 06:41:51 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2013-02-02 06:38:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-02-02 03:38:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2013-02-02 03:30:32 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2013-02-02 03:30:21 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-02-02 03:26:47 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2013-02-02 03:26:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2013-02-02 03:23:28 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    .
    ============= FINISH: 20:45:20.18 ===============

    Attach.txt
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 28/12/2009 14:32:28
    System Uptime: 08/04/2013 20:25:10 (0 hours ago)
    .
    Motherboard: Quanta | | 3069
    Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz | CPU | 2095/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 285 GiB total, 83.745 GiB free.
    D: is FIXED (NTFS) - 13 GiB total, 2.108 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: Security Processor Loader Driver
    Device ID: ROOT\LEGACY_SPLDR\0000
    Manufacturer:
    Name: Security Processor Loader Driver
    PNP Device ID: ROOT\LEGACY_SPLDR\0000
    Service: spldr
    .
    ==== System Restore Points ===================
    .
    RP327: 15/01/2013 18:14:15 - Windows Update
    RP328: 20/01/2013 14:56:23 - Windows Update
    RP329: 26/01/2013 14:28:03 - Windows Update
    RP330: 31/01/2013 20:21:36 - Windows Update
    RP331: 05/02/2013 19:54:13 - Windows Update
    RP332: 10/02/2013 10:28:12 - Windows Update
    RP333: 13/02/2013 19:20:30 - Windows Update
    RP334: 13/02/2013 21:42:59 - Windows Update
    RP335: 04/03/2013 12:51:06 - Windows Update
    RP336: 08/03/2013 23:23:29 - Windows Update
    RP337: 21/03/2013 19:32:06 - Windows Update
    RP338: 23/03/2013 06:21:00 - Windows Update
    RP339: 01/04/2013 21:34:29 - Windows Update
    RP340: 06/04/2013 16:03:33 - Windows Update
    RP341: 08/04/2013 18:56:26 - Windows Update
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Reader 9.5.2 MUI
    Any Video Converter 3.1.8
    AOL Toolbar 5.0
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Ask Toolbar
    Ask Toolbar Updater
    Atheros Driver Installation Program
    BlackBerry Desktop Software 4.7
    Bonjour
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Compatibility Pack for the 2007 Office system
    CyberLink DVD Suite
    CyberLink YouCam
    D3DX10
    Delicious Add-on for Internet Explorer
    Dropbox
    EA Download Manager
    ERUNT 1.1j
    Hewlett-Packard ACLM.NET v1.1.1.0
    HP Advisor
    HP Customer Experience Enhancements
    HP DVD Play 3.7
    HP Games
    HP Quick Launch Buttons
    HP Setup
    HP Support Assistant
    HP Update
    HP User Guides 0148
    HP Wireless Assistant
    iCloud
    IDT Audio
    Intel(R) Graphics Media Accelerator Driver
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 14 (64-bit)
    Java(TM) 6 Update 38
    Junk Mail filter update
    LabelPrint
    LightScribe System Software
    Magic Desktop
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Works
    Microsoft WSE 3.0 Runtime
    MobileMe Control Panel
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    muvee Reveal
    Orange Mobile Partner
    Power2Go
    PowerDirector
    PowerRecover
    QLBCASL
    QuickTime
    Realtek 8136 8168 8169 Ethernet Driver
    Realtek USB 2.0 Card Reader
    Roxio Media Manager
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
    Skype™ 5.10
    Synaptics Pointing Device Driver
    The Sims™ 3
    The Sims™ 3 Late Night
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    VD64Inst
    VLC media player 1.1.11
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinRAR archiver
    Yahoo! Detect
    .
    ==== Event Viewer Messages From Past Week ========
    .
    08/04/2013 20:42:49, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    08/04/2013 20:28:24, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    08/04/2013 20:27:56, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    08/04/2013 20:26:26, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    08/04/2013 20:26:26, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    08/04/2013 20:26:25, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    08/04/2013 20:26:15, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    08/04/2013 20:26:12, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athihvs.dll Error Code: 21
    08/04/2013 20:26:07, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    08/04/2013 20:25:56, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6
    08/04/2013 20:25:56, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
    08/04/2013 20:25:54, Error: Service Control Manager [7001] - The Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    08/04/2013 20:23:37, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
    08/04/2013 20:19:47, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 9 service to connect.
    08/04/2013 19:52:16, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service RichVideo with arguments "-Service" in order to run the server: {889CA1C3-E115-47E1-88EC-20DF644E982A}
    08/04/2013 19:40:00, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    08/04/2013 19:39:11, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    08/04/2013 19:39:11, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    08/04/2013 19:38:44, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
    08/04/2013 19:38:42, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    08/04/2013 19:38:42, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    08/04/2013 19:38:42, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    08/04/2013 19:38:42, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    08/04/2013 19:38:42, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    08/04/2013 19:38:42, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    08/04/2013 19:38:42, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    08/04/2013 19:38:42, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    08/04/2013 19:38:42, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    08/04/2013 19:38:42, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    08/04/2013 19:26:51, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccHP discache eeCtrl IDSVia64 spldr SRTSPX SymIRON SYMTDIv Wanarpv6
    .
    ==== End Of File ===========================


    The aswMBR is:

    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2013-04-08 20:45:22
    -----------------------------
    20:45:22.794 OS Version: Windows x64 6.1.7601 Service Pack 1
    20:45:22.794 Number of processors: 2 586 0x170A
    20:45:22.794 ComputerName: JANE-PC UserName: Jane
    20:45:24.151 Initialize success
    20:46:49.171 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    20:46:49.171 Disk 0 Vendor: SAMSUNG_HM320II 2AC101C4 Size: 305245MB BusType: 11
    20:46:49.296 Disk 0 MBR read successfully
    20:46:49.311 Disk 0 MBR scan
    20:46:49.311 Disk 0 unknown MBR code
    20:46:49.327 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
    20:46:49.327 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 292147 MB offset 409600
    20:46:49.358 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12897 MB offset 598726656
    20:46:49.389 Disk 0 scanning C:\Windows\system32\drivers
    20:46:58.219 Service scanning
    20:47:15.691 Modules scanning
    20:47:15.691 Disk 0 trace - called modules:
    20:47:15.738 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
    20:47:15.753 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004bd9060]
    20:47:15.753 3 CLASSPNP.SYS[fffff8800115843f] -> nt!IofCallDriver -> [0xfffffa800473c520]
    20:47:15.753 5 ACPI.sys[fffff88000ee47a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800468a680]
    20:47:15.769 Scan finished successfully
    20:48:05.174 Disk 0 MBR has been saved successfully to "C:\Users\Jane\Desktop\MBR.dat"
    20:48:05.190 The log file has been saved successfully to "C:\Users\Jane\Desktop\aswMBR.txt"


    Any help is appreciated.

    Thanks

  2. #2
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    hi geeky,

    To start you can download and run the free version of Malwarebytes:

    Please download the free version of Malwarebytes to your desktop.

    Double-click mbam-setup.exe and follow the prompts to install the program.

    Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

    If an update is found, it will download and install the latest version.

    Once the program has loaded, select Perform FULL SCAN, then click Scan.
    When the scan is complete, click OK, then Show Results to view the results.

    Be sure that everything is checked, and click *Remove Selected.*

    *A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*

    When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
    Post the log in your reply.
    NOTE: The free version must be updated manually and a scan started manually.
    How Can I Reduce My Risk?

  3. #3
    Member geeky's Avatar
    Join Date
    Aug 2006
    Posts
    32

    Default

    Thank you for your assistance. This is the Malwarebytes log:

    Malwarebytes Anti-Malware (Trial) 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.04.15.07

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Jane :: JANE-PC [administrator]

    Protection: Enabled

    15/04/2013 19:08:03
    mbam-log-2013-04-15 (19-08-03).txt

    Scan type: Full scan (C:\|D:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 542638
    Time elapsed: 2 hour(s), 8 minute(s), 46 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 1
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ndxmsr (Trojan.RedirRdll3.Gen) -> Data: "C:\Windows\System32\rundll32.exe" "C:\Users\Jane\AppData\Roaming\ndxmsr.dll",_ascii_strtod -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\$Recycle.Bin\S-1-5-21-3121070403-1088618337-3181964479-1001\$8ad920049e34f826dcaef5206536cc82\U\00000001.@ (Trojan.0Access) -> Quarantined and deleted successfully.

    (end)

  4. #4
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    ok. Good. We will get another download to use:


    Download and save RogueKiller to to your desktop.
    Double click to start
    For Vista or Windows 7, right-click and select run as Admin.
    Once the prescan has finished click on the scan button.
    Once the scan is done a report.txt will be on your desktop.
    Exit Rougekiller by going to File>Quit.
    copy/paste the RK[1]report into your reply.
    How Can I Reduce My Risk?

  5. #5
    Member geeky's Avatar
    Join Date
    Aug 2006
    Posts
    32

    Default

    Hi

    This is the RogueKiller report.

    RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files...3-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Jane [Admin rights]
    Mode : Scan -- Date : 04/16/2013 18:45:24
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 2 ¤¤¤
    [DLL] rundll32.exe -- C:\Windows\System32\rundll32.exe : C:\Users\Jane\AppData\Roaming\redbj.dll [x] -> KILLED [TermProc]
    [DLL] rundll32.exe -- C:\Windows\SysWOW64\rundll32.exe : C:\Users\Jane\AppData\Roaming\redbj.dll [x] -> KILLED [TermProc]

    ¤¤¤ Registry Entries : 7 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : iasap (rundll32.exe "C:\Users\Jane\AppData\Roaming\iasap.dll",GetHtmlCharset) [x] -> FOUND
    [RUN][SUSP PATH] HKCU\[...]\Run : redbj ("C:\Windows\System32\rundll32.exe" "C:\Users\Jane\AppData\Roaming\redbj.dll",AnyFileFlags) [7] -> FOUND
    [RUN][SUSP PATH] HKUS\S-1-5-21-3121070403-1088618337-3181964479-1001[...]\Run : iasap (rundll32.exe "C:\Users\Jane\AppData\Roaming\iasap.dll",GetHtmlCharset) [x] -> FOUND
    [RUN][SUSP PATH] HKUS\S-1-5-21-3121070403-1088618337-3181964479-1001[...]\Run : redbj ("C:\Windows\System32\rundll32.exe" "C:\Users\Jane\AppData\Roaming\redbj.dll",AnyFileFlags) [7] -> FOUND
    [HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-3121070403-1088618337-3181964479-1001\$8ad920049e34f826dcaef5206536cc82\@ [-] --> FOUND
    [ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-3121070403-1088618337-3181964479-1001\$8ad920049e34f826dcaef5206536cc82\U --> FOUND
    [ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-3121070403-1088618337-3181964479-1001\$8ad920049e34f826dcaef5206536cc82\L --> FOUND

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ZeroAccess ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: SAMSUNG HM320II ATA Device +++++
    --- User ---
    [MBR] 373c856a7cbf98223337408b2a19faac
    [BSP] ab38bb93027df82801cf7afd00737177 : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 292147 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 598726656 | Size: 12897 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1]_S_04162013_02d1845.txt >>
    RKreport[1]_S_04162013_02d1845.txt

    Just FYI I uninstalled ERUNT as it kept causing my computer to crash out to the blue screen.
    If this is an issue please let me know and I can reinstall.

  6. #6
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    ok. Good. Now you can run Roguekiller like you did before and after the final scan is done under Options click the delete button. It will produce another Rk[] report on your desktop and reboot your machine. Please post the log in your reply. If ERUNT is blue screening your machine then leave it uninstalled.

    After the reboot we will get one more download to use.

    Its a utility from ESET to remove a specific rootkit. The link is here Read the instructions, following steps I & II (if needed.) then download the cleaner tool to your desktop to use. It will also produce a txt file on your desktop. If the rootkit is found you will be prompted to reboot 2 times during the process, as stated in the directions.
    How Can I Reduce My Risk?

  7. #7
    Member geeky's Avatar
    Join Date
    Aug 2006
    Posts
    32

    Default

    Hi

    The Rouguekiller log is:

    RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files...3-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Jane [Admin rights]
    Mode : Remove -- Date : 04/17/2013 19:23:30
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 5 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : iasap (rundll32.exe "C:\Users\Jane\AppData\Roaming\iasap.dll",GetHtmlCharset) [x] -> DELETED
    [RUN][SUSP PATH] HKCU\[...]\Run : redbj ("C:\Windows\System32\rundll32.exe" "C:\Users\Jane\AppData\Roaming\redbj.dll",AnyFileFlags) [7] -> DELETED
    [HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-3121070403-1088618337-3181964479-1001\$8ad920049e34f826dcaef5206536cc82\@ [-] --> REMOVED
    [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-3121070403-1088618337-3181964479-1001\$8ad920049e34f826dcaef5206536cc82\U --> REMOVED
    [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-3121070403-1088618337-3181964479-1001\$8ad920049e34f826dcaef5206536cc82\L --> REMOVED

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ZeroAccess ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: SAMSUNG HM320II ATA Device +++++
    --- User ---
    [MBR] 373c856a7cbf98223337408b2a19faac
    [BSP] ab38bb93027df82801cf7afd00737177 : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 292147 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 598726656 | Size: 12897 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[4]_D_04172013_02d1923.txt >>
    RKreport[1]_S_04162013_02d1845.txt ; RKreport[2]_S_04172013_02d1918.txt ; RKreport[3]_S_04172013_02d1920.txt ; RKreport[4]_D_04172013_02d1923.txt



    The ESET report is:

    [2013.04.17 20:02:59.593] -
    [2013.04.17 20:02:59.593] - ....................................
    [2013.04.17 20:02:59.593] - ..::::::::::::::::::....................
    [2013.04.17 20:02:59.593] - .::EEEEEE:::SSSSSS::..EEEEEE..TTTTTTTT.. Win32/Sirefef
    [2013.04.17 20:02:59.593] - .::EE::::EE:SS:::::::.EE....EE....TT...... Version: 1.1.0.9
    [2013.04.17 20:02:59.593] - .::EEEEEEEE::SSSSSS::.EEEEEEEE....TT...... Built: Apr 16 2013
    [2013.04.17 20:02:59.593] - .::EE:::::::::::::SS:.EE..........TT......
    [2013.04.17 20:02:59.593] - .::EEEEEE:::SSSSSS::..EEEEEE.....TT..... Copyright (c) ESET, spol. s r.o.
    [2013.04.17 20:02:59.609] - ..::::::::::::::::::.................... 1992-2013. All rights reserved.
    [2013.04.17 20:02:59.609] - ....................................
    [2013.04.17 20:02:59.609] -
    [2013.04.17 20:02:59.609] - --------------------------------------------------------------------------------
    [2013.04.17 20:02:59.609] -
    [2013.04.17 20:02:59.609] - INFO: OS: 6.1.7601 SP1
    [2013.04.17 20:02:59.609] - INFO: Product Type: Workstation
    [2013.04.17 20:02:59.609] - INFO: WoW64: True
    [2013.04.17 20:02:59.609] - INFO: Machine guid: B8489B8B-8319-4309-A5F8-90C253055DF0
    [2013.04.17 20:02:59.609] -
    [2013.04.17 20:02:59.609] - INFO: Scanning for system infection...
    [2013.04.17 20:02:59.609] - --------------------------------------------------------------------------------
    [2013.04.17 20:02:59.609] -
    [2013.04.17 20:02:59.609] - INFO: System modules modification not detected...
    [2013.04.17 20:02:59.609] - INFO: Current Shell HKLM [explorer.exe].
    [2013.04.17 20:02:59.609] - INFO: Current SubSystems [%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16].
    [2013.04.17 20:02:59.625] - INFO: Win32/Sirefef not found
    [2013.04.17 20:03:09.188] -
    [2013.04.17 20:03:09.188] - --------------------------------------------------------------------------------
    [2013.04.17 20:03:09.188] - INFO: Logging finished successfully...
    [2013.04.17 20:03:09.188] - --------------------------------------------------------------------------------

    I think this has all run successfully but I had to run the ESET a number of times because I kept getting blue screen. I am not sure what is causing it. I have disabled Kaspersky and it seems to be ok now.

  8. #8
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    Ok, looks good. What AV are you using? I dont see one in the list of software and you mention Kaspersky and your DDS shows Norton. Only need one resident AV per machine. Did you have Norton at one time?
    How Can I Reduce My Risk?

  9. #9
    Member geeky's Avatar
    Join Date
    Aug 2006
    Posts
    32

    Default

    Yes I did have Norton but I uninstalled it (or I thought I did). I have installed Kaspersky so it is strange that it is not showing up. Any suggestions?

  10. #10
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    You can download and run Nortons uninstaller.
    The Norton Removal Tool uninstalls all Norton 2003 and later products, Norton 360, and Norton SystemWorks 12.0 from your computer
    Link.

    Is your machine stable now, no blue screens? Kaspersky wont do you much good if you have to keep it disabled. Other than that hows everything else looking now?
    How Can I Reduce My Risk?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •