-
Tim,
Am I missing something here, I had you run OTL to scan so I could check over your log which you posted, but the second log is not the extra, it is a report from a fix , I did not post any fix ??????????????????????
-
OTL Extra Log is MIA
Ken, Sorry for the confusion the fix was left in an OTL folder on the C drive from when I previously used your services in January. I looked numerous places for the extra log which was not displayed at the end of the scan but had no luck. Do you want me to run it again in an effort to locate it?
Thanks, T
-
Update 06/03
Ken, After sending you that last post I had a chance to use the computer, I thought all systems were a go, however I tried a search under a new tab and was redirected. I attempted a few other searchs and was redirected each time thereafter......
-
-
aswMBR log.
aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-06-03 20:55:22
-----------------------------
20:55:22.203 OS Version: Windows 5.1.2600 Service Pack 3
20:55:22.203 Number of processors: 1 586 0x304
20:55:22.218 ComputerName: TORCHIA UserName: Tim
20:55:46.828 Initialize success
20:55:52.921 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:55:52.953 Disk 0 Vendor: ST340014A 8.16 Size: 38146MB BusType: 3
20:55:55.015 Disk 0 MBR read successfully
20:55:55.015 Disk 0 MBR scan
20:55:55.015 Disk 0 unknown MBR code
20:55:57.171 Disk 0 scanning sectors +78108030
20:55:57.234 Disk 0 scanning C:\WINDOWS\system32\drivers
20:56:34.281 Service scanning
20:56:45.437 Disk 0 trace - called modules:
20:56:45.468 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x81a7c1ed]<<
20:56:45.468 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x81b0a030]
20:56:45.531 3 CLASSPNP.SYS[f9306fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x81af34e8]
20:56:45.546 \Driver\atapi[0x81af3d20] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x81a7c1ed
20:56:45.546 Scan finished successfully
20:57:20.296 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Tim\Desktop\MBR.dat"
20:57:20.453 The log file has been saved successfully to "C:\Documents and Settings\Tim\Desktop\aswMBR log.txt"
-
Re-Run aswMBR
Click Scan
On completion of the scan
Click Fix
Save the log as before and post in your next reply
-
re-run aswMBR
aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-06-04 07:13:23
-----------------------------
07:13:23.328 OS Version: Windows 5.1.2600 Service Pack 3
07:13:23.328 Number of processors: 1 586 0x304
07:13:23.328 ComputerName: TORCHIA UserName: Tim
07:13:25.000 Initialize success
07:13:39.937 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
07:13:39.937 Disk 0 Vendor: ST340014A 8.16 Size: 38146MB BusType: 3
07:13:41.984 Disk 0 MBR read successfully
07:13:41.984 Disk 0 MBR scan
07:13:41.984 Disk 0 unknown MBR code
07:13:44.015 Disk 0 scanning sectors +78108030
07:13:44.031 Disk 0 scanning C:\WINDOWS\system32\drivers
07:13:55.234 Service scanning
07:13:59.453 Disk 0 trace - called modules:
07:13:59.468 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x81a7c1ed]<<
07:13:59.468 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x81b0a030]
07:13:59.468 3 CLASSPNP.SYS[f9306fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x81af34e8]
07:13:59.484 \Driver\atapi[0x81af3d20] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x81a7c1ed
07:13:59.484 Scan finished successfully
07:15:08.031 Disk 0 Windows 501 MBR fixed successfully
07:16:08.671 Disk 0 Windows 501 MBR fixed successfully
07:16:53.000 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Tim\Desktop\MBR.dat"
07:16:53.000 The log file has been saved successfully to "C:\Documents and Settings\Tim\Desktop\aswMBR2.txt"
-
Lets try TDSSKiller again, if its still on your desktop, drag it to the trash and download a fresh copy
Please download TDSSKiller.zip- Extract it to your desktop
- Double click TDSSKiller.exe
- Press Start Scan
- Only if Malicious objects are found then ensure Cure is selected
- Then click Continue > Reboot now
- Copy and paste the log in your next reply
- A copy of the log will be saved automatically to the root of the drive (typically C:\)
-
TDSSKiller - No go!!!
I cleared out all the previously downloaded folders and attempted a new download as indicated. After extracting all files, the run box prompts, I click the run box and nothing happens from there...
-
Run this first
- Please download rkill (Courtesy of Bleepingcomputer.com).
- There are 5 different versions of this tool. If one of them will not run, please try the next one in the list.
- Note: Vista and Windows 7 Users must right click and select "Run as Administrator" to run the tool.
- Note: You only need to get one of the tools to run, not all of them.
- Note: You will likely see a message from this rogue telling you the file is infected. Ignore the message. Leave the message OPEN, do not close the message.
Run rkill repeatedly until it's able to do it's job. This may take a few tries.
You'll be able to tell rkill has done it's job when your desktop (explorer.exe) cycles off and then on again.
If it still wont run and you still have Combofix on your desktop, drag it to trash and download and run a new updated copy, notice how it needs to be renamed
Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.
Link 1
Link 2
* IMPORTANT !!! Save ComboFix.exe to your Desktop
- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
- See this Link for programs that need to be disabled and instruction on how to disable them.
- Remember to re-enable them when we're done.
- Double click on ComboFix.exe & follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules