Search:

One of your admins was great help to me for my parents computer. I ended up downloading almost all the stuff he recommended for my laptop and used them periodically. Since I have all the stuff...

That makes sense to me. I started on your last set of instructions and I cannot locate specifically the Spybot Recovery Folder.

Please empty your Spybot Recovery Folder

Some of the infections...

I will follow your last instructions and want to thank you so very much for your time and patience. You are a godsend! I do have one question if you dont mind? System restore? I know I have seen this...

C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip Win32/Bagle.gen.zip worm
C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\DRM\2E17.tmp.vir Win64/Olmarik.AR trojan...

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16470 BrowserJavaVersion: 1.6.0_32
Run by member at 15:47:22 on 2013-03-16
Microsoft Windows 7 Home Premium ...

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1...

It is normal now!

After I used the tfc I could not get the pc to boot up properly. You mentioned it could be a problem, so the first time I waited 20 minutes, and then did a hard shut down. It did the same thing again...

Omg! You are brilliant! This pc is running so much better!

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.14.10

Windows 7 Service Pack 1 x64...

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.1 (03.12.2013:1)
OS: Windows 7 Home Premium x64
Ran by member on Wed 03/13/2013...

c:\program files (x86)\eGames\Solitaire Master 4\Game\screenshots\EastHaven.jpg
c:\program files (x86)\eGames\Solitaire Master 4\Game\screenshots\Eclipse.jpg
c:\program files (x86)\eGames\Solitaire...

c:\program files (x86)\eGames\Solitaire Master 4\Game\images\More Backgrounds\Guitar.JPG
c:\program files (x86)\eGames\Solitaire Master 4\Game\images\More Backgrounds\Hang Glider.jpg
c:\program...

c:\program files (x86)\eGames\Mahjongg Master 4\Game\mjm4.exe
c:\program files (x86)\eGames\Mahjongg Master 4\Game\mppsdk.dll
c:\program files (x86)\eGames\Mahjongg Master Egyptian...

Thank you for continuing!

Here is the log you requested. I will post the junkware log after this one.

ComboFix 13-03-03.01 - member 03/03/2013 12:20:32.2.2 - x64
Microsoft Windows 7 Home...

Jon Tom I am out of town and will be back tomorrow night. I will proceed with your instructions at that time. I appreciate your help and guidance more than you know! di

Chrome is telling me that next thing you wanted me to download I believe it had junk it the words is malicious. Please advise. Thanks!

I did have that report from after I did all those steps...However I copied it but I couldnt get a browswer to open...everything I clicked was marked for deletion. So knowing what you said last time I...

hope i did all that right cause im so confused. Most of everything on my parents pc is not clickable. It says illegal operation attempted marked for deletion. Please advice. Thanks!

ComboFix 13-03-02.01 - member 03/02/2013 12:36:14.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5110.3209 [GMT -8:00]
Running from: c:\users\member\Downloads\ComboFix.exe...

12:26:59.0532 3840 VgaSave - ok

12:26:59.0548 3840 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

12:26:59.0551 3840 vhdmp - ok

12:26:59.0568...

i have to go from bottom up.I cant figure out where the heck i was..

12:27:14.0838 1772 mouhid - ok

12:27:14.0870 1772 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr ...

12:26:51.0495 3840 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\IPSDefs\20130301.002\IDSvia64.sys
...

12:26:50.0900 3840 HomeGroupListener - ok

12:26:50.0929 3840 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

12:26:50.0931 3840 HomeGroupProvider - ok...

12:26:50.0587 3840 gupdate - ok

12:26:50.0595 3840 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

12:26:50.0597 3840 gupdatem - ok...

12:26:50.0039 3840 Filetrace - ok

12:26:50.0051 3840 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

12:26:50.0052 3840 flpydisk - ok
...

12:26:49.0765 3840 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

12:26:49.0766 3840 ...

12:26:49.0195 3840 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

12:26:49.0200 3840 dot3svc - ok

12:26:49.0229 3840 [ B26F4F737E8F9DF4F31AF6CF31D05820...

12:26:48.0852 3840 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

12:26:48.0854 3840 CompositeBus - ok

12:26:48.0867 3840 COMSysApp - ok
...

12:26:48.0531 3840 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

12:26:48.0532 3840 CertPropSvc - ok

12:26:48.0542 3840 [...

12:26:48.0194 3840 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

12:26:48.0194 3840 BrFiltUp - ok

12:26:48.0232 3840 [...

12:26:47.0629 3840 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

12:26:47.0633 3840 b57nd60a - ok

12:26:47.0674 3840 [...

12:26:47.0299 3840 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

12:26:47.0300 3840 Appinfo - ok

12:26:47.0316 3840 [ C484F8CEB1717C540242531DB7845C4E...

12:26:46.0998 3840 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

12:26:46.0999 3840 agp440 - ok

12:26:47.0032 3840 [...

12:26:46.0281 3840 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

12:26:46.0285 3840 1394ohci - ok

12:26:46.0318 3840 [...

12:26:42.0552 2392 ============================================================

12:26:42.0921 2392 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders:...

12:26:42.0037 2392 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

12:26:42.0551 2392 ============================================================

12:26:42.0551 2392 Current date /...

22:34:40.0469 5884 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:34:40.0471 5884 PptpMiniport - ok
22:34:40.0476 5884 [...

22:34:35.0472 5884 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:34:35.0473 5884 FontCache3.0.0.0 - ok...

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:34:31.0825 5884 AdobeFlashPlayerUpdateSvc - ok
22:34:31.0861 5884 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx ...

22:34:23.0181 6788 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:34:23.0714 6788 ============================================================
22:34:23.0714 6788 Current date /...

Im having a problem. I cant copy and paste as its way to big per your limits and wont allow it. I tried to upload it and I got the same result. Im sorry I need more direction as to how I can get this...

I believe there was more to it as well. As it was scanning Norton jumped in and quarantined something but as of now I dont see that report.

Here is the last log you requested.

20:01:33.0859 2940 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:01:33.0984 2940 ============================================================...

Thank you Jon Tom for your assistance and patience. The computer has toolbars and unwanted stuff that just start downloading things like shopathome junk while I was preparing the logs for you. I...

This is my parents pc, they are in their 80s, the computer is their lifeline. I am not that savvy with tech stuff so please bear with me . Hope you can help as I am a bit unsure of what I am doing....

My dad is 85 and has given me the task to fix his computer. Spybot found smithfraud-c and I can see its still not running right. I even had norton come in remotely and they couldnt figure it out and...