TechSpot

Browser search redirect

By calmman
Jun 12, 2011
  1. When using Google, Bing or Yahoo for searching the internet, I get the results and if I click on the results I quite often get redirected to bogus websites. I am using IE9 on a Win7 machine. Also, Firefox 4.02 has the problem and Google Chrome does not work at all.

    I have ran several different programs including Spybot, Malwarebytes, ComboFix, HitmanPro, HijackThis. None of these programs have found anything. I am also running Symantec Endpoint for virus protection and it does not find anything. I have also tried running tdsskiller.exe but it will not run on this machine. It starts for a moment and the process goes away.

    Also, I have noticed that if you right-click on the search results and say open (or open in new tab) and the redirect does not happen. I'm not sure if its helpful, but here a few examples of the websites that I get redirected too:
    linkinghub.elsevier.com, newsrelief.com, scour.com, search.yellowise.com, www.dances.us, www.find-quick-results.com, www.majordownloads.org, www.nmi.us

    Here are my logs according your guide...

    Malwarebytes' Anti-Malware 1.51.0.1200
    www.malwarebytes.org

    Database version: 6842

    Windows 6.1.7600
    Internet Explorer 9.0.8112.16421

    6/12/2011 1:54:14 PM
    mbam-log-2011-06-12 (13-54-14).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 313154
    Time elapsed: 1 hour(s), 2 minute(s), 3 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    GMER 1.0.15.15640 - http://www.gmer.net
    Rootkit quick scan 2011-06-12 12:44:48
    Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 HITACHI_ rev.PB2Z
    Running: 9kt7vt9j.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\uxddapob.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\tdx \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

    ---- Threads - GMER 1.0.15 ----

    Thread System [4:308] 86E1BE7A
    Thread System [4:312] 86E1E008

    ---- EOF - GMER 1.0.15 ----

    .
    DDS (Ver_2011-06-12.02) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
    Run by Administrator at 12:50:29 on 2011-06-12
    Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2937.1875 [GMT -5:00]
    .
    AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\ibmpmsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
    C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
    C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\taskhost.exe
    C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    c:\Program Files\Lenovo\System Update\SUService.exe
    C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    mRun: [BtTray] "c:\program files\ivt corporation\bluesoleil\BtTray.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
    mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
    Trusted Zone: EPOWER
    DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} - hxxps://jran.uscourts.gov/whalecomec3fa3937e2db7cbeb853a3e330df9604e1202f274702c43/whalecom0/iNotes6W.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {983A9C21-8207-4B58-BBB8-0EBC3D7C5505} - hxxps://jran.uscourts.gov/whalecomec3fa3937e2db7cbeb853a3e330df9604e1202f274702c43/whalecom0/dwa8W.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{6D1573F6-C18B-48C0-A71A-27EC9C79AAD0} : DhcpNameServer = 68.87.68.162 68.87.74.162
    TCP: Interfaces\{7324A56B-44C3-486D-B1D6-96D089B83F40} : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{7324A56B-44C3-486D-B1D6-96D089B83F40}\2375942554338373 : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{7324A56B-44C3-486D-B1D6-96D089B83F40}\2457666616C6F6 : DhcpNameServer = 192.168.11.1
    TCP: Interfaces\{7324A56B-44C3-486D-B1D6-96D089B83F40}\3454740275F627B63747164796F6E6 : DhcpNameServer = 10.1.10.1
    TCP: Interfaces\{7324A56B-44C3-486D-B1D6-96D089B83F40}\5516D6377457563747 : DhcpNameServer = 144.30.3.201 144.30.3.202 144.30.3.203
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\windows\system32\skype4com.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: igfxcui - igfxdev.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\administrator\appdata\roaming\mozilla\firefox\profiles\04mjwujv.default\
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2010-4-6 20104]
    R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009-6-29 20520]
    R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2009-7-16 13480]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
    R2 BsMobileCS;BsMobileCS;c:\program files\ivt corporation\bluesoleil\BsMobileCS.exe [2010-4-27 147563]
    R2 DDNIMSGService;DDNIMSGService;c:\program files\ddni\lenovo idea notes\DDNIMSGService.exe [2010-7-20 171872]
    R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2009-10-5 45424]
    R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
    R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2010-4-1 1822296]
    R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2009-10-5 62320]
    R3 5U877;USB Video Device;c:\windows\system32\drivers\5U877.sys [2009-12-26 125568]
    R3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\drivers\btcomport.sys [2010-4-6 25992]
    R3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\drivers\btcombus.sys [2010-4-6 22024]
    R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2010-4-6 25864]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-6-6 105592]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-9-10 122880]
    R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2010-4-6 23048]
    R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-6-7 119256]
    R3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2009-9-15 6114816]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-12-19 249888]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\roxio\digital home 10\RoxioUpnpService10.exe [2009-8-5 362992]
    S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2009-8-5 309744]
    S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2009-8-5 166384]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-6-8 17480]
    S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
    S3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2009-12-26 75040]
    S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\roxio\digital home 10\RoxioUPnPRenderer10.exe [2009-8-5 313840]
    S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2009-8-5 1124848]
    S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
    S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
    S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
    S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-7 1343400]
    S3 wdfsgusbV3;Stenograph WDF USB Writer Service V3;c:\windows\system32\drivers\wdfsgusb.sys [2010-1-28 18952]
    S4 DDNIService;DDNIService;c:\program files\ddni\dibs\DDNIService.exe [2010-7-23 163680]
    .
    =============== Created Last 30 ================
    .
    2011-06-12 17:45:44 607310 ------r- c:\temp\dds.scr
    2011-06-12 17:43:11 302592 ----a-w- c:\temp\9kt7vt9j.exe
    2011-06-12 16:29:47 1437488 ----a-w- C:\TDSSKiller.exe
    2011-06-12 16:28:02 -------- d-----w- c:\users\administrator\appdata\local\ElevatedDiagnostics
    2011-06-12 16:25:57 -------- d--h--w- c:\windows\PIF
    2011-06-12 16:17:41 -------- d-sh--w- C:\$RECYCLE.BIN
    2011-06-12 16:02:20 -------- d-----w- c:\users\administrator\appdata\roaming\Intel
    2011-06-09 21:47:31 -------- d-----w- c:\users\administrator\appdata\local\Adobe
    2011-06-09 21:40:01 -------- d-----w- c:\users\administrator\appdata\local\Google
    2011-06-09 19:41:05 -------- d-----w- c:\users\administrator\appdata\local\bluesoleil
    2011-06-09 17:25:19 -------- d-----w- C:\temp
    2011-06-09 17:13:58 -------- d-----w- c:\programdata\STOPzilla!
    2011-06-09 15:14:01 -------- d-----w- c:\program files\IObit
    2011-06-09 13:25:57 98816 ----a-w- c:\windows\sed.exe
    2011-06-09 13:25:57 518144 ----a-w- c:\windows\SWREG.exe
    2011-06-09 13:25:57 256512 ----a-w- c:\windows\PEV.exe
    2011-06-09 13:25:57 208896 ----a-w- c:\windows\MBR.exe
    2011-06-08 20:58:40 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
    2011-06-08 20:57:06 -------- d-----w- c:\programdata\Hitman Pro
    2011-06-08 20:52:14 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-06-08 20:49:38 0 ----a-w- c:\windows\system32\RENE429.tmp
    2011-06-08 20:49:38 0 ----a-w- c:\windows\system32\RENE428.tmp
    2011-06-08 20:49:38 0 ----a-w- c:\windows\system32\RENE3F8.tmp
    2011-06-08 18:57:50 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-06-08 18:57:49 -------- d-----w- c:\programdata\Malwarebytes
    2011-06-08 18:57:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-06-07 22:32:48 1437488 ----a-w- c:\temp\tdsskiller\TDSSKiller.exe
    2011-06-07 19:14:25 -------- d-----w- c:\windows\system32\SPReview
    2011-06-07 19:13:25 -------- d-----w- c:\windows\system32\EventProviders
    2011-06-06 19:19:58 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2011-06-06 19:18:55 503808 ----a-w- c:\windows\system32\MSVCP71.DLL
    2011-06-06 19:18:55 348160 ----a-w- c:\windows\system32\MSVCR71.DLL
    2011-06-06 19:18:54 1060864 ----a-w- c:\windows\system32\MFC71.DLL
    2011-06-06 19:18:37 -------- d-----w- c:\program files\common files\Symantec Shared
    2011-06-06 19:18:36 -------- d-----w- c:\programdata\Symantec
    2011-06-06 19:18:36 -------- d-----w- c:\program files\Symantec
    2011-05-25 14:13:49 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
    2011-05-19 13:44:20 123904 ----a-w- c:\windows\system32\poqexec.exe
    2011-05-17 17:19:37 -------- d-----w- c:\programdata\PC-Doctor for Windows
    .
    ==================== Find3M ====================
    .
    2011-05-04 09:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-04-09 06:13:06 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-04-09 06:13:06 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
    .
    ============= FINISH: 12:50:54.61 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-12.02)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/22/2010 12:48:43 PM
    System Uptime: 6/12/2011 12:37:28 PM (0 hours ago)
    .
    Motherboard: LENOVO | | 28479UU
    Processor: Intel(R) Core(TM)2 Duo CPU T6570 @ 2.10GHz | U2E1 | 2101/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 232 GiB total, 138.917 GiB free.
    D: is CDROM ()
    E: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP170: 6/9/2011 11:26:38 AM - Windows 7 Service Pack 1
    RP171: 6/9/2011 12:12:50 PM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
    RP173: 6/9/2011 12:21:19 PM - StopZILLA! Restore Point.
    RP174: 6/9/2011 12:23:03 PM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
    RP175: 6/9/2011 4:43:15 PM - Installed Java(TM) 6 Update 26
    RP176: 6/9/2011 4:46:55 PM - Removed Adobe Reader 9.4.1.
    RP177: 6/12/2011 11:06:16 AM - ComboFix created restore point
    .
    ==== Installed Programs ======================
    .
    Registry Patch to arrange icons in Device and Printers folder of Windows 7
    Update for Microsoft Office 2007 (KB2508958)
    2007 Microsoft Office system
    Access Help
    Adobe Acrobat X Standard
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    AT&T Service Activation
    BlueSoleil 6.4.314.3
    Bridge
    BridgeDist
    Business Contact Manager for Outlook 2007 SP2
    Case CATalyst Version 12
    CCleaner
    Create Recovery Media
    D3DX10
    Defraggler (remove only)
    DIBS
    DirectX 9 Runtime
    E-Transcript
    Google Chrome
    Integrated Camera Driver Installer Package Ver.1.0.1.2
    Integrated Camera TWAIN
    Intel PROSet Wireless
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PROSet/Wireless WiFi Software
    Intel(R) TV Wizard
    IntelĀ® Matrix Storage Manager
    InterVideo WinDVD 8
    Java Auto Updater
    Java(TM) 6 Update 26
    JMicron Flash Media Controller Driver
    Junk Mail filter update
    Lenovo Central
    Lenovo Idea Notes
    Lenovo System Interface Driver
    Lenovo ThinkVantage Toolbox
    LiveUpdate 3.3 (Symantec Corporation)
    Malwarebytes' Anti-Malware version 1.51.0.1200
    Message Center Plus
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office 2003 Web Components
    Microsoft Office 2007 Primary Interop Assemblies
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Hybrid 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Small Business Connectivity Components
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2007
    Microsoft Research AutoCollage Touch 2009
    Microsoft Silverlight
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft UI Engine
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Mobile Broadband Connect
    Mozilla Firefox 4.0.1 (x86 en-US)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nokia Connectivity Cable Driver
    OGA Notifier 2.0.0048.0
    On Screen Display
    OpenOffice.org 3.1
    PC Connectivity Solution
    RealLegal E-Transcript 7.0
    Realtek 8136 8168 8169 Ethernet Driver
    Realtek High Definition Audio Driver
    Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
    Rescue and Recovery
    Roxio Activation Module
    Roxio Central Audio
    Roxio Central Copy
    Roxio Central Core
    Roxio Central Data
    Roxio Central Tools
    Roxio Creator Small Business Edition
    Roxio Express Labeler 3
    SearchMaster
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2466156)
    Security Update for 2007 Microsoft Office System (KB2509488)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2464583)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Sonic CinePlayer Decoder Pack
    Sonic Icons for Lenovo
    Spybot - Search & Destroy
    Symantec Endpoint Protection
    System Update
    ThinkPad FullScreen Magnifier
    ThinkPad Hotkey Features Setup
    ThinkPad Power Management Driver
    ThinkPad Power Manager
    ThinkPad UltraNav Driver
    ThinkPad UltraNav Utility
    ThinkVantage Active Protection System
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Outlook 2007 (KB2509470)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2536413)
    Verizon Wireless Mobile Broadband Self Activation
    Windows Driver Package - Intel hdc (06/04/2009 7.0.0.1013)
    Windows Driver Package - Intel System (06/04/2009 1.0.0.0002)
    Windows Driver Package - Lenovo 1.55 (08/18/2009 1.55)
    Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (07/10/2009 6.0.1.5892)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows XP Mode
    WinUSR
    .
    ==== Event Viewer Messages From Past Week ========
    .
    6/9/2011 9:22:46 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache eeCtrl lenovo.smi SPBBCDrv spldr SRTSP SRTSPX SYMTDI TPPWRIF vpcvmm Wanarpv6
    6/9/2011 8:57:36 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
    6/9/2011 7:58:52 AM, Error: Service Control Manager [7000] - The Hitman Pro 3.5 Crusader (Boot) service failed to start due to the following error: The system cannot find the file specified.
    6/9/2011 7:58:49 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xbc459000, 0x00000000, 0x82eb5b43, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 060911-72743-01.
    6/9/2011 4:56:00 PM, Error: Service Control Manager [7024] - The Hitman Pro 3.5 Crusader (Boot) service terminated with service-specific error The operation completed successfully..
    6/9/2011 3:19:02 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000019 (0x00000003, 0x86f31d98, 0x82f45940, 0x82f45890). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 060911-43586-01.
    6/9/2011 2:37:37 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    6/9/2011 12:33:07 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
    6/9/2011 12:31:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service BsHelpCS with arguments "-Service" in order to run the server: {1CE3EB56-16B9-40A0-8110-284EF53ACF04}
    6/9/2011 12:31:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service BlueSoleilCS with arguments "-Service" in order to run the server: {DC22CE61-F0A5-415C-986E-4DF78C2D1029}
    6/9/2011 12:29:37 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21
    6/9/2011 12:29:23 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache eeCtrl is3srv lenovo.smi SPBBCDrv spldr SRTSP SRTSPX SYMTDI szkg5 szkgfs TPPWRIF vpcvmm Wanarpv6
    6/9/2011 12:19:30 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: is3srv
    6/9/2011 12:05:22 PM, Error: Microsoft-Windows-Service Pack Installer [8] - Service Pack installation failed with error code 0x80070020.
    6/8/2011 9:42:57 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070020: Windows 7 Service Pack 1 (KB976932).
    6/8/2011 9:33:16 AM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-2147467243
    6/8/2011 9:32:09 AM, Error: Service Control Manager [7022] - The Windows Search service hung on starting.
    6/8/2011 3:14:26 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
    6/7/2011 4:54:07 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8007000e: Security Update for Windows 7 (KB2508429).
    6/7/2011 4:52:04 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8007000e: Update for Windows 7 (KB2492386).
    6/7/2011 4:51:57 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8007000e: Cumulative Security Update for ActiveX Killbits for Windows 7 (KB2508272).
    6/7/2011 4:49:58 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8007000e: Update for Windows 7 (KB2506928).
    6/7/2011 4:47:35 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8007000e: Security Update for Windows 7 (KB2510531).
    6/7/2011 4:44:55 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8007000e: Security Update for Windows 7 (KB2509553).
    6/7/2011 4:42:35 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x8007000e: Security Update for Windows 7 (KB2507618).
    6/6/2011 2:20:09 PM, Error: Service Control Manager [7030] - The Symantec Management Client service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    6/6/2011 2:10:59 PM, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    6/6/2011 2:10:41 PM, Error: Service Control Manager [7000] - The AVG Anti-Rootkit Driver service failed to start due to the following error: The system cannot find the file specified.
    6/6/2011 2:08:20 PM, Error: Service Control Manager [7031] - The AVG WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    6/6/2011 2:05:29 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgrkx86
    6/6/2011 2:03:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
    6/6/2011 2:03:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    6/6/2011 2:00:58 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx86 Avgmfx86 CSC DfsC discache lenovo.smi NetBIOS NetBT nsiproxy Psched rdbss spldr tdx TPPWRIF vpcnfltr vpcvmm vwififlt Wanarpv6 WfpLwf
    6/6/2011 12:58:30 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep
    6/6/2011 12:56:36 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
    6/6/2011 12:44:28 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Print Spooler service, but this action failed with the following error: An instance of the service is already running.
    6/6/2011 12:43:28 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    6/5/2011 9:04:46 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706be: Windows 7 Service Pack 1 (KB976932).
    6/5/2011 9:04:46 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Windows Internet Explorer 9 for Windows 7.
    6/12/2011 12:42:31 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
    6/12/2011 12:39:47 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: is3srv szkg5 szkgfs
    6/12/2011 12:31:11 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    6/12/2011 12:25:46 PM, Error: Service Control Manager [7031] - The Symantec Settings Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    6/12/2011 12:25:46 PM, Error: Service Control Manager [7031] - The Symantec Event Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 200 milliseconds: Restart the service.
    6/12/2011 12:24:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    6/12/2011 12:24:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    6/12/2011 12:24:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    6/12/2011 12:24:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    6/12/2011 12:24:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    6/12/2011 12:23:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    6/12/2011 11:32:15 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache eeCtrl is3srv lenovo.smi NetBIOS NetBT nsiproxy Psched rdbss SPBBCDrv spldr SRTSP SRTSPX SYMTDI szkg5 szkgfs tdx TPPWRIF vpcnfltr vpcvmm vwififlt Wanarpv6 WfpLwf
    6/12/2011 11:32:12 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    6/12/2011 11:32:12 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    6/12/2011 11:32:12 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    6/12/2011 11:32:12 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    6/12/2011 11:32:12 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    6/12/2011 11:32:12 AM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    6/12/2011 11:32:12 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    6/12/2011 11:32:08 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    6/12/2011 11:32:08 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    6/12/2011 11:32:08 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    6/12/2011 11:32:08 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    6/12/2011 11:16:47 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    6/10/2011 6:44:43 PM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {0002DF01-0000-0000-C000-000000000046}. The error: "32" Happened while starting this command: "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    6/10/2011 6:41:19 PM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {0002DF01-0000-0000-C000-000000000046}. The error: "2" Happened while starting this command: "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    .
    ==== End Of File ===========================

    Thanks for any help you can provide. This is the most time I have spent on malware in a long time and I am tired.
     
  2. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ====================================================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...