TechSpot

Help removing Win64/32:Sirefef-All [Trj/Rtk] & services.exe

Inactive
By Shane Patrick
Jun 14, 2013
  1. Hi,

    I have been helping a friend whose computer has been neglected for quite some time, I have done the best job I can cleaning most of the system but then I was confronted with what was likely the start of it all, the so-called Zeroaccess Trojan. I have found many topics discussing removal of this but as always suggested I did not want to use any of the user specific solutions on his computer. I believe that the Rootkit may have been hidden in the Synaptics Pointing Device Driver as I was experiencing issues with the touchpad's functionality and even purchased and installed a new touchpad, which still had problems, but when I prevented startup of the driver using the msconfig utility the issues stopped. Thanks in advance for any and all help!
     
  2. Shane Patrick

    Shane Patrick TS Rookie Topic Starter

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.19019
    Run by Anthony at 20:27:23 on 2013-06-14
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3002.1161 [GMT -6:00]
    .
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\SLsvc.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\dllhost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://search.bearshare.net
    uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    uURLSearchHooks: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - <orphaned>
    uURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - <orphaned>
    BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
    BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\users\anthony\appdata\roaming\defaulttab\defaulttab\DefaultTabBHO.dll
    BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
    BHO: Wincore Mediabar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\program files\bearshare applications\mediabar\datamngr\toolbar\wincorebsdtx.dll
    BHO: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - c:\programdata\wecarereminder\IEHelperv2.5.0.dll
    BHO: {E4E6BF2A-1667-11DF-A01F-1F9655D89593} - <orphaned>
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Wincore Mediabar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\program files\bearshare applications\mediabar\datamngr\toolbar\wincorebsdtx.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_4_402_287_ActiveX.exe -update activex
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: NameServer = 205.171.3.25 205.171.2.25
    TCP: Interfaces\{705F09E2-C31B-4BE5-B8FD-B98333A1B7F2} : DHCPNameServer = 10.1.10.1
    TCP: Interfaces\{AE3C9073-47F9-4148-BE79-00D6DC5AA36C} : DHCPNameServer = 205.171.3.25 205.171.2.25
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs= c:\progra~1\bearshare applications\mediabar\datamngr\datamngr.dll c:\progra~1\bearshare applications\mediabar\datamngr\IEBHO.dll
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.110\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\anthony\appdata\roaming\mozilla\firefox\profiles\wq35e0l5.default\
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
    FF - plugin: c:\windows\system32\adobe\director\np32dsw_1202122.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll
    FF - ExtSQL: 2013-06-08 14:07; wrc@avast.com; c:\program files\avast software\avast\webrep\FF
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-6-8 49376]
    R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-6-8 174664]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-6-8 765736]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-6-8 368944]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-6-8 29816]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-6-8 66336]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-6-8 46808]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-29 112128]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-6-14 40776]
    S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2013-5-31 20080]
    S4 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-10-23 193840]
    S4 DefaultTabUpdate;DefaultTabUpdate;c:\users\anthony\appdata\roaming\defaulttab\defaulttab\DTUpdate.exe [2012-8-22 107520]
    S4 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2008-10-23 365952]
    S4 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-10-27 1153368]
    S4 Web Assistant;Web Assistant;c:\program files\web assistant\ExtensionUpdaterService.exe [2012-8-22 188760]
    .
    =============== Created Last 30 ================
    .
    2013-06-15 02:00:15 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2013-06-08 20:08:22 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2013-06-08 20:08:21 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2013-06-08 20:08:21 174664 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2013-06-08 20:08:20 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2013-06-08 20:06:53 41664 ----a-w- c:\windows\avastSS.scr
    2013-06-08 19:58:26 -------- d-----w- c:\windows\pss
    2013-05-31 21:44:29 173582 ----a-w- c:\windows\system32\cc_20130531_154420.reg
    2013-05-31 18:20:04 -------- d-----w- c:\program files\CCleaner
    2013-05-31 17:51:27 -------- d-----w- c:\users\anthony\appdata\roaming\Malwarebytes
    2013-05-31 17:51:16 -------- d-----w- c:\programdata\Malwarebytes
    2013-05-31 17:51:15 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-05-31 17:51:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2013-05-31 17:50:37 -------- d-----w- c:\program files\PeerBlock
    .
    ==================== Find3M ====================
    .
    2013-05-31 03:53:27 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-05-31 03:53:26 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-04-07 08:52:34 27136 ----a-w- c:\windows\system32\ImHttpComm.dll
    2012-08-22 03:45:29 699536 ----a-w- c:\program files\39Uninstall MapsGalaxy.dll
    2012-08-22 03:45:29 172440 ----a-w- c:\program files\39res.dll
    .
    ============= FINISH: 20:28:58.56 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/23/2008 6:56:02 PM
    System Uptime: 6/14/2013 7:24:44 PM (1 hours ago)
    .
    Motherboard: Wistron | | 3612
    Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz | CPU | 1600/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 287 GiB total, 61.319 GiB free.
    D: is FIXED (NTFS) - 11 GiB total, 1.818 GiB free.
    E: is CDROM (UDF)
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    µTorrent
    ActiveCheck component for HP Active Support Library
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.4)
    Adobe Shockwave Player
    Adobe Shockwave Player 12.0
    avast! Free Antivirus
    AVG 2012
    BearShare
    Canon iP2600 series
    CCleaner
    Conexant HD Audio
    CutePDF Writer 2.8
    CWA Reminder by We-Care.com v4.1.18.3
    DefaultTab
    ErrorTeck 1.6
    ESU for Microsoft Vista
    Fix-it-up - Kates Adventure
    gBurner
    Google Chrome
    Google Earth Plug-in
    Google Toolbar for Internet Explorer
    Google Update Helper
    HDAUDIO Soft Data Fax Modem with SmartCP
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Active Support Library
    HP Customer Experience Enhancements
    HP Doc Viewer
    HP DVD Play 3.7
    HP Help and Support
    HP Quick Launch Buttons 6.40 H2
    HP Total Care Advisor
    HP Update
    HP User Guides 0118
    HP Wireless Assistant
    HPAsset component for HP Active Support Library
    HPNetworkAssistant
    HPTCSSetup
    IB Updater Service
    Intel(R) Graphics Media Accelerator Driver
    Java(TM) 6 Update 7
    LabelPrint
    LG USB Modem driver
    LightScribe System Software 1.14.17.1
    Malwarebytes Anti-Malware version 1.75.0.1300
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual J# 2.0 Redistributable Package
    Microsoft Works
    Mozilla Firefox 21.0 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    My HP Games
    NetWaiting
    Norton Internet Security
    PeerBlock 1.1 (r518)
    PIXMA Extended Survey Program
    Realtek 8169 8168 8101E 8102E Ethernet Driver
    Realtek USB 2.0 Card Reader
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
    Spybot - Search & Destroy
    swMSM
    Synaptics Pointing Device Driver
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB957244)
    Update for Microsoft Office Excel 2007 Help (KB957242)
    Update for Microsoft Office OneNote 2007 Help (KB957245)
    Update for Microsoft Office PowerPoint 2007 Help (KB957247)
    Update for Microsoft Office Word 2007 Help (KB957252)
    Update for Microsoft Script Editor Help (KB957253)
    V CAST Music with Rhapsody
    VLC media player 1.0.3
    VZAccess Manager
    Web Assistant 2.0.0.572
    Wincore MediaBar
    WinRAR archiver
    Yahoo! Software Update
    .
    ==== End Of File ===========================
     
  3. Shane Patrick

    Shane Patrick TS Rookie Topic Starter

    MBAM Log

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.06.14.08

    Windows Vista Service Pack 1 x86 NTFS
    Internet Explorer 8.0.6001.19019
    Anthony :: MIKE-PC [administrator]

    6/14/2013 8:02:11 PM
    mbam-log-2013-06-14 (20-02-11).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 267512
    Time elapsed: 33 minute(s), 49 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  4. Broni

    Broni Malware Annihilator Posts: 47,995   +271

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===================================

    [​IMG] Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

    ===========================================================
    Note: <<<< - very important - please do this step:
    If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
    Internet access
    Windows Update
    Windows Firewall
    (if used)
    If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit located in the mbar\plugins folder and reboot.
    Verify that your system is now functioning normally.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.