System Check virus, a lot of problems

Inactive
By MjuTaS
Feb 8, 2012
  1. Hello! Im new to this site, i saw u helpt alot of others with virus problems.
    Yesterday i got this system check virus.

    I had AVG free antivirus but it didnt find anything, dowloaded Malwarebytes Anti-Malware and i got rid of the pop-ups from the virus.

    BUT everything in the startmenu dissappeared, also program files is missing, i cant play Starcraft anymore, just getting error message when im gonna start it, when i google something i get redirected to other random pages.

    I also uninstalled AVG and installed AVAST, it didnt find anything. But my guess is that the virus is still there in the background somewere :( Can you please help me
  2. Broni

    Broni Malware Annihilator Posts: 46,158   +251

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ============================================================

    Let's see, if we can recover your missing features.
    Download and run UnHide
    Let me know, if it worked.
  3. MjuTaS

    MjuTaS Newcomer, in training Topic Starter Posts: 105

    The UnHide made the start menu things back, but not program files.

    Here is the first malwarebytes scan i did yesterday, now it just shows :0 on everything.

    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Databasversion: v2012.02.07.07

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Simon :: SIMON-PC [begränsad]

    2012-02-08 02:56:16
    mbam-log-2012-02-08 (02-56-16).txt

    Skanningstyp: Fullständig skanning
    Aktiverade skanningsalternativ: Minne | Start | Register | Filsystem | Heuristik/Extra | Heuristik/Shuriken | PUP | PUM
    Inaktiverade skanningsalternativ: P2P
    Antal skannade objekt: 310690
    Förfluten tid: 38 minut(er), 12 sekund(er)

    Upptäckta minnesprocesser: 1
    C:\Windows\Temp\lbcfvg\setup.exe (Trojan.Downloader) -> 3808 -> Ta bort vid nästa datorstart.

    Upptäckta minnesmoduler: 0
    (Inga skadliga poster hittades)

    Upptäckta registernycklar: 2
    HKLM\SYSTEM\CurrentControlSet\Services\AMService (Trojan.Downloader) -> Sattes i karantän och togs bort.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winner Casino (PUP.Casino) -> Sattes i karantän och togs bort.

    Upptäckta registervärden: 2
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|QGuaayvrII.exe (Rogue.FakeHDD) -> Data: C:\ProgramData\QGuaayvrII.exe -> Sattes i karantän och togs bort.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Microsoft Firewall 2.9 (Trojan.Agent.Gen) -> Data: C:\Users\Simon\AppData\Roaming\WMPRWISE.EXE -> Sattes i karantän och togs bort.

    Upptäckta registerdataposter: 1
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Dåligt: (0) Bra: (1) -> Sattes i karantän och reparerades framgångsrikt.

    Upptäckta mappar: 0
    (Inga skadliga poster hittades)

    Upptäckta filer: 6
    C:\Windows\Temp\lbcfvg\setup.exe (Trojan.Downloader) -> Ta bort vid nästa datorstart.
    C:\ProgramData\QGuaayvrII.exe (Rogue.FakeHDD) -> Sattes i karantän och togs bort.
    C:\Casino\Winner Casino\_WinnerCSetup_55c192.exe (PUP.Casino) -> Sattes i karantän och togs bort.
    C:\ProgramData\XXkZ73R5CmQoEU.exe (Rogue.FakeHDD) -> Sattes i karantän och togs bort.
    C:\Users\Simon\AppData\Local\Temp\KTbqO0dOajyreR.exe.tmp (Rogue.FakeHDD) -> Sattes i karantän och togs bort.
    C:\Users\Simon\AppData\Local\Temp\data\venmix.exe (Trojan.Wreckit) -> Sattes i karantän och togs bort.

    (klar)
  4. Broni

    Broni Malware Annihilator Posts: 46,158   +251

    More details please.
  5. MjuTaS

    MjuTaS Newcomer, in training Topic Starter Posts: 105

    The startmenu only had my computer and ducuments on the right side, and nothing on the left side, now after the UnHide i got all the old stuff back on the right side, like controlpanel,games,music etc.


    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-02-08 20:05:06
    Windows 6.1.7601 Service Pack 1
    Running: 7k2z5vbx.exe; Driver: C:\Users\Simon\AppData\Local\Temp\awtoypog.sys


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 2
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xC0 0x2B 0x84 0x31 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x89 0x7B 0xCA 0x21 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xAE 0xCE 0x0B 0x20 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xB9 0xA1 0x13 0xF0 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xC0 0x2B 0x84 0x31 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x89 0x7B 0xCA 0x21 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xAE 0xCE 0x0B 0x20 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xB9 0xA1 0x13 0xF0 ...

    ---- Files - GMER 1.0.15 ----

    File C:\Windows\$NtUninstallKB21072$\1327194865 0 bytes
    File C:\Windows\$NtUninstallKB21072$\2418786939 0 bytes
    File C:\Windows\$NtUninstallKB21072$\2418786939\@ 2048 bytes
    File C:\Windows\$NtUninstallKB21072$\2418786939\cfg.ini 197 bytes
    File C:\Windows\$NtUninstallKB21072$\2418786939\Desktop.ini 4608 bytes
    File C:\Windows\$NtUninstallKB21072$\2418786939\L 0 bytes
    File C:\Windows\$NtUninstallKB21072$\2418786939\L\xadqgnnk 74752 bytes
    File C:\Windows\$NtUninstallKB21072$\2418786939\oemid 35 bytes
    File C:\Windows\$NtUninstallKB21072$\2418786939\twl.dll 223744 bytes
    File C:\Windows\$NtUninstallKB21072$\2418786939\U 0 bytes
    File C:\Windows\$NtUninstallKB21072$\2418786939\U\00000001.@ 2048 bytes
    File C:\Windows\$NtUninstallKB21072$\2418786939\U\00000002.@ 224768 bytes
    File C:\Windows\$NtUninstallKB21072$\2418786939\U\00000004.@ 1024 bytes
    File C:\Windows\$NtUninstallKB21072$\2418786939\U\80000000.@ 66048 bytes
    File C:\Windows\$NtUninstallKB21072$\2418786939\U\80000004.@ 12800 bytes
    File C:\Windows\$NtUninstallKB21072$\2418786939\U\80000032.@ 73216 bytes
    File C:\Windows\$NtUninstallKB21072$\2418786939\version 862 bytes

    ---- EOF - GMER 1.0.15 ----
  6. Broni

    Broni Malware Annihilator Posts: 46,158   +251

  7. MjuTaS

    MjuTaS Newcomer, in training Topic Starter Posts: 105

    ty, but how do i fix the program files and that i get redirected from google links.
  8. Broni

    Broni Malware Annihilator Posts: 46,158   +251

    We'll work on redirection.

    More details please.

    Go on with DDS scan.
  9. MjuTaS

    MjuTaS Newcomer, in training Topic Starter Posts: 105

    DDS

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
    Run by Simon at 22:00:03 on 2012-02-08
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.46.1033.18.3327.1817 [GMT 1:00]
    .
    AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\DAEMON Tools Lite\DTLite.exe
    C:\Program Files\Personal\bin\Personal.exe
    C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.se/
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: CescrtHlpr Object: {64182481-4f71-486b-a045-b233bd0da8fc} - c:\program files\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi3c8a~1\datamngr\toolbar\searchqudtx.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi3c8a~1\datamngr\toolbar\searchqudtx.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [Facebook Update] "c:\users\simon\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
    uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
    mRun: [facemoods] "c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bankid~1.lnk - c:\program files\personal\bin\Personal.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    LSP: mswsock.dll
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{B523D576-2927-47EB-B58C-5897A926D97D} : DhcpNameServer = 192.168.1.1
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\simon\appdata\roaming\mozilla\firefox\profiles\clbeh0im.default\
    FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.se/
    FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=100478&babsrc=adbartrp&mntrId=3ce818f1000000000000002618f04b04&q=
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\personal\bin\np_prsnl.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\simon\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
    FF - plugin: d:\veetle\player\npvlc.dll
    FF - plugin: d:\veetle\plugins\npVeetle.dll
    FF - plugin: d:\veetle\vlcbroadcast\npvbp.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
    FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\avast software\avast\webrep\FF
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.BabylonToolbar_i.id - 3ce818f1000000000000002618f04b04
    FF - user.js: extensions.BabylonToolbar_i.hardId - 3ce818f1000000000000002618f04b04
    FF - user.js: extensions.BabylonToolbar_i.instlDay - 15344
    FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1717:57:13
    FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
    FF - user.js: extensions.BabylonToolbar_i.newTab - false
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100478
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-2-8 435032]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-2-8 314456]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-11-16 239168]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-4 176128]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-2-8 20568]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-2-8 55128]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-2-8 44768]
    R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-4-20 7772160]
    R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-4-20 243712]
    R3 awtoypog;awtoypog;c:\users\simon\appdata\local\temp\awtoypog.sys [2012-2-8 100864]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
    S2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\photoshopelementsfileagent.exe --> c:\program files\PhotoshopElementsFileAgent.exe [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Tjänsten Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-9 136176]
    S2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\photoshopelementsdeviceconnect.exe --> c:\program files\PhotoshopElementsDeviceConnect.exe [?]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\drivers\BazisVirtualCDBus.sys [2010-4-6 98400]
    S3 gupdatem;Tjänsten Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-9 136176]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-6-8 15872]
    SUnknown TsUsbFlt;TsUsbFlt; [x]
    SUnknown tsusbhub;tsusbhub; [x]
    .
    =============== Created Last 30 ================
    .
    2012-02-08 17:37:02 -------- d-----w- c:\program files\GridinSoft Trojan Killer
    2012-02-08 16:50:23 388096 ----a-r- c:\users\simon\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2012-02-08 16:50:23 -------- d-----w- c:\program files\Trend Micro
    2012-02-08 13:50:28 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-02-08 13:50:22 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-02-08 13:50:03 41184 ----a-w- c:\windows\avastSS.scr
    2012-02-08 13:49:58 -------- d-----w- c:\programdata\AVAST Software
    2012-02-08 13:49:58 -------- d-----w- c:\program files\AVAST Software
    2012-02-08 12:58:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-02-08 12:03:31 -------- d-----w- c:\users\simon\appdata\local\{407444FE-074C-420B-9288-E273F7CF8F11}
    2012-02-08 12:03:17 -------- d-----w- c:\users\simon\appdata\local\{A0E23D20-2D6B-4A92-A292-8404D0ABDAF5}
    2012-02-08 02:51:54 -------- d-----w- c:\programdata\MFAData
    2012-02-08 01:55:39 -------- d-----w- c:\users\simon\appdata\roaming\Malwarebytes
    2012-02-08 01:55:33 -------- d-----w- c:\programdata\Malwarebytes
    2012-02-08 01:41:51 -------- d-----w- c:\program files\Enigma Software Group
    2012-02-08 01:40:45 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
    2012-02-08 01:40:41 -------- d-----w- c:\program files\common files\Wise Installation Wizard
    2012-02-07 23:28:59 -------- d-----w- c:\users\simon\appdata\local\{661DD34C-CF58-40D6-A540-4E1BF6EA6F36}
    2012-02-07 22:25:08 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
    2012-02-07 11:28:36 -------- d-----w- c:\users\simon\appdata\local\{63AB4F93-2597-47AE-8524-1DCC6C2C88CE}
    2012-02-06 23:28:12 -------- d-----w- c:\users\simon\appdata\local\{9E95CC46-5F7F-475D-86A9-5D995F2511CA}
    2012-02-06 11:27:48 -------- d-----w- c:\users\simon\appdata\local\{AC44901C-360B-4256-9C29-6C1D4220C0B5}
    2012-02-05 14:28:00 -------- d-----w- c:\users\simon\appdata\local\{9A2E91D9-E32F-43B8-85F6-67697968A23C}
    2012-02-05 00:01:20 -------- d-----w- c:\users\simon\appdata\local\{28433BE0-9BEF-46D3-B544-6B3DC4FBC7B8}
    2012-02-04 12:00:56 -------- d-----w- c:\users\simon\appdata\local\{B3E3CAE2-A7B3-4879-B799-637199051B4D}
    2012-02-04 00:00:31 -------- d-----w- c:\users\simon\appdata\local\{9D4F6076-12B0-4D7E-A76E-70B9BBDD2BD7}
    2012-02-03 12:00:08 -------- d-----w- c:\users\simon\appdata\local\{FA1F5C9B-FEA0-4779-9719-1BEA38134902}
    2012-02-03 11:59:57 -------- d-----w- c:\users\simon\appdata\local\{1EB7DE0E-331E-4267-933A-A7F49F2514C5}
    2012-02-02 23:59:31 -------- d-----w- c:\users\simon\appdata\local\{76491197-3009-4CF2-9085-AD8336D6C486}
    2012-02-02 23:59:19 -------- d-----w- c:\users\simon\appdata\local\{0E83332E-FF01-4300-AEF8-9B0DAE9D0A98}
    2012-02-01 14:51:24 -------- d-----w- c:\users\simon\appdata\local\{FD41B25C-435F-481D-8F4B-65DB008C77C9}
    2012-01-29 21:35:52 -------- d-----w- c:\users\simon\appdata\local\{3FFA9400-0BC8-46F4-9ABE-61F15877FE38}
    2012-01-29 21:35:41 -------- d-----w- c:\users\simon\appdata\local\{A9A618CF-A5FC-4729-92D8-DCE630BC5D25}
    2012-01-28 13:20:47 -------- d-----w- c:\users\simon\appdata\local\{9910B6DB-D0C3-4584-907A-949B94C65F01}
    2012-01-28 01:20:23 -------- d-----w- c:\users\simon\appdata\local\{D718F386-62FC-4D44-AFAC-1D7312058CC9}
    2012-01-27 13:19:59 -------- d-----w- c:\users\simon\appdata\local\{4EFE92D5-25DC-457B-94E3-4B53D819BEFE}
    2012-01-26 14:06:34 -------- d-----w- c:\users\simon\appdata\local\{693626DB-0B90-4CF6-AD6B-D0847E9FEB75}
    2012-01-26 02:06:11 -------- d-----w- c:\users\simon\appdata\local\{BE9DC4F6-3364-443A-A746-B57959A61162}
    2012-01-26 02:05:59 -------- d-----w- c:\users\simon\appdata\local\{93041ED9-DC3B-469A-804B-88DF600486F3}
    2012-01-25 18:19:01 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-01-25 18:19:01 369352 ----a-w- c:\windows\system32\drivers\cng.sys
    2012-01-25 18:19:01 314880 ----a-w- c:\windows\system32\webio.dll
    2012-01-25 18:19:01 22528 ----a-w- c:\windows\system32\lsass.exe
    2012-01-25 18:19:01 224768 ----a-w- c:\windows\system32\schannel.dll
    2012-01-25 18:19:01 22016 ----a-w- c:\windows\system32\secur32.dll
    2012-01-25 18:19:01 15872 ----a-w- c:\windows\system32\sspisrv.dll
    2012-01-25 18:19:01 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2012-01-25 18:19:01 1038848 ----a-w- c:\windows\system32\lsasrv.dll
    2012-01-25 18:19:01 100352 ----a-w- c:\windows\system32\sspicli.dll
    2012-01-25 14:05:31 -------- d-----w- c:\users\simon\appdata\local\{D4DA736D-C380-433D-BC47-84D77129514D}
    2012-01-24 23:44:04 -------- d-----w- c:\users\simon\appdata\local\{07FA1142-0065-4286-9450-2383C8E47978}
    2012-01-24 11:43:39 -------- d-----w- c:\users\simon\appdata\local\{93F16013-7824-4E35-BD34-F6A1BABC48DC}
    2012-01-23 23:43:13 -------- d-----w- c:\users\simon\appdata\local\{5AF06565-9E8E-45D6-8711-6D579722957F}
    2012-01-23 11:42:49 -------- d-----w- c:\users\simon\appdata\local\{8144D9E5-B11B-486A-A9B8-27E216A69146}
    2012-01-22 17:08:44 -------- d-----w- c:\users\simon\appdata\local\{BD955B3A-3F9F-4D89-8843-B7F044C0753C}
    2012-01-22 17:08:34 -------- d-----w- c:\users\simon\appdata\local\{392F9F9B-6E03-4852-A2D1-9F06524AE9E9}
    2012-01-12 14:03:16 -------- d-----w- c:\users\simon\appdata\local\{89B33B8D-D893-4E03-A9D1-437F08249393}
    2012-01-12 02:02:53 -------- d-----w- c:\users\simon\appdata\local\{19AE6CAC-69A1-42B3-9E3C-B91F0F74F837}
    2012-01-11 14:02:29 -------- d-----w- c:\users\simon\appdata\local\{3C711829-C102-434D-960F-C356149BEC38}
    2012-01-10 19:28:20 514560 ----a-w- c:\windows\system32\qdvd.dll
    2012-01-10 19:28:20 1328128 ----a-w- c:\windows\system32\quartz.dll
    2012-01-10 19:28:19 67072 ----a-w- c:\windows\system32\packager.dll
    2012-01-10 19:28:18 1288472 ----a-w- c:\windows\system32\ntdll.dll
    2012-01-10 17:55:21 -------- d-----w- c:\users\simon\appdata\local\{CD77497F-40AE-4844-95AB-7F52149A2B80}
    .
    ==================== Find3M ====================
    .
    2012-02-07 22:25:10 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-12-21 19:32:17 9728 ------w- c:\users\simon\appdata\roaming\desktop.ini
    2011-12-21 19:32:17 55808 ------w- c:\users\simon\appdata\roaming\ntuser.dat
    2011-11-24 04:25:27 2342912 ----a-w- c:\windows\system32\win32k.sys
    2011-11-16 01:16:44 152576 ----a-w- c:\windows\system32\msclmd.dll
    2011-11-16 00:40:01 239168 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2011-11-15 23:37:07 428088 ----a-w- c:\windows\system32\drivers\sptd.sys
    .
    ============= FINISH: 22:06:27,80 ===============
  10. MjuTaS

    MjuTaS Newcomer, in training Topic Starter Posts: 105

    attach

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2009-11-22 20:18:56
    System Uptime: 2012-02-08 17:47:12 (5 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | M4A785TD-V EVO
    Processor: AMD Phenom(tm) II X4 945 Processor | AM3 | 3000/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 78 GiB total, 28,075 GiB free.
    D: is FIXED (NTFS) - 388 GiB total, 141,351 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e965-e325-11ce-bfc1-08002be10318}
    Description: CD-ROM-enhet
    Device ID: IDE\CDROMTSSTCORP_CDDVDW_SH-S223B________________SB02____\5&F437AB5&0&0.1.0
    Manufacturer: (Standard-CD-ROM-enheter)
    Name: TSSTcorp CDDVDW SH-S223B ATA Device
    PNP Device ID: IDE\CDROMTSSTCORP_CDDVDW_SH-S223B________________SB02____\5&F437AB5&0&0.1.0
    Service: cdrom
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: @%SystemRoot%\system32\drivers\netbt.sys,-2
    Device ID: ROOT\LEGACY_NETBT\0000
    Manufacturer:
    Name: @%SystemRoot%\system32\drivers\netbt.sys,-2
    PNP Device ID: ROOT\LEGACY_NETBT\0000
    Service: NetBT
    .
    Class GUID: {4d36e978-e325-11ce-bfc1-08002be10318}
    Description: Kommunikationsport
    Device ID: ACPI\PNP0501\1
    Manufacturer: (Standardporttyper)
    Name: Communications Port (COM1)
    PNP Device ID: ACPI\PNP0501\1
    Service: Serial
    .
    Class GUID: {4d36e965-e325-11ce-bfc1-08002be10318}
    Description: CD-ROM-enhet
    Device ID: DTSOFTBUS&REV1\DTCDROM&REV1\1&79F5D87&3&01
    Manufacturer: (Standard-CD-ROM-enheter)
    Name: DTSOFT Virtual CdRom Device
    PNP Device ID: DTSOFTBUS&REV1\DTCDROM&REV1\1&79F5D87&3&01
    Service: cdrom
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: Drivrutin för Offline Files
    Device ID: ROOT\LEGACY_CSC\0000
    Manufacturer:
    Name: Drivrutin för Offline Files
    PNP Device ID: ROOT\LEGACY_CSC\0000
    Service: CSC
    .
    ==== System Restore Points ===================
    .
    RP310: 2012-02-08 14:10:19 - Removed AVG 2012
    RP311: 2012-02-08 14:25:09 - Installed Java(TM) 6 Update 30
    RP312: 2012-02-08 14:49:43 - avast! Free Antivirus Setup
    RP313: 2012-02-08 17:49:58 - Installed HiJackThis
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 11 ActiveX
    Adobe Reader 9.5.0 - Svenska
    Adobe Shockwave Player 11.5
    ATI Catalyst Install Manager
    ATI Catalyst Registration
    avast! Free Antivirus
    BankID säkerhetsprogram
    BitTorrent
    bwin Poker JPC 1.0.0
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center HydraVision Full
    Catalyst Control Center InstallProxy
    ccc-core-static
    ccc-utility
    CCC Help English
    D3DX10
    DAEMON Tools Lite
    Facebook Video Calling 1.1.1.1
    Facemoods Toolbar
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    Heroes of Newerth
    HiJackThis
    ImagXpress
    Java Auto Updater
    Java(TM) 6 Update 30
    Malwarebytes Anti-Malware version 1.60.1.1000
    McAfee Security Scan Plus
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Office Word Viewer 2003
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Mozilla Firefox (3.6.25)
    Mozilla Firefox (3.6.3)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    neroxml
    PokerStars
    redbet
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Skype™ 5.5
    Spotify
    StarCraft II
    Svenska Spels Poker
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Veetle TV 0.9.18
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live OneCare safety scanner
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    WinRAR archiver
    VLC media player 1.0.3
    .
    ==== End Of File ===========================
  11. Broni

    Broni Malware Annihilator Posts: 46,158   +251

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ==========================================================

    Download Bootkit Remover to your Desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  12. MjuTaS

    MjuTaS Newcomer, in training Topic Starter Posts: 105

    Nothing happens when im trying to run aswMBR.exe, when i downloaded it, a window came up and say the file could harm my computer, i just clicked that window down
  13. Broni

    Broni Malware Annihilator Posts: 46,158   +251

    Go ahead with Bootkit Remover.
  14. MjuTaS

    MjuTaS Newcomer, in training Topic Starter Posts: 105

    wrong log........
  15. Broni

    Broni Malware Annihilator Posts: 46,158   +251

    This is not Bootkit Remover log.
    You posted Attach.txt part of DDS.
  16. MjuTaS

    MjuTaS Newcomer, in training Topic Starter Posts: 105

    oh sorry, here it is:


    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows 7 Ultimate Edition Service Pack 1 (build 7601), 32
    -bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`06500000

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 Controlled by rootkit!

    Boot code on some of your physical disks is hidden by a rootkit.
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]


    Done;
    Press any key to quit...
  17. Broni

    Broni Malware Annihilator Posts: 46,158   +251

    Good :)

    Please download and run ListParts by Farbar (for 32-bit system)

    Please download and run ListParts64 by Farbar (for 64-bit system)

    Click on Scan button.

    Scan result will open in Notepad.
    Post it in your next reply.
  18. MjuTaS

    MjuTaS Newcomer, in training Topic Starter Posts: 105

    ListParts by Farbar
    Ran by Simon on 08-02-2012 at 23:04:36
    Windows 7 (X86)
    Running From: C:\Users\Simon\Desktop
    Language: 0409
    ************************************************************

    ========================= Memory info ======================

    Percentage of memory in use: 51%
    Total physical RAM: 3327.18 MB
    Available physical RAM: 1616.75 MB
    Total Pagefile: 6652.64 MB
    Available Pagefile: 4776.5 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1962.68 MB

    ======================= Partitions =========================

    1 Drive c: (System) (Fixed) (Total:78.03 GB) (Free:28.14 GB) NTFS
    2 Drive d: (Backup) (Fixed) (Total:387.63 GB) (Free:141.35 GB) NTFS

    Disk nr Status Storlek Ledigt Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk nr 0 Online 465 G B 1024 K B

    DiskPart avslutas...

    Partitions of Disk Disk nr 0 Online 465 G B 1024 K B :
    ===============

    Argumenten som angetts f”r kommandot „r inte giltiga.
    Om du vill ha mer information om kommandot skriver du: HELP SELECT DISK

    Ingen disk har valts.


    ****** End Of Log ******
     
  19. Broni

    Broni Malware Annihilator Posts: 46,158   +251

    Download the FixTDSS.exe

    Save the file to your Windows desktop.
    Close all running programs.
    If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
    Double-click the FixTDSS.exe file to start the removal tool.
    Click Start to begin the process, and then allow the tool to run.
    OK any security prompts.
    Restart the computer when prompted by the tool.
    After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
    If you are running Windows XP, re-enable System Restore.
  20. MjuTaS

    MjuTaS Newcomer, in training Topic Starter Posts: 105

    ok, it started to restart but right before it restarted i got blue screen, when i was gonna start the comp i got bluescreen again and again and again, with normal start mode. Im trying to start it with repair mode now, im on a laptop now.

    what happend? why bluescreen? any clue?
  21. MjuTaS

    MjuTaS Newcomer, in training Topic Starter Posts: 105

    windows is loading files.... been like that for 10 min now, nothing happens
  22. Broni

    Broni Malware Annihilator Posts: 46,158   +251

    Turn the computer off.
    Wait 1 minute.
    Turn it back on.
  23. MjuTaS

    MjuTaS Newcomer, in training Topic Starter Posts: 105

    with normal mode again? or should i try repair mode?
  24. Broni

    Broni Malware Annihilator Posts: 46,158   +251

    Try normal mode.
  25. MjuTaS

    MjuTaS Newcomer, in training Topic Starter Posts: 105

    blue screen again :(


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.