Inactive Websites redirected, can't run Windows Update, can't install Malwarebytes

I followed the steps and ran the repair overnight... but all the problems still seem to remain.
 
Let me see a scan from this tool, and also let me know if it helps...

RogueKiller Scan

  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
RGKRScan.png


  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
RGKRDelete.png


  • The report has been created on the desktop.
  • Next click on the ShortcutsFix

    RGKRShortcutsFix.png
  • The report has been created on the desktop.
Please post:

All RKreport.txt text files located on your desktop.
 
RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : hmc05 [Admin rights]
Mode : Scan -- Date : 10/11/2012 10:19:20

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> FOUND
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[31] : NtConnectPort @ 0x805A45D8 -> HOOKED (Unknown @ 0x8A103C80)
SSDT[206] : NtResumeThread @ 0x805D4A18 -> HOOKED (Unknown @ 0x8A0CB910)
IRP[IRP_MJ_CREATE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9E09B40)
IRP[IRP_MJ_CLOSE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9E09B40)
IRP[IRP_MJ_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9E09B40)
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9E09B40)
IRP[IRP_MJ_POWER] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9E09B40)
IRP[IRP_MJ_SYSTEM_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9E09B40)
IRP[IRP_MJ_PNP] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9E09B40)
IRP[DriverStartIo] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9E07864)

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINNT\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500AAJS-60M0A0 +++++
--- User ---
[MBR] 2b43a5f16e59551b19a2a7ead171c7e1
[BSP] 1c79d55edf5a9913ab060845cb2c75e5 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238464 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt
 
RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : hmc05 [Admin rights]
Mode : Remove -- Date : 10/11/2012 10:19:43
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 2 ¤¤¤
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[31] : NtConnectPort @ 0x805A45D8 -> HOOKED (Unknown @ 0x8A103C80)
SSDT[206] : NtResumeThread @ 0x805D4A18 -> HOOKED (Unknown @ 0x8A0CB910)
IRP[IRP_MJ_CREATE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9E09B40)
IRP[IRP_MJ_CLOSE] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9E09B40)
IRP[IRP_MJ_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9E09B40)
IRP[IRP_MJ_INTERNAL_DEVICE_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9E09B40)
IRP[IRP_MJ_POWER] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9E09B40)
IRP[IRP_MJ_SYSTEM_CONTROL] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9E09B40)
IRP[IRP_MJ_PNP] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9E09B40)
IRP[DriverStartIo] : Unknown -> HOOKED ([MAJOR] atapi.sys @ 0xB9E07864)
¤¤¤ HOSTS File: ¤¤¤
--> C:\WINNT\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD2500AAJS-60M0A0 +++++
--- User ---
[MBR] 2b43a5f16e59551b19a2a7ead171c7e1
[BSP] 1c79d55edf5a9913ab060845cb2c75e5 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238464 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
 
RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : hmc05 [Admin rights]
Mode : Shortcuts HJfix -- Date : 10/11/2012 10:32:43
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 1 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 11 / Fail 0
My documents: Success 13 / Fail 13
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 35 / Fail 0
Backup: [NOT FOUND]
Drives:
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
[H:] \Device\WinDfs\H:000000000002db57 -- 0x4 --> Skipped
[L:] \Device\LanmanRedirector\;L:000000000002db57\icnfs-ee.cc.ic.ac.uk\hmc05 -- 0x4 --> Skipped
[V:] \Device\LanmanRedirector\;V:000000000002db57\skynet.ee.ic.ac.uk\udrc -- 0x4 --> Skipped
[W:] \Device\LanmanRedirector\;W:000000000002db57\skynet.ee.ic.ac.uk\shared -- 0x4 --> Skipped
[Y:] \Device\LanmanRedirector\;Y:000000000002db57\skynet.ee.ic.ac.uk\hcomminweb -- 0x4 --> Skipped
[Z:] \Device\LanmanRedirector\;Z:000000000002db57\skynet.ee.ic.ac.uk\hcommin -- 0x4 --> Skipped
Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
 
Websites still being blocked... but I just noticed that the Windows Update icon has popped up in the system tray asking to reboot. (Haven't seen that in a while... will see if there are any changes after reboot).

EDIT: Windows Update failed... but I seem to remember this happening a while ago, so it may be a separate problem. The failed update was: Security Update for Windows XP (KB2724197).
 
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Check Partitions

Please download Listparts
Run the tool,
check the "list BCD" box
click "Scan" and post the log (Result.txt) it makes.
 
Farbar Service Scanner Version: 07-10-2012
Ran by hmc05 (administrator) on 11-10-2012 at 15:48:46
Running from "C:\Documents and Settings\hmc05\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINNT\system32\dhcpcsvc.dll => MD5 is legit
C:\WINNT\system32\Drivers\afd.sys => MD5 is legit
C:\WINNT\system32\Drivers\netbt.sys => MD5 is legit
C:\WINNT\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINNT\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINNT\system32\dnsrslvr.dll => MD5 is legit
C:\WINNT\system32\ipnathlp.dll => MD5 is legit
C:\WINNT\system32\netman.dll => MD5 is legit
C:\WINNT\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINNT\system32\srsvc.dll => MD5 is legit
C:\WINNT\system32\Drivers\sr.sys => MD5 is legit
C:\WINNT\system32\wscsvc.dll => MD5 is legit
C:\WINNT\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINNT\system32\wuauserv.dll => MD5 is legit
C:\WINNT\system32\qmgr.dll => MD5 is legit
C:\WINNT\system32\es.dll => MD5 is legit
C:\WINNT\system32\cryptsvc.dll => MD5 is legit
C:\WINNT\system32\svchost.exe => MD5 is legit
C:\WINNT\system32\rpcss.dll => MD5 is legit
C:\WINNT\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) SYMTDI(8) Tcpip(3)
0x080000000400000001000000020000000300000008000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****
 
ListParts by Farbar Version: 02-10-2012
Ran by hmc05 (administrator) on 11-10-2012 at 15:50:48
Windows XP (X86)
Running From: C:\Documents and Settings\hmc05\Desktop
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 27%
Total physical RAM: 3017.17 MB
Available physical RAM: 2184.25 MB
Total Pagefile: 4902.21 MB
Available Pagefile: 4246.68 MB
Total Virtual: 2047.88 MB
Available Virtual: 1999.68 MB

======================= Partitions =========================

1 Drive c: (EE-HMC05) (Fixed) (Total:232.88 GB) (Free:186.71 GB) NTFS ==>[Drive with boot components (Windows XP)]
2 Drive d: (XP32PSP3_US) (CDROM) (Total:0.6 GB) (Free:0 GB) CDFS
3 Drive h: (hmc05) (Network) (Total:8 GB) (Free:6.93 GB) NTFS
4 Drive l: (hmc05) (Network) (Total:0.38 GB) (Free:0.19 GB) NTFS
5 Drive v: (New Volume) (Network) (Total:90.45 GB) (Free:27.99 GB) NTFS
6 Drive w: (New Volume) (Network) (Total:90.45 GB) (Free:27.99 GB) NTFS
7 Drive y: (New Volume) (Network) (Total:90.45 GB) (Free:27.99 GB) NTFS
8 Drive z: (New Volume) (Network) (Total:90.45 GB) (Free:27.99 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 233 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 233 GB 32 KB
======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C EE-HMC05 NTFS Partition 233 GB Healthy System (partition with boot components)
======================================================================================================

****** End Of Log ******
 
Do these look familiar?

5 Drive v: (New Volume) (Network) (Total:90.45 GB) (Free:27.99 GB) NTFS
6 Drive w: (New Volume) (Network) (Total:90.45 GB) (Free:27.99 GB) NTFS
7 Drive y: (New Volume) (Network) (Total:90.45 GB) (Free:27.99 GB) NTFS
8 Drive z: (New Volume) (Network) (Total:90.45 GB) (Free:27.99 GB) NTFS

They're all network drives, is this computer on a business or educational network?


Go to Start > Run, type in cmd and hit OK.

Copy and paste this phrase in to the Command Prompt line:

cmd /c (ipconfig /all&nslookup google.com&ping -n 2 google.com&route print) >log.txt&log.txt


If you have troubles pasting it, right click on the Command Prompt window and click Paste. Then, hit Enter.

Post the log that launches.
 
Yes, those drives are familiar (they're on a server at work, but I can happily unmap them, as I hardly ever use them).

I'm not at the infected computer now, but will post the log as soon as possible. Thanks again!
 
The log file which popped up at the end was empty.


In case it's helpful, here's a copy of the command window:

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

H:\>cmd /c (ipconfig /all&nslookup google.com&ping -n 2 google.com&route print)
>log.txt&log.txt
Server: dns0.ic.ac.uk
Address: 155.198.142.7

Non-authoritative answer:
Name: google.com
Addresses: 173.194.41.72, 173.194.41.73, 173.194.41.78, 173.194.41.64
173.194.41.65, 173.194.41.66, 173.194.41.67, 173.194.41.68, 173.194.41
.69
173.194.41.70, 173.194.41.71


Pinging google.com [173.194.41.136] with 32 bytes of data:

Reply from 173.194.41.136: bytes=32 time=3ms TTL=53
Reply from 173.194.41.136: bytes=32 time=3ms TTL=53

Ping statistics for 173.194.41.136:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 3ms, Maximum = 3ms, Average = 3ms

Manipulates network routing tables.

ROUTE [-f] [-p] [command [destination]
[MASK netmask] [gateway] [METRIC metric] [IF interface]

-f Clears the routing tables of all gateway entries. If this is
used in conjunction with one of the commands, the tables are
cleared prior to running the command.
-p When used with the ADD command, makes a route persistent across
boots of the system. By default, routes are not preserved
when the system is restarted. Ignored for all other commands,
which always affect the appropriate persistent routes. This
option is not supported in Windows 95.
command One of these:
PRINT Prints a route
ADD Adds a route
DELETE Deletes a route
CHANGE Modifies an existing route
destination Specifies the host.
MASK Specifies that the next parameter is the 'netmask' value.
netmask Specifies a subnet mask value for this route entry.
If not specified, it defaults to 255.255.255.255.
gateway Specifies gateway.
interface the interface number for the specified route.
METRIC specifies the metric, ie. cost for the destination.

All symbolic names used for destination are looked up in the network database
file NETWORKS. The symbolic names for gateway are looked up in the host name
database file HOSTS.

If the command is PRINT or DELETE. Destination or gateway can be a wildcard,
(wildcard is specified as a star '*'), or the gateway argument may be omitted.

If Dest contains a * or ?, it is treated as a shell pattern, and only
matching destination routes are printed. The '*' matches any string,
and '?' matches any one char. Examples: 157.*.1, 157.*, 127.*, *224*.
Diagnostic Notes:
Invalid MASK generates an error, that is when (DEST & MASK) != DEST.
Example> route ADD 157.0.0.0 MASK 155.0.0.0 157.55.80.1 IF 1
The route addition failed: The specified mask parameter is invalid.
(Destination & Mask) != Destination.

Examples:

> route PRINT
> route ADD 157.0.0.0 MASK 255.0.0.0 157.55.80.1 METRIC 3 IF 2
destination^ ^mask ^gateway metric^ ^
Interface^
If IF is not given, it tries to find the best interface for a given
gateway.
> route PRINT
> route PRINT 157* .... Only prints those matching 157*
> route CHANGE 157.0.0.0 MASK 255.0.0.0 157.55.80.5 METRIC 2 IF 2

CHANGE is used to modify gateway and/or metric only.
> route PRINT
> route DELETE 157.0.0.0
> route PRINT

H:\>
 
Please download the latest version of Kaspersky GetSystemInfo (GSI) from Kaspersky and save it to your Desktop.

Note: please close all other applications running on your system.

Double click GetSystemInfo.exe to open it. It will display an agreement. Click on I Agree to continue.

Click the Settings button.
2hd457o.gif


settingsslider.png


Set the slider to Maximum.

driversports.png


IMPORTANT! Then, click Customize - choose Driver / Ports tab and uncheck Scan Ports.


generaltab.png


On the General tab, make sure all of the boxes are checked.


misce.png


On the Misc tab, make sure all the checkboxes are checked.

Then, click OK on the windows that you launched.


2ekm73m.gif

Click Create Report to run it.

beginscanning.png

It will begin scanning.

It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop.

It should automatically upload it to http://www.getsysteminfo.com. If it does not, then please submit it manually by going to the site and doing the upload process.

It will redirect to a page, where it will provide a sharing URL for specialists. Copy and paste the url of the GSI Parser report in your next reply.
 
Please download 7-Zip and install it. If you already have it, no need to reinstall.

Then, download RootkitUnhooker and save the setup to your Desktop.

  • Right-click on the RootkitUnhooker setup and mouse-over 7-Zip then click Extract to "RKU***"
  • Once that is done, enter the folder, and double-click on the setup file. Navigate through setup and finish.
  • Once that is done, you will see another folder that was created inside the RKU folder. Enter that folder, and double-click on the randomly named file. (It will be alpha-numeric and have an EXE extension on it.)
  • It will initialize itself and load the scanner. It will also install its driver. Please wait for the interface to begin.
  • Once inside the interface, do not fix anything. Click on the Report tab.
  • Next, click on the Scan button and a popup will show. Make sure all are checked, then click on OK. It will begin scanning. When it gets to the Files tab, it will ask you what drives to scan. Just select C:\ and hit OK.
  • It will finish in about 5 minutes or a little longer depending on how badly infected the system is, or if your security software is enabled.
  • When finished, it will show the report in the Report tab. Please copy all of it, and post it in your next reply. Depending on how large the log is, you may have to use two or three posts to get all the information in.
 
Thanks for that! The scan is now finally starting (after 2 hours of checking the directory list of C:\). Looks like this one will have to run overnight and I'll post the log tomorrow.

Thanks again!
 
>SSDT State
NtConnectPort
Actual Address 0x89B24820
Hooked by: Unknown module filename

NtCreateKey
Actual Address 0xB9EB50E0
Hooked by: spxp.sys

NtEnumerateKey
Actual Address 0xB9ECDDA4
Hooked by: spxp.sys

NtEnumerateValueKey
Actual Address 0xB9ECE132
Hooked by: spxp.sys

NtOpenKey
Actual Address 0xB9EB50C0
Hooked by: spxp.sys

NtQueryKey
Actual Address 0xB9ECE20A
Hooked by: spxp.sys

NtQueryValueKey
Actual Address 0xB9ECE08A
Hooked by: spxp.sys

NtResumeThread
Actual Address 0x8A339108
Hooked by: Unknown module filename

NtSetValueKey
Actual Address 0xB9ECE29C
Hooked by: spxp.sys

>Shadow
>Processes
>Drivers
>Stealth
>Files
Suspect File: C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS1B7CC.log Status: Hidden
Suspect File: C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\7DC76035.TMP Status: Hidden
Suspect File: C:\WINNT\system32\CCM\ServiceData\Messaging\EndpointQueues\CertificateMaintenanceEndpoint\000000BC.msg Status: Hidden
Suspect File: C:\WINNT\system32\CCM\ServiceData\Messaging\EndpointQueues\CertificateMaintenanceEndpoint\000000BC.que Status: Hidden
Suspect File: C:\WINNT\system32\CCM\ServiceData\Messaging\EndpointQueues\ProxyMaintenanceEndpoint\000000AH.msg Status: Hidden
Suspect File: C:\WINNT\system32\CCM\ServiceData\Messaging\EndpointQueues\ProxyMaintenanceEndpoint\000000AH.que Status: Hidden
>Hooks
[3548]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification at address 0x01001268 hook handler located in [shimeng.dll]
[820]searchindexer.exe-->kernel32.dll-->WriteFile, Type: Inline - RelativeJump at address 0x7C810E27 hook handler located in [mssrch.dll]
[820]searchindexer.exe-->kernel32.dll-->WriteFile, Type: Inline - SEH at address 0x7C810E2C hook handler located in [unknown_code_page]
[820]searchindexer.exe-->kernel32.dll-->WriteFile, Type: Inline - SEH at address 0x7C810E2D hook handler located in [unknown_code_page]
!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)
 
There are only so many scans we can do, and no malware so far has evaded this well.

Have you contacted the network administrator about this? Has anyone else been experiencing similar symptoms, or is it just your machine?

I don't know if you said before or not, but what browsers does this affect? All? The only other option I can see fit is to reset or reinstall what browsers are causing issue...
 
No one else is having these problems. I run two computers side-by-side and only one has issues.

It was affecting Chrome with respect to blocked websites. I had a very outdated version of Internet Explorer, which just seemed to crash all the time. I have uninstalled both and reinstalled Chrome. The problem remains. (And I still can't install Malwarebytes).

So the rootkit activity from the last scan was a false positive?
 
Yes it was... whenever that tool detects any of the things that it did, it puts that at the end of the log. Security tools or antivirus software commonly create similar driver settings, which can show up on rootkit scanners.

Sadly, none of the tools caught this, but I did as I ran back through ALL of the logs above. What I found were fake SQL injections, CcmFramework.

Please run OTL
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    :OTL
    [2012/09/24 12:15:18 | 000,004,764 | ---- | C] () -- C:\WINNT\System32\CcmFramework.ini
    [2012/09/24 12:15:18 | 000,000,621 | ---- | C] () -- C:\WINNT\System32\CcmFramework.h

    :commands
    [emptytemp]
    [reboot]
    Click to expand...
  • Then click the Run Fix button at the top.
  • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, as this is normal.
  • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
    Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)
Once again, let me know how it works out...If it doesn't work out, open OTL, press Quick Scan and post new log, please.
 
You must log in or register to reply here.

Similar threads

T
Russian users report that they can't download Windows 10 and 11
2
Replies
46
Views
15K
Gastec
Gastec
B
Solved Is this malware and how to remove it? "Received message from unexpected origin : chrome-extension://efaidnbmnnnibpcajpcglclefindmkaj
Replies
6
Views
8K
Broni
Broni
M
Ashampoo Burning Studio 21 Update not working
Replies
1
Views
1K
Mondriaan
M

Latest posts

Back