You are about to be logged off: Windows has encountered a critical problem...

Inactive
By Triangleman
Nov 4, 2012
  1. It appears my computer has the SIREFEF trojan on it. Occasionally it redirects my web browser to other pages. Just today it gave me this message about logging off and critical problem. I could really use your expertise and assistance getting rid of it.
  2. Broni

    Broni Malware Annihilator Posts: 46,341   +252

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ============================

    What Windows version is it?
  3. Triangleman

    Triangleman Newcomer, in training Topic Starter

    Windows 7 Home Premium Service Pack 1 64 bit
  4. Broni

    Broni Malware Annihilator Posts: 46,341   +252

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

    Next...

    Re-run FRST again.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes in your reply.

    I'll expect two logs:
    - FRST.txt
    - Search.txt
  5. Triangleman

    Triangleman Newcomer, in training Topic Starter

    I was unable to get any of my usb thumb drives to show up when in system recovery options (at the command prompt or in notepad). Normally they will show up when the computer is starting up.
  6. Broni

    Broni Malware Annihilator Posts: 46,341   +252

    Sometimes it takes some time for them to show up.
    Also, try to re-plug them.
  7. Triangleman

    Triangleman Newcomer, in training Topic Starter

    The light that normally lights up on my USB thumb drive when I plug it in is not active. Is there any way for me to burn a CD or run this off my Local Disk? Also, when I use diskpart and "list disk" I just show Disk 0 Online 931 GB. No other disks (including my CD drive) However when I use notepad to look at available drives it shows 3 hard disk drives (C: System Reserved / D: Local Disk and X: Boot) and one removable drive (E: CD Drive)
  8. Broni

    Broni Malware Annihilator Posts: 46,341   +252

    Do you really have removable CD drive?
  9. Triangleman

    Triangleman Newcomer, in training Topic Starter

    It's an internal CD/DVD drive.
  10. Triangleman

    Triangleman Newcomer, in training Topic Starter

    In the mean while I hope this doesn't mess things up but I followed the instructions in the first 5-step viruses/spyware/malware preliminary removal. I first installed Microsoft Security Essentials which quarantined: Exploit: Java/CVE-2012-1723.AHN Exploit:Java/Blacole.GP and Trojan:JS/Tracur:E. I then downloaded Malwarebytes Anti-Malware and it did not detect anything. I then downloaded gmer which did not produce a log (nothing detected). I then ran dds which produced two reports which I can post if you want to see them.
  11. Broni

    Broni Malware Annihilator Posts: 46,341   +252

    Possibly E is your USB flash drive.
    Did you try to run e:\frst64 command?
     
  12. Broni

    Broni Malware Annihilator Posts: 46,341   +252

    I didn't see your last reply.
    Please post all logs you created.
  13. Triangleman

    Triangleman Newcomer, in training Topic Starter

    GMER did not produce a log but here are the logs from DDS. (I have since been using my computer and have not experienced the problems I was experiencing earlier so I am wondering if the Microsoft Security Essentials may have caught the problems)
    ------------------
    DDS.txt
    DDS (Ver_2012-10-19.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.9.2
    Run by Machine at 22:25:32 on 2012-11-04
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8153.6394 [GMT -5:00]
    .
    AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
    C:\Program Files\Intel\iCLS Client\HeciServer.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\viakaraokesrv.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files\Logitech Gaming Software\LCore.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files (x86)\Steam\steam.exe
    C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
    C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    C:\Windows\Samsung\PanelMgr\SSMMgr.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Windows\Samsung\PanelMgr\caller64.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Windows\system32\sppsvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    uProxyOverride = <local>
    mWinlogon: Userinit = userinit.exe,
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
    uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    uRun: [Akamai NetSession Interface] "C:\Users\Machine\AppData\Local\Akamai\netsession_win.exe"
    uRun: [CAHeadless] C:\Program Files (x86)\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe
    mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
    mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRunOnce: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} - hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
    TCP: NameServer = 209.18.47.61 209.18.47.62 192.168.1.1
    TCP: Interfaces\{BBD60E6A-267F-4D7B-9DE1-299AAF35F7A2} : DHCPNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
    SSODL: WebCheck - <orphaned>
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
    x64-Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
    x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Machine\AppData\Roaming\Mozilla\Firefox\Profiles\p7oilbjn.default\
    FF - prefs.js: browser.startup.homepage - google.com
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
    FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-6-2 16152]
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-9-12 55856]
    R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2012-6-2 21616]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-7-9 283200]
    R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-9-14 169624]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
    R2 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-1-31 19232]
    R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-8 607456]
    R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-6-2 161560]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-4 399432]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-4 676936]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-6-2 2253120]
    R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.SYS [2006-11-15 11576]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-6-2 363800]
    R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\System32\ViakaraokeSrv.exe [2012-6-2 27760]
    R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2012-1-6 59392]
    R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2012-1-6 84608]
    R3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2012-6-2 30528]
    R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-6-2 160256]
    R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-6-2 355096]
    R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-6-2 786200]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-6-2 104560]
    R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
    R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\System32\drivers\LGSHidFilt.Sys [2012-2-7 66328]
    R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-11-4 25928]
    R3 MEIx64;Intel(R) Management Engine Interface ;C:\Windows\System32\drivers\HECIx64.sys [2012-6-2 60184]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2012-6-2 174184]
    R3 UsbFltr;WayTech USB Filter Driver;C:\Windows\System32\drivers\UsbFltr.sys [2007-4-9 12288]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2012-6-2 2184816]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-6-2 136176]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-13 250808]
    S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
    S3 etdrv;etdrv;C:\Windows\etdrv.sys [2012-6-2 25640]
    S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-7-9 1432400]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-6-2 136176]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-11 115168]
    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 128456]
    S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-6-3 1255736]
    .
    =============== File Associations ===============
    .
    FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1"
    FileExt: .txt: Applications\iexplore.exe="C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 [UserChoice]
    .
    =============== Created Last 30 ================
    .
    2012-11-05 05:02:02 -------- d-----w- C:\FRST
    2012-11-05 03:21:51 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2A12EC01-1E88-426B-B48F-86616A2F5687}\offreg.dll
    2012-11-05 03:08:12 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2012-11-05 02:59:49 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-11-05 02:59:49 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-11-05 02:05:50 1459963 ----a-w- C:\FRST64.exe
    2012-11-04 22:45:59 972192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DA1B4204-9783-421C-832B-259903DD6661}\gapaengine.dll
    2012-11-04 22:45:57 9291768 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2A12EC01-1E88-426B-B48F-86616A2F5687}\mpengine.dll
    2012-11-04 22:41:09 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
    2012-11-04 22:41:07 -------- d-----w- C:\Program Files\Microsoft Security Client
    2012-10-29 20:46:13 -------- d-----w- C:\Games
    2012-10-29 20:46:11 -------- d-----w- C:\Users\Machine\AppData\Local\Package Cache
    2012-10-10 14:49:42 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
    .
    ==================== Find3M ====================
    .
    2012-11-05 03:20:59 30528 ----a-w- C:\Windows\GVTDrv64.sys
    2012-11-05 03:20:49 25640 ----a-w- C:\Windows\gdrv.sys
    2012-10-08 19:57:09 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-10-08 19:57:09 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-09-12 18:04:59 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2012-09-12 18:04:59 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-09-03 23:51:58 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
    2012-08-31 03:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
    2012-08-31 03:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
    2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll
    2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
    2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    2012-08-11 00:56:03 715776 ----a-w- C:\Windows\System32\kerberos.dll
    2012-08-10 23:56:14 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
    .
    ============= FINISH: 22:25:56.17 ===============
  14. Triangleman

    Triangleman Newcomer, in training Topic Starter

    I also have an attach.txt file but the file says "UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG."
  15. Broni

    Broni Malware Annihilator Posts: 46,341   +252

    Yes, please paste Attach.txt log.

    I also need MBAM log.
  16. Broni

    Broni Malware Annihilator Posts: 46,341   +252

    Still with me?
  17. Triangleman

    Triangleman Newcomer, in training Topic Starter

    I am no longer encountering this problem. Please consider this problem resolved. Thank you for your assistance.
  18. Broni

    Broni Malware Annihilator Posts: 46,341   +252

    Very well.
    Thanks for letting me know :)


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.