User Tag List

TIF Are not delete

This is a discussion on TIF Are not delete within the Inactive Malware Help Topics forums, part of the Tech Support Forum category. I use gmer scan and attached the report I canot use Windows Install disc, or a Boot CD this is


 
 
Thread Tools Search this Thread
Old 02-26-2013, 07:47 AM   #1
Registered Member
 
Join Date: Feb 2013
Posts: 13
OS: Windows XP



I use gmer scan and attached the report
I canot use Windows Install disc, or a Boot CD
this is DDX text
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.7.2
Run by cool at 14:48:00 on 2013-02-26
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1013.366 [GMT 5.5:30]
.
AV: Net Protector 2013 *Enabled/Updated* {5AE99E99-35D6-47B8-87C2-D8A82C07FB43}
.
============== Running Processes ================
.
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRAM FILES\NET PROTECTOR 2012\NPAV4.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Net Protector 2012\ZVMOUNT.EXE
C:\program files\soluto\soluto.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\NETPRO~1\APPCON\APCONSVC.EXE
C:\PROGRAM FILES\NET PROTECTOR 2012\npprtfrw.exe
C:\Program Files\Soluto\SolutoLauncherService.exe
C:\Program Files\Soluto\SolutoService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Net Protector 2012\ZVScan\ZVMonNt.exe
F:\Firefox\firefox.exe
F:\Firefox\plugin-container.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Net Protector 2012\ZVScan\MailGen.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.in/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: NPAV Secure Search: {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - c:\program files\net protector 2012\webscan\WEBSCAN.DLL
BHO: Help the General-Search Project: {CA4520F3-AE13-4FB1-A513-58E23991C86D} - c:\documents and settings\cool\application data\media finder\extensions\gencrawler_gc.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: SpeedBit Video Downloader: {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - LocalServer32 - <no file>
TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ZVMOUNT] c:\program files\net protector 2012\ZVMOUNT.EXE
mRun: [NWEReboot] <no file>
uPolicies-Explorer: NoDriveTypeAutoRun = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1339233627906
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{E51DB39B-7782-4A7E-907D-99A54CF17ED8} : NameServer = 218.248.255.212 218.248.241.2
TCP: Interfaces\{E9D3A6B5-7D2A-4D44-83B4-F615D049729A} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
Notify: NPLogon - NPlogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
IFEO: drwatson.exe - B-NPAV
IFEO: $RECYCLE.BIN.exe - B-NPAV
IFEO: 360tray.exe - B-NPAV
IFEO: AADRIVE32.EXE - B-NPAV
IFEO: ACLEANER.EXE - B-NPAV
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [2013-2-20 51144]
R1 NPPORTFR;NPPORTFR;c:\windows\system32\drivers\NPPORTFR.SYS [2012-12-14 49408]
R1 WNPPORTFR;WNPPORTFR;c:\windows\system32\drivers\WNPPORTFR.sys [2012-12-14 49408]
R2 ApConSvc;NPAV Application Control;c:\progra~1\netpro~1\appcon\APCONSVC.EXE [2011-11-18 1114440]
R2 Net Protector Port Firewall;Net Protector Port Firewall;c:\program files\net protector 2012\NPPRTFRW.EXE [2011-11-22 500776]
R2 SolutoLauncherService;Soluto Launcher Service;c:\program files\soluto\SolutoLauncherService.exe [2013-2-3 166880]
R2 SolutoService;Soluto PCGenome Core Service;c:\program files\soluto\SolutoService.exe [2013-2-3 552928]
R3 APCONDRV;APCONDRV;c:\progra~1\netpro~1\appcon\ApConDrv.sys [2011-4-27 10920]
R3 cpuz135;cpuz135;\??\c:\windows\temp\cpuz135\cpuz135_x32.sys --> c:\windows\temp\cpuz135\cpuz135_x32.sys [?]
R3 npflprot;npflprot;c:\windows\system32\drivers\npflprot.sys [2012-12-14 15104]
R3 vdrv;vdrv;c:\windows\system32\drivers\vdrv.sys [2013-2-18 11776]
R3 ZeroVProtect;Zero-V AntiVirus Protection;c:\program files\net protector 2012\zvscan\ZVMonNt.exe [2011-8-19 217088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\common files\abbyy\finereadersprint\9.00\licensing\NetworkLicenseServer.exe [2009-5-14 759048]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2012-6-20 36608]
S3 ICM_UpdaterService;ICM_UpdaterService Disp;c:\program files\samsung\samsung networking wizard\ICM_Service.exe [2011-3-18 204883]
S3 Net Protector Web Prototection;Net Protector Web Prototection;c:\program files\net protector 2012\WEBPROT.EXE [2012-6-8 134184]
S3 NPVProt;NPAV Antivirus Protection;c:\documents and settings\cool\NPProt.exe [2012-6-8 49152]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\h:\ntglm7x.sys --> h:\NTGLM7X.sys [?]
S3 SolutoRemoteService;Soluto Remote Service;c:\program files\soluto\SolutoRemoteService.exe [2013-2-3 1239552]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
FileExt: .scr: scrfile=c:\progra~1\netpro~1\zvscan\ExecScan.exe "%1" /S
.
=============== Created Last 30 ================
.
2013-02-20 06:11:42 51144 ------w- c:\windows\system32\drivers\Soluto.sys
2013-02-20 06:11:34 -------- d-----w- c:\program files\Soluto
2013-02-18 06:34:42 11776 ----a-w- c:\windows\system32\drivers\vdrv.sys
2013-02-15 22:04:52 208448 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2013-01-30 09:40:34 -------- d-----w- c:\documents and settings\cool\application data\Applian FLV and Media Player
2013-01-30 09:32:00 -------- d-----w- c:\program files\Applian Technologies
2013-01-30 09:24:44 -------- d-----w- c:\documents and settings\all users\application data\APN
.
==================== Find3M ====================
.
2013-01-26 09:38:34 74248 ------w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-26 09:38:34 697864 ------w- c:\windows\system32\FlashPlayerApp.exe
2012-12-19 10:23:32 18096 ------w- c:\windows\system32\roboot.exe
.
============= FINISH: 14:48:53.65 ===============
Attached Files
File Type: zip attach.zip (5.1 KB, 31 views)
kalpesh2013 is offline  
Sponsored Links
Advertisement
 
Old 02-28-2013, 07:59 AM   #2
TSF-Emeritus
 
amateur's Avatar
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 15,384
OS: XP Win7 Win 8.1 Ubuntu 10.10



Hello and welcome to TSF.
  1. Download ComboFix from here:

    https://download.bleepingcomputer.com/sUBs/ComboFix.exe

    * IMPORTANT !!! Place ComboFix.exe on your Desktop

  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.

    How to Disable Your Security Applications

  3. Double click on ComboFix.exe & follow the prompts.

  4. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  5. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  6. Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
__________________

amateur is offline  
Old 03-01-2013, 01:07 AM   #3
Registered Member
 
Join Date: Feb 2013
Posts: 13
OS: Windows XP



There is no log display. The proses of combo-fix does not totally complete. Half proses complete and PC restart.
kalpesh2013 is offline  
Sponsored Links
Advertisement
 
Old 03-01-2013, 06:11 AM   #4
TSF-Emeritus
 
amateur's Avatar
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 15,384
OS: XP Win7 Win 8.1 Ubuntu 10.10



Hi,

At what stage did Combofix reboot? Did it install the Recovery Console?

Double click Combofix and run it again. It may take a while for Combofix to produce the log, so please be patient.
__________________

amateur is offline  
Old 03-02-2013, 12:02 AM   #5
Registered Member
 
Join Date: Feb 2013
Posts: 13
OS: Windows XP



I run it Combo-fix three time. Combo-fix start and the all stage complete than file deleting proses complete after that when c: drive folder deleting start at this time PC restart. After restart no log display on desktop. Did not install the Recovery Console.
kalpesh2013 is offline  
Old 03-02-2013, 06:14 AM   #6
TSF-Emeritus
 
amateur's Avatar
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 15,384
OS: XP Win7 Win 8.1 Ubuntu 10.10



Please go to Start>Run and copy/paste the following command into the Run box:

C:\combofix.txt

If Combofix was able to save the log, it should open it. Please copy/paste the contents of combofix.txt. If nothing happens, proceed with the next step below.

=================

Let's try another tool. Please see this tutorial for it.

MBAR tutorial


Please download Malwarebytes Anti-Rootkit from here Malwarebytes : Malwarebytes Anti-Rootkit and save it to your desktop.


Be sure to print out and follow the instructions provided on that same page.

Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.

  • Double click the mbar.zip file to open it, then 'Extract all files'.
  • Double click the mbar folder to open it, then double click mbar.exe to start the tool.
  • Check for Updates, then Scan your system for malware.
  • If malware is found, do NOT press the Cleanup button yet. Click EXIT.

I'd like to see the log first so I can see what it sees. You'll find the log in that mbar folder as MBAR-log-<date and time>***.txt .

Please post the contents of that log in your next reply.
__________________

amateur is offline  
Old 03-03-2013, 12:22 AM   #7
Registered Member
 
Join Date: Feb 2013
Posts: 13
OS: Windows XP



I follow your instruction but 34 malwar found first attempt than i mistaken cleanup this malwar
1st attempt report
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
Malwarebytes : Free anti-malware download

Database version: v2013.03.03.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
cool :: COOL-3E0964AC46 [administrator]

3/3/2013 1:27:36 PM
mbar-log-2013-03-03 (13-27-36).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 25375
Time elapsed: 13 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 21
HKLM\SOFTWARE\CLASSES\CLSID\{82184935-B894-4AB2-8590-603BA7D74B71} (Trojan.WebMoner) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\tipusul.eProtocol (Trojan.WebMoner) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D}\INPROCSERVER32 (Trojan.Downloader) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\gencrawler_gc.GenCrawler (Trojan.Downloader) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\360tray.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\antiviruspro_2010.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\blank.doc (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\drwatson.exe (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\empty.jpg (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\HACKER.COM.CN.EXE (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MICROSOFT.EXE (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSA.EXE (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\NEW FOLDER.EXE (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SMSS32.EXE (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SVCH0ST.EXE (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SVCHOSTS.EXE (Security.Hijack) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\VCLEANER.EXE (Security.Hijack) -> Delete on reboot.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 4
HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Delete on reboot.
HKCR\scrfile\shell\open\command| (Broken.OpenCommand) -> Bad: (C:\PROGRA~1\NETPRO~1\ZVScan\ExecScan.exe "%1" /S) Good: ("%1" /S) -> Delete on reboot.

Folders Detected: 1
c:\Documents and Settings\All Users\Application Data\IBUpdaterService (PUP.InstallBrain) -> Delete on reboot.

Files Detected: 9
c:\Documents and Settings\cool\Application Data\Media Finder\Extensions\gencrawler_gc.dll (Trojan.Downloader) -> Delete on reboot.
c:\Documents and Settings\All Users\Application Data\Net Protector\Npbkp\ca926452de806a7815d1b6f4958bc175_252416.npb (Worm.AutoRun.FLDGen) -> Delete on reboot.
c:\Documents and Settings\All Users\Application Data\Net Protector\Npbkp\3ce969b33fa06c9c6a4903857afc262e_1193984.npb (Worm.Autorun) -> Delete on reboot.
c:\Documents and Settings\All Users\Application Data\Net Protector\Npbkp\41a3a71888ef6fa40a43b945b0bd5916_2800678.npb (PUP.BundleInstaller.RKN) -> Delete on reboot.
c:\Documents and Settings\All Users\Application Data\Net Protector\Npbkp\e57447216157f408c29267b3da218186_1288673.npb (Worm.Autorun) -> Delete on reboot.
c:\Documents and Settings\All Users\Application Data\Net Protector\Npbkp\eeb4556a48267d9cb9dcb1758967d615_325296.npb (Adware.AdBundle) -> Delete on reboot.
c:\Documents and Settings\All Users\Application Data\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Delete on reboot.
c:\Documents and Settings\All Users\Application Data\IBUpdaterService\IBSVC.EXE.mal (PUP.InstallBrain) -> Delete on reboot.
c:\Documents and Settings\All Users\Application Data\IBUpdaterService\IBSVC.EXE.VIR.mal (PUP.InstallBrain) -> Delete on reboot.

(end)

Than i again try 2nd attempt report

Malwarebytes Anti-Rootkit BETA 1.01.0.1021
Malwarebytes : Free anti-malware download

Database version: v2013.03.03.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
cool :: COOL-3E0964AC46 [administrator]

3/3/2013 1:46:51 PM
mbar-log-2013-03-03 (13-46-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 25344
Time elapsed: 12 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
kalpesh2013 is offline  
Old 03-03-2013, 06:00 AM   #8
TSF-Emeritus
 
amateur's Avatar
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 15,384
OS: XP Win7 Win 8.1 Ubuntu 10.10



Please see if you're able to run Combofix now. Delete the present copy of Combofix from your desktop and download a fresh copy from:

https://download.bleepingcomputer.com/sUBs/ComboFix.exe

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you need further help, see How to disable your security applications
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

# Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: Please make sure that your AntiVirus and AntiSpyware applications are re-enabled. A reboot should have done that
__________________

amateur is offline  
Old 03-04-2013, 12:14 AM   #9
Registered Member
 
Join Date: Feb 2013
Posts: 13
OS: Windows XP



I run it Combo-fix three time. Combo-fix start and the all stage complete than file deleting proses complete after that when c: drive folder deleting start at this time PC restart. After restart no log display on desktop.
kalpesh2013 is offline  
Old 03-04-2013, 06:21 AM   #10
TSF-Emeritus
 
amateur's Avatar
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 15,384
OS: XP Win7 Win 8.1 Ubuntu 10.10



Your antivirus protection might be preventing Combofix from producing the log.
Please try one more time to run Combofix, but this time in Safe Mode, and when Combofix reboots the machine, make sure that it reboots back to Safe Mode to produce the log. It may take a while for it to produce the log, so please be patient and wait. Once the log is produced, save it to your desktop. Then, boot back to Normal Mode and copy/paste the contents of Combofix.txt in your next reply.

Safe Mode instructions:

Restart your computer and boot into Safe Mode by tapping the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login to your usual account. Make sure to close any open browsers.

===========================

I would also like you to run these tools:

Please download aswMBR.exe and save it to your desktop.

Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator) At this time, select Yes when prompted to download the Avast database.
Click Scan
  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.

    dat
    . Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

===========================

Download TDSSKiller.exe and save it to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

Please post the contents of that log in your next reply
__________________

amateur is offline  
Old 03-10-2013, 07:19 AM   #11
TSF-Emeritus
 
amateur's Avatar
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 15,384
OS: XP Win7 Win 8.1 Ubuntu 10.10



Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum
__________________

amateur is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Babylon Toolbar and Translator
Ok here's my problem. Somehow in my past browsing sessions and searches, the Babylon Internet System got into my computer. I previously had these browsers installed on my computer, Google Chrome, Mozilla Firefox, and Internet Explorer. What is happening on Chrome and Firefox is that whenever I open...
WimDog General Computer Security 10 08-20-2012 05:25 AM
Happili Redirect and other possible issues
. DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 Run by aim at 20:04:26 on 2012-05-02 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.972 . AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Windows...
nivedx Resolved HJT Threads 18 05-06-2012 12:43 PM
weird message on computer today
today i started gettting a small message that says Detection V:2,loaded:10.218.73.247,site:10357 BHO_admanager3 I posted earlier and was told to repost here, I ran the things that were suggested and have those files saved on desk top. all of htis is confusing to me please explain what...
simply me Resolved HJT Threads 48 11-12-2011 06:16 PM
[SOLVED] VCExpress Problem, Probably AppData\Permissions Problem?
I think it should be related to this forum because I think the problem is something with AppData \ Permissions which is related to Windows 7. I'm having a problem while running\installing Visual C++. The problem started 2 days ago, it did work before. When I'm trying to run I'm getting this...
benben12 Windows 7 , Windows Vista Support 8 02-09-2011 12:45 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 06:53 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts