Author Topic: [Inactive] Virus? Hi  (Read 5232 times)

0 Members and 1 Guest are viewing this topic.

Offline MSHopper

  • Bronze Member
  • Posts: 34
[Inactive] Virus? Hi
« on: January 12, 2012, 04:56:28 am »
Hi. Malcom Naggar from malwarebytes forum suggested I also try you all for help with this. So here it goes.

 son's laptop. He cannot install microsoft office. The admin account will only log in as a temporary profile. Most everything done in that account is undone, but it's still giving admin privelages. I had to a system restore to a week ago because when I went online, I couldn't see any text in IE--just a white screen. His taskbar goes to Windows basic and he cannot undo it unless he does a system restore. Graphics user interface no longer works--as soon as you log into an account it pops up saying it's not working.

Here's the dds log--Well it was on the desktop when I went to sleep last night but it is no longer there. :( So I'm running it again.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by kids at 5:53:33 on 2012-01-12
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2937.1972 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111227181412.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [DellComms] "C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe" /P DellComms
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\kids\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{AF49D892-8B13-419B-A9E6-C90D7D2C6214} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{AF49D892-8B13-419B-A9E6-C90D7D2C6214}\64354413D27455543545 : DhcpNameServer = 10.40.10.75 10.40.10.76
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64:     AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111227181412.dll
BHO-X64:     scriptproxy - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [DellComms] "C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe" /P DellComms
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-5-11 92160]
R2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-1-10 652872]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-12-22 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-12-22 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-12-22 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2010-10-17 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2010-10-17 208536]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe [2010-10-17 161168]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-10-17 656624]
R2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe [2009-5-5 206064]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-12-22 249936]
.
=============== Created Last 30 ================
.
2012-01-11 00:37:05   --------   d-----w-   C:\Users\kids\AppData\Roaming\Malwarebytes
2012-01-11 00:36:54   --------   d-----w-   C:\ProgramData\Malwarebytes
2012-01-11 00:36:52   23152   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2012-01-11 00:36:51   --------   d-----w-   C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-01-11 00:30:23   1572864   ----a-w-   C:\Windows\System32\quartz.dll
2012-01-11 00:30:23   1328128   ----a-w-   C:\Windows\SysWow64\quartz.dll
2012-01-11 00:30:22   514560   ----a-w-   C:\Windows\SysWow64\qdvd.dll
2012-01-11 00:30:22   366592   ----a-w-   C:\Windows\System32\qdvd.dll
2012-01-11 00:30:13   1731920   ----a-w-   C:\Windows\System32\ntdll.dll
2012-01-11 00:30:13   1292080   ----a-w-   C:\Windows\SysWow64\ntdll.dll
2012-01-11 00:30:11   77312   ----a-w-   C:\Windows\System32\packager.dll
2012-01-11 00:30:11   67072   ----a-w-   C:\Windows\SysWow64\packager.dll
2012-01-09 07:26:38   --------   d-----w-   C:\Program Files (x86)\Kaspersky Lab
2012-01-08 18:59:02   --------   d-----w-   C:\Users\kids\AppData\Roaming\iolo
2012-01-08 18:59:02   --------   d-----w-   C:\ProgramData\iolo
2012-01-08 05:11:27   --------   d-----w-   C:\Users\kids\AppData\Roaming\PCDr
2012-01-08 00:01:00   --------   d--h--w-   C:\Windows\PIF
2012-01-07 23:55:43   --------   d-----w-   C:\MSOffice
2012-01-07 19:39:27   --------   d-----w-   C:\Program Files (x86)\Soda PDF 2012
2012-01-07 13:29:55   --------   d-----w-   C:\ProgramData\WRData
2012-01-07 12:56:01   --------   d-----w-   C:\Program Files\PeerBlock
2012-01-06 20:00:22   --------   d-----w-   C:\ProgramData\VirtualizedApplications
2012-01-06 17:45:36   --------   d-----w-   C:\Program Files (x86)\Microsoft Application Virtualization Client
2012-01-06 17:45:25   --------   d-----w-   C:\Users\kids\AppData\Roaming\TP
2012-01-06 01:04:11   414368   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-31 13:31:20   12872   ----a-w-   C:\Windows\System32\bootdelete.exe
2011-12-31 13:19:37   25160   ----a-w-   C:\Windows\System32\drivers\hitmanpro36.sys
2011-12-31 13:18:20   --------   d-----w-   C:\ProgramData\HitmanPro
2011-12-29 18:55:00   737072   ----a-w-   C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-12-29 18:54:40   4283672   ----a-w-   C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-12-29 18:44:15   42776   ----a-w-   C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-12-29 18:44:11   539984   ----a-w-   C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-12-29 17:56:57   52736   ----a-w-   C:\Windows\ipuninst.exe
2011-12-29 17:52:59   --------   d-----w-   C:\Program Files\BlackIsle
2011-12-29 15:11:41   --------   d-----w-   C:\Westwood
2011-12-29 03:46:37   --------   d-----w-   C:\Program Files (x86)\Microsoft Games
2011-12-29 02:55:56   --------   d-----w-   C:\Program Files (x86)\Black Isle
2011-12-29 02:54:54   306688   ----a-w-   C:\Windows\IsUninst.exe
2011-12-27 23:05:29   737072   ----a-w-   C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-12-27 23:05:12   4283672   ----a-w-   C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-12-27 23:04:47   42776   ----a-w-   C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-12-27 23:04:09   539984   ----a-w-   C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-27 22:32:36   --------   d-----w-   C:\Windows\System32\SPReview
2011-12-27 22:31:42   --------   d-----w-   C:\Windows\System32\EventProviders
2011-12-27 22:06:02   48976   ----a-w-   C:\Windows\System32\netfxperf.dll
2011-12-27 22:06:02   1942856   ----a-w-   C:\Windows\System32\dfshim.dll
2011-12-27 22:04:59   753664   ----a-w-   C:\Windows\System32\drivers\http.sys
2011-12-27 22:03:59   78720   ----a-w-   C:\Windows\System32\drivers\HpSAMD.sys
2011-12-27 22:02:59   762368   ----a-w-   C:\Windows\System32\sdcpl.dll
2011-12-27 22:01:59   61952   ----a-w-   C:\Windows\SysWow64\spbcd.dll
2011-12-27 22:00:50   189952   ----a-w-   C:\Windows\SysWow64\sqmapi.dll
2011-12-27 21:59:59   606208   ----a-w-   C:\Windows\SysWow64\wbem\fastprox.dll
2011-12-27 21:59:59   363008   ----a-w-   C:\Windows\SysWow64\wbemcomn.dll
2011-12-27 21:59:59   189952   ----a-w-   C:\Program Files (x86)\Windows Portable Devices\sqmapi.dll
2011-12-27 21:55:46   244736   ----a-w-   C:\Program Files\Windows Portable Devices\sqmapi.dll
2011-12-27 21:55:45   529408   ----a-w-   C:\Windows\System32\wbemcomn.dll
2011-12-27 21:55:19   244736   ----a-w-   C:\Windows\System32\sqmapi.dll
2011-12-27 21:13:42   8822856   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-12-27 21:13:24   8822856   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D72D3E10-7D9B-4BBC-9D7D-4509DC1AE904}\mpengine.dll
2011-12-27 02:21:02   --------   d-----w-   C:\Windows\SysWow64\Wat
2011-12-27 02:21:02   --------   d-----w-   C:\Windows\System32\Wat
2011-12-27 01:57:10   --------   d-----w-   C:\Intel
2011-12-27 01:08:41   5561216   ----a-w-   C:\Windows\System32\ntoskrnl.exe
2011-12-27 01:08:38   3912576   ----a-w-   C:\Windows\SysWow64\ntoskrnl.exe
2011-12-27 01:08:36   3967872   ----a-w-   C:\Windows\SysWow64\ntkrnlpa.exe
2011-12-27 01:07:20   715776   ----a-w-   C:\Windows\System32\kerberos.dll
2011-12-27 01:07:20   542208   ----a-w-   C:\Windows\SysWow64\kerberos.dll
2011-12-27 01:05:52   2871808   ----a-w-   C:\Windows\explorer.exe
2011-12-27 01:05:52   2616320   ----a-w-   C:\Windows\SysWow64\explorer.exe
2011-12-27 01:05:39   961024   ----a-w-   C:\Windows\System32\CPFilters.dll
2011-12-27 01:05:38   642048   ----a-w-   C:\Windows\SysWow64\CPFilters.dll
2011-12-27 01:05:38   1118720   ----a-w-   C:\Windows\System32\sbe.dll
2011-12-27 01:05:37   259072   ----a-w-   C:\Windows\System32\mpg2splt.ax
2011-12-27 01:05:36   850944   ----a-w-   C:\Windows\SysWow64\sbe.dll
2011-12-27 01:05:35   199680   ----a-w-   C:\Windows\SysWow64\mpg2splt.ax
2011-12-27 01:04:42   288768   ----a-w-   C:\Windows\System32\drivers\mrxsmb10.sys
2011-12-27 01:04:42   158208   ----a-w-   C:\Windows\System32\drivers\mrxsmb.sys
2011-12-27 01:04:41   128000   ----a-w-   C:\Windows\System32\drivers\mrxsmb20.sys
2011-12-27 01:04:37   499200   ----a-w-   C:\Windows\System32\drivers\afd.sys
2011-12-27 01:04:16   43520   ----a-w-   C:\Windows\System32\csrsrv.dll
2011-12-27 01:04:13   476160   ----a-w-   C:\Windows\System32\XpsGdiConverter.dll
2011-12-27 01:04:12   288256   ----a-w-   C:\Windows\SysWow64\XpsGdiConverter.dll
2011-12-27 01:03:54   1923952   ----a-w-   C:\Windows\System32\drivers\tcpip.sys
2011-12-27 01:03:53   288640   ----a-w-   C:\Windows\System32\drivers\FWPKCLNT.SYS
2011-12-27 01:03:16   870912   ----a-w-   C:\Windows\SysWow64\XpsPrint.dll
2011-12-27 01:03:16   1465344   ----a-w-   C:\Windows\System32\XpsPrint.dll
2011-12-27 01:03:10   1359872   ----a-w-   C:\Windows\System32\mfc42u.dll
2011-12-27 01:03:09   1395712   ----a-w-   C:\Windows\System32\mfc42.dll
2011-12-27 01:03:08   1164288   ----a-w-   C:\Windows\SysWow64\mfc42u.dll
2011-12-27 01:03:08   1137664   ----a-w-   C:\Windows\SysWow64\mfc42.dll
2011-12-27 01:02:34   46080   ----a-w-   C:\Windows\System32\atmlib.dll
2011-12-27 01:02:34   367616   ----a-w-   C:\Windows\System32\atmfd.dll
2011-12-27 01:02:34   34304   ----a-w-   C:\Windows\SysWow64\atmlib.dll
2011-12-27 01:02:34   294912   ----a-w-   C:\Windows\SysWow64\atmfd.dll
2011-12-27 01:02:33   70656   ----a-w-   C:\Windows\SysWow64\fontsub.dll
2011-12-27 01:02:33   100864   ----a-w-   C:\Windows\System32\fontsub.dll
2011-12-27 01:02:06   27520   ----a-w-   C:\Windows\System32\drivers\Diskdump.sys
2011-12-27 01:01:38   183296   ----a-w-   C:\Windows\System32\dnsrslvr.dll
2011-12-27 01:01:37   30208   ----a-w-   C:\Windows\System32\dnscacheugc.exe
2011-12-27 01:01:37   28672   ----a-w-   C:\Windows\SysWow64\dnscacheugc.exe
2011-12-27 00:59:58   642944   ----a-w-   C:\Windows\System32\winload.efi
2011-12-27 00:59:58   605552   ----a-w-   C:\Windows\System32\winload.exe
2011-12-27 00:59:57   566208   ----a-w-   C:\Windows\System32\winresume.efi
2011-12-27 00:59:57   518672   ----a-w-   C:\Windows\System32\winresume.exe
2011-12-27 00:59:55   20352   ----a-w-   C:\Windows\System32\kdusb.dll
2011-12-27 00:59:55   19328   ----a-w-   C:\Windows\System32\kd1394.dll
2011-12-27 00:59:55   17792   ----a-w-   C:\Windows\System32\kdcom.dll
2011-12-27 00:59:54   63488   ----a-w-   C:\Windows\System32\setbcdlocale.dll
2011-12-27 00:57:47   31232   ----a-w-   C:\Windows\System32\prevhost.exe
2011-12-27 00:48:25   270720   ------w-   C:\Windows\System32\MpSigStub.exe
2011-12-26 00:18:37   --------   d-----w-   C:\Users\kids\AppData\Local\Adobe
2011-12-26 00:08:01   --------   d-----w-   C:\Emergency
2011-12-25 23:19:26   --------   d-----w-   C:\ProgramData\Kaspersky Lab
2011-12-25 10:34:47   --------   d-----w-   C:\Users\kids\AppData\Local\Microsoft Games
2011-12-24 17:11:27   --------   d-----w-   C:\Users\kids\AppData\Local\ElevatedDiagnostics
2011-12-23 21:49:13   --------   d-----w-   C:\Users\kids\AppData\Local\Diagnostics
2011-12-22 18:17:43   --------   d-----w-   C:\Users\kids\AppData\Local\Best Buy pc app
2011-12-22 17:57:53   --------   d-sh--w-   C:\System Recovery
2011-12-22 17:56:47   --------   d-----w-   C:\Users\kids\AppData\Roaming\Dell
2011-12-22 17:56:28   --------   d-----w-   C:\Users\kids\AppData\Local\Stardock_Corporation
2011-12-22 17:56:22   --------   d-----w-   C:\Users\kids\AppData\Local\SupportSoft
2011-12-22 17:56:19   --------   d-----w-   C:\Users\kids\AppData\Local\Apps
2011-12-22 17:56:18   --------   d-----w-   C:\Users\kids\AppData\Local\Deployment
2011-12-22 17:55:34   --------   d-----w-   C:\Users\kids\AppData\Local\VirtualStore
.
==================== Find3M  ====================
.
2011-12-27 23:04:12   152576   ----a-w-   C:\Windows\SysWow64\msclmd.dll
2011-12-27 23:04:11   175616   ----a-w-   C:\Windows\System32\msclmd.dll
2011-11-24 04:52:09   3145216   ----a-w-   C:\Windows\System32\win32k.sys
2011-11-05 05:32:50   2048   ----a-w-   C:\Windows\System32\tzres.dll
2011-11-05 04:26:03   2048   ----a-w-   C:\Windows\SysWow64\tzres.dll
2011-10-15 17:16:16   75808   ----a-w-   C:\Windows\System32\drivers\mfenlfk.sys
2011-10-15 17:16:16   65264   ----a-w-   C:\Windows\System32\drivers\cfwids.sys
2011-10-15 17:16:16   647080   ----a-w-   C:\Windows\System32\drivers\mfehidk.sys
2011-10-15 17:16:16   481768   ----a-w-   C:\Windows\System32\drivers\mfefirek.sys
2011-10-15 17:16:16   284648   ----a-w-   C:\Windows\System32\drivers\mfewfpk.sys
2011-10-15 17:16:16   229528   ----a-w-   C:\Windows\System32\drivers\mfeavfk.sys
2011-10-15 17:16:16   160280   ----a-w-   C:\Windows\System32\drivers\mfeapfk.sys
2011-10-15 17:16:16   10248   ----a-w-   C:\Windows\System32\drivers\mfeclnk.sys
2011-10-15 17:16:16   100912   ----a-w-   C:\Windows\System32\drivers\mferkdet.sys
2011-10-15 06:31:56   723456   ----a-w-   C:\Windows\System32\EncDec.dll
2011-10-15 05:38:59   534528   ----a-w-   C:\Windows\SysWow64\EncDec.dll
.
============= FINISH:  5:54:36.32 ===============
« Last Edit: January 12, 2012, 08:04:30 am by 1972vet »



Offline 1972vet

  • Microsoft® MVP
  • Malware Removal Staff
  • Diamond Member
  • Posts: 8290
  • Patience is bitter indeed, but its fruit is sweet.
Re: [Inactive] Virus? Hi
« Reply #1 on: January 12, 2012, 08:10:07 am »
Greetings MSHopper and Welcome to our Forums,
While I look over your log, please consider that obtaining assistance from more than one forum would result in a delay in resolving your issue, not to mention the confusion and waste of volunteer services.

Being referred here, I hope you understand that once your troubleshooting session begins, you should refrain from seeking additional help from other sources. This will benefit all of us. Thanks for understanding.

I will post back in a short while with some suggestions. Thanks for your patience!
Disabled Veteran
U.S.C.G. 1972 - 1978
Membership: U.N.I.T.E., A.S.A.P.

2009-12

Performance and Maintenance for Windows XP, Windows Vista and Windows Seven

Offline 1972vet

  • Microsoft® MVP
  • Malware Removal Staff
  • Diamond Member
  • Posts: 8290
  • Patience is bitter indeed, but its fruit is sweet.
Re: [Inactive] Virus? Hi
« Reply #2 on: January 12, 2012, 08:48:46 am »
The UAC is turned off in that account. I'd turn it back on and leave it that way. Reason of course, is because while you may enjoy admin rights unencumbered, so will anyone else who may gain access to that system's user account, to include malicious software. In that case, what COULD happen is nearly unlimited just due to the elevated privileges.

Let's see if we can quickly resolve the Microsoft Office issue for you, then we can go on with a full evaluation of the log you posted. Please do the following:

Click start, then type CMD into the "Search programs and files" box. The returned search should show you the command prompt icon at the top. Right-click on it and select "Run as administrator". When the command prompt window opens, type or copy and paste the text below in Bold then press the Enter key:

icacls “C:\Program Files\Common Files\Microsoft
Shared\OfficeSoftwareProtectionPlatform” /grant “Network Service:F” /t


...you should then be able to install Microsoft Office without a hitch. Please post back and let us know if this was successful for you. Thanks!



Disabled Veteran
U.S.C.G. 1972 - 1978
Membership: U.N.I.T.E., A.S.A.P.

2009-12

Performance and Maintenance for Windows XP, Windows Vista and Windows Seven

Offline MSHopper

  • Bronze Member
  • Posts: 34
Re: [Inactive] Virus? Hi
« Reply #3 on: January 12, 2012, 09:52:14 am »
The UAC is turned off in that account. I'd turn it back on and leave it that way. Reason of course, is because while you may enjoy admin rights unencumbered, so will anyone else who may gain access to that system's user account, to include malicious software. In that case, what COULD happen is nearly unlimited just due to the elevated privileges.

Let's see if we can quickly resolve the Microsoft Office issue for you, then we can go on with a full evaluation of the log you posted. Please do the following:

Click start, then type CMD into the "Search programs and files" box. The returned search should show you the command prompt icon at the top. Right-click on it and select "Run as administrator". When the command prompt window opens, type or copy and paste the text below in Bold then press the Enter key:

icacls “C:\Program Files\Common Files\Microsoft
Shared\OfficeSoftwareProtectionPlatform” /grant “Network Service:F” /t


...you should then be able to install Microsoft Office without a hitch. Please post back and let us know if this was successful for you. Thanks!




I don't know what the uac is or how to turn it back on (user account control maybe?) SInce I have set up an admin  account and two other user accounts for the kids which do not have admin privelages, I don't understand. Also, I do not see the search programs and files box.

Offline MSHopper

  • Bronze Member
  • Posts: 34
Re: [Inactive] Virus? Hi
« Reply #4 on: January 12, 2012, 09:53:52 am »
Greetings MSHopper and Welcome to our Forums,
While I look over your log, please consider that obtaining assistance from more than one forum would result in a delay in resolving your issue, not to mention the confusion and waste of volunteer services.

Being referred here, I hope you understand that once your troubleshooting session begins, you should refrain from seeking additional help from other sources. This will benefit all of us. Thanks for understanding.

I will post back in a short while with some suggestions. Thanks for your patience!

Thanks, I do realize this. He has closed the thread in the other forum and stated I'm in good hands with you all.

Offline MSHopper

  • Bronze Member
  • Posts: 34
Re: [Inactive] Virus? Hi
« Reply #5 on: January 12, 2012, 10:01:05 am »
I found RUN and ran the CMD prompt. However, I got the following response The filename, directory name, or volume label syntax is incorrect.

Offline 1972vet

  • Microsoft® MVP
  • Malware Removal Staff
  • Diamond Member
  • Posts: 8290
  • Patience is bitter indeed, but its fruit is sweet.
Re: [Inactive] Virus? Hi
« Reply #6 on: January 12, 2012, 10:08:52 am »
OK, sounds like someone has done some tinkering...we'll troubleshoot the "Office" issue later, let's search for malicious code...

Please temporarily disable your on board protective programs as detailed Here. Carefully read through that entire thread to make certain any and all programs YOU have on board are disabled.
 
Next:
It is extremely important that you DO NOT close this program until or unless you are directed to do so. Once the program is closed, it will automatically uninstall itself taking with it anything that was removed and the related report.

Please read through this instruction thoroughly before you begin. Save these instructions in a notepad file, or print them out if necessary so you can refer to them should something go wrong for you during your attempt to carry out these steps. If you have any questions, please ask first before you attempt anything at all.

Please download the AVP removal tool to the desktop and double-click the executable to install it. Select your language preference, accept the agreement and click the Start button. You should see something like this:

...click the settings button...it's the small "Gear" icon just to the right of the large yellow button. Make sure the following boxes are checked:
System memory
Hidden startup objects
Disk boot sectors
Computer


...Next, click the Actions link and click the bullet item labeled "Select action". Disinfect and Delete if disinfection fails should already be checked by default...then return to the Automatic Scan tab and click the Start scanning button.

If you happen to receive a pop up during the scan which reads "File C:\whatever...is password protected, you can safely ignore them. The program will find it's own password protected files and report these during the scan. If there is a genuine malicious file that is password protected, we will deal with it manually later.

The scan will begin and you will see a progress bar and scanned objects counter. When the scan completes, the progress bar will disappear. Click the "Reports" tab icon to the far right, just under the large yellow button. Click on the "Automatic scan report" link, then click the save button. Save the report to your desktop as Scan 1. The report will be saved as a text file.

That file is going to be very large...too large to post the entire thing. What I need you to do at this point, is to open that log in "Notepad", then click Edit from the menu at the top and select "Find". Using that Find search function, use these as search terms:
Disinfected
Cleared of viruses
Detected


Now...you'll need to search for those terms in that log, one at a time. Having selected the "Edit-->Find" function in Notepad, in the Find what search box, type in the word Disinfected then click the Find Next button. The search function will find anything in the text file having the name "Disinfected". Once it presents the findings, copy that individual line item and paste it into another blank notepad, then continue searching by clicking the Find Next button. Do this in like manner, for each of the search terms identified above. Once you complete the search and copied everything you found into the other blank notepad, save it to your desktop as Edited_AVP_Log.txt.

Next, please return to the AVP scanning utility and click the Manual Disinfection tab. Please click the Start gathering system information button. You'll again see a progress bar while the utility collects the necessary information. When it completes, the progress bar will disappear. Click the "Report sending" tab, then click on the link avptool sysinfo.zip (open the file manager). Attach that zip file here on your next reply along with the contents of the "notepad" file that you saved from the above "First scan" instruction. Thanks!
Disabled Veteran
U.S.C.G. 1972 - 1978
Membership: U.N.I.T.E., A.S.A.P.

2009-12

Performance and Maintenance for Windows XP, Windows Vista and Windows Seven

Offline MSHopper

  • Bronze Member
  • Posts: 34
Re: [Inactive] Virus? Hi
« Reply #7 on: January 12, 2012, 10:36:17 am »
I cannot exit McAffee- the directions on bleeping computer tell me all I have to do is rightclick and hit exit. However that option is not there. I clicked on McAffee for help and was disconnected from the internet. UGH. Should I run the scan anyway?

Offline 1972vet

  • Microsoft® MVP
  • Malware Removal Staff
  • Diamond Member
  • Posts: 8290
  • Patience is bitter indeed, but its fruit is sweet.
Re: [Inactive] Virus? Hi
« Reply #8 on: January 12, 2012, 10:48:37 am »
You can uninstall it. Afterwards, and until we finish, go nowhere else on the Internet except to come here and reply this thread. Answer no other email except from SpywareHammer. You can re-install it when we finish cleaning up.
Disabled Veteran
U.S.C.G. 1972 - 1978
Membership: U.N.I.T.E., A.S.A.P.

2009-12

Performance and Maintenance for Windows XP, Windows Vista and Windows Seven

Offline MSHopper

  • Bronze Member
  • Posts: 34
Re: [Inactive] Virus? Hi
« Reply #9 on: January 12, 2012, 01:58:11 pm »
The scan is finally complete. However, I cannot get a report to notepad. I save it to notepad but it disappears and I cannot find it. I tried to copy and paste next and the program froze up.

Offline 1972vet

  • Microsoft® MVP
  • Malware Removal Staff
  • Diamond Member
  • Posts: 8290
  • Patience is bitter indeed, but its fruit is sweet.
Re: [Inactive] Virus? Hi
« Reply #10 on: January 12, 2012, 02:24:21 pm »
How does it disappear? Do you paste it into notepad, and see the text vanish as soon as it hits the notepad? Or, do you mean after you save it, you go to the desktop to find it and see that it isn't there? If the later is the case, then you should check the save options because you more than likely saved it to your documents instead.
Disabled Veteran
U.S.C.G. 1972 - 1978
Membership: U.N.I.T.E., A.S.A.P.

2009-12

Performance and Maintenance for Windows XP, Windows Vista and Windows Seven

Offline MSHopper

  • Bronze Member
  • Posts: 34
Re: [Inactive] Virus? Hi
« Reply #11 on: January 12, 2012, 02:32:26 pm »
I mean I save it to the desktop and it disappears. And yes I made sure that I saved it there.

I reran the scan but it didn't take nearly as long as it did last time. A few things popped up as not ok in the result tab. I individually copied them and am pasting them here now. I'm doing the manual disinfection now.

1/12/2012 3:10:17 PM   Packed: UPX   File   C:\Users\Niklas\AppData\Roaming\.minecraft\bin\natives\   OpenAL32.dll      
1/12/2012 3:10:18 PM   Packed: UPX   File   C:\Users\Niklas\AppData\Roaming\.minecraft\bin\natives\   lwjgl.dll      
1/12/2012 3:04:31 PM   Password protected   File   C:\Users\Niklas\Desktop\setup_11.0.0.1245.x01_2012_01_12_18_38.exe/   #      
1/12/2012 3:04:31 PM   Archive: RAR   File   C:\Users\Niklas\Desktop\setup_11.0.0.1245.x01_2012_01_12_18_38.exe/   #      
1/12/2012 3:04:29 PM   Password protected   File   C:\Users\Niklas\Desktop\setup_11.0.0.1245.x01_2012_01_12_18_38.exe/   3057985rar.exe      
1/12/2012 3:04:29 PM   Archive: RAR   File   C:\Users\Niklas\Desktop\setup_11.0.0.1245.x01_2012_01_12_18_38.exe/   3057985rar.exe      
1/12/2012 3:04:14 PM   Archive: RAR   File   C:\Users\Niklas\Desktop\   setup_11.0.0.1245.x01_2012_01_12_18_38.exe      

Offline MSHopper

  • Bronze Member
  • Posts: 34
Re: [Inactive] Virus? Hi
« Reply #12 on: January 12, 2012, 02:42:03 pm »


Next, please return to the AVP scanning utility and click the Manual Disinfection tab. Please click the Start gathering system information button. You'll again see a progress bar while the utility collects the necessary information. When it completes, the progress bar will disappear. Click the "Report sending" tab, then click on the link avptool sysinfo.zip (open the file manager). Attach that zip file here on your next reply along with the contents of the "notepad" file that you saved from the above "First scan" instruction. Thanks!
[/quote]

Tried to do the last part and got Location is not available: C:\Users\Niklas|AppData|Local\Temp\043950\LOG refers to a location that is unavailable. It could be a hard drive on this computer or on a network. Check to make sure that the disk is properly inserted, or that you are connected to the internet or your network and then try again. If it still cannot be located, the information may have been moved to a different location.

Offline 1972vet

  • Microsoft® MVP
  • Malware Removal Staff
  • Diamond Member
  • Posts: 8290
  • Patience is bitter indeed, but its fruit is sweet.
Re: [Inactive] Virus? Hi
« Reply #13 on: January 12, 2012, 02:45:21 pm »
Close the application. Change of plans...
Please disable the active protection component of your antivirus and antispyware programs by following the directions that apply Here.
...of those, many people overlook the Windows Defender since, for most, there is no icon for it in the system tray. Scroll through those directives above and look for this application specifically, to make certain it is disabled.

Please download combofix from This Webpage...and read through the instructions there for running the tool.

***Important Note***
Please read through the guidance on that web page carefully and thoroughly...and install the Recovery Console. Using this tool without the Recovery Console installed is NOT RECOMMENDED.

If you have Windows Vista or Windows 7, you can skip the recovery console step...in Vista/7 it's in the System Recovery Options menu. The System Recovery Options menu is on the Windows Vista or Windows 7 installation disc. If Windows doesn't start correctly, you can use these tools to repair startup problems.


The Windows Recovery Console will allow you to boot into a special recovery (repair) mode that is not otherwise available. This allows us to more easily help you should your computer have a problem after an attempted removal of malware.  It's a simple procedure that will only take a few moments.

Once installed, a blue screen prompt should appear that reads as follows:

The Recovery Console was successfully installed.

When you see that screen, please continue as follows:

  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a log file for you. Please post that log back here on your next reply. Thanks!

Note:
Do not mouseclick combofix's window while it's running....that may cause the scan to stall

Disabled Veteran
U.S.C.G. 1972 - 1978
Membership: U.N.I.T.E., A.S.A.P.

2009-12

Performance and Maintenance for Windows XP, Windows Vista and Windows Seven

Offline MSHopper

  • Bronze Member
  • Posts: 34
Re: [Inactive] Virus? Hi
« Reply #14 on: January 12, 2012, 03:33:00 pm »
Combofix had to reboot the computer and when it did and I logged in, the combofix window kept popping up and wouldn't run. It was flashing all over my desktop trying to start. I opened processes and could see that it was starting and then stopping. I couldn't do anything and rebooted the computer into safemode with networking.