Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: Computer Wont Start in Normal mode, only Safe Mode. Spyware infection. Help plz!  (Read 31826 times)

0 Members and 1 Guest are viewing this topic.

flomtl

    Topic Starter


    Beginner

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:21:35 PM, on 24/10/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\ibmpmsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\WINDOWS\system32\IPSSVC.EXE
    C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\mobile PhoneTools\WatchDog.exe
    C:\WINDOWS\system32\TpShocks.exe
    C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
    C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\iprntlgn.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
    C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\WINDOWS\System32\QCONSVC.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe
    C:\Program Files\SMART Board Software\SMARTBoardService.exe
    D:\Program Files\Palm\Hotsync.exe
    D:\ArcSoft Total Media Backup & Record\uBBMonitor.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\TPHDEXLG.EXE
    C:\WINDOWS\system32\TpKmpSVC.exe
    C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
    C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://127.0.0.1:4664/first_usage&s=e_XsdoA_PKEvobLt0OpVa4fSphA
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.1.1.2:8080
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
    O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
    O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
    O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
    O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [iPrint Tray] C:\WINDOWS\system32\iprntctl.exe TRAY_ICON
    O4 - HKLM\..\Run: [iPrint Event Monitor] C:\WINDOWS\system32\iprntlgn.exe
    O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
    O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
    O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe
    O4 - HKUS\S-1-5-21-1947608023-3050425102-1802084678-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
    O4 - HKUS\S-1-5-21-1947608023-3050425102-1802084678-1007\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User '?')
    O4 - HKUS\S-1-5-21-1947608023-3050425102-1802084678-1007\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
    O4 - HKUS\S-1-5-21-1947608023-3050425102-1802084678-1007\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe (User '?')
    O4 - S-1-5-18 Startup: Digital Line Detect.lnk = ? (User '?')
    O4 - .DEFAULT Startup: Digital Line Detect.lnk = ? (User 'Default user')
    O4 - .DEFAULT User Startup: Digital Line Detect.lnk = ? (User 'Default user')
    O4 - Global Startup: HotSync Manager.lnk = D:\Program Files\Palm\Hotsync.exe
    O4 - Global Startup: PASPortal.lnk = ?
    O4 - Global Startup: TotalMedia Backup Monitor.lnk = D:\ArcSoft Total Media Backup & Record\uBBMonitor.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\PkgMgr.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144768162093
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
    O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
    O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
    O23 - Service: SMART Board Service - SMART Technologies Inc. - C:\Program Files\SMART Board Software\SMARTBoardService.exe
    O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
    O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
    O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
    O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
    O23 - Service: TVT Scheduler - Unknown owner - C:\Program Files\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
    O23 - Service: ThinkVantage System Update (UCLauncherService) - Unknown owner - C:\Program Files\ThinkVantage\SystemUpdate\UCLauncherService.exe

    --
    End of file - 12501 bytes

    evilfantasy

    • Malware Removal Specialist
    • Moderator


    • Genius
    • Calm like a bomb
    • Thanked: 489
    • Experience: Familiar
    • OS: Windows 10
    Open HijackThis and select Do a system scan only.

    Place a check mark next to the following entries: (if there)

    - R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    - R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    - R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://127.0.0.1:4664/first_usage&s=e_XsdoA_PKEvobLt0OpVa4fSphA
    - R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.1.1.2:8080


    Important: Close all open windows except for HijackThis and then click Fix checked.

    Once completed, exit HijackThis

    ----------

    Now we need to Reset Web Settings


    • If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
    • Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.computerhope.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
    • If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.computerhope.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.
    .
    Restart the computer to register the changes.

    How about now?

    flomtl

      Topic Starter


      Beginner

      did all of the above, still being redirected:(

      evilfantasy

      • Malware Removal Specialist
      • Moderator


      • Genius
      • Calm like a bomb
      • Thanked: 489
      • Experience: Familiar
      • OS: Windows 10
      This scanner requires Internet Explorer

      Scan with the BitDefender Online Scanner
      Click I Agree to the license and then install the ActiveX control.
      Please DO NOT change the Scanning Options.
      That will make your logs huge and we don't need to see clean files.

      Select Start Scan to begin.
      This scan can take a while so please be patient and let it complete.

      Once Bitdefender completes the scan:
      Click-on the Detected Problems tab.
      Then select Click here to export the scan report



      This will save a file named bdscan.html I would suggest saving it to the Desktop so you can easily find it. (take notice of where you save it so you can find it later)
       
      You will have to upload the file online. The forums will not accept HTML.

      Upload the file to Savefile.com
      There is no need to Register
      Select Browse and locate the file.
      Fill in the Title, Description and security code then click Upload
      Copy the link next to Your link to the file: and post the link back here.

      flomtl

        Topic Starter


        Beginner

        tells me i couldnt update the virus signatures for the bitdefender scanner. Then i said to run the scan anyways but it says it cannot scan, and it says to download the program for real time protection....


        evilfantasy

        • Malware Removal Specialist
        • Moderator


        • Genius
        • Calm like a bomb
        • Thanked: 489
        • Experience: Familiar
        • OS: Windows 10
        Run the Kaspersky Online Scanner

        In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator.

        • Click on SCAN NOW
        • Click Accept.
        • The program will then begin downloading the latest definition files.
        • Once the files have been downloaded locate the Scan Settings and have it scan My Computer.
        • The scan will take a while, so be patient and let it finish.
        When the scan is done, in the Scan is complete window, any infection is displayed.
        There is no option to clean/disinfect, however, we need to analyze the information on the report.

        To obtain the report:
        Click on: Save Report As
        • Next, in the Save as prompt, Save in area, select: Desktop.
        • In the File name area use KScan, or something similar.
        • In Save as type: click the drop arrow and select: Text file [*.txt]
        • Then, click: Save


        Copy and paste the Kaspersky Online Scanner Report in your next reply.

        Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

        flomtl

          Topic Starter


          Beginner

          ive been running the scanner for a long time now and it got stuck at 2h25min and 58seconds......its already forund 1 threat and 4infected objects, but the scan hasnt moved in a long time. The Duration has stayed at 2:25:58 for a long time. However it has ed scanning the C drive and is near the end of the D drive (scan is 81% done) Should i click stop scan? will that still allow me to view the report?

          Florian

          evilfantasy

          • Malware Removal Specialist
          • Moderator


          • Genius
          • Calm like a bomb
          • Thanked: 489
          • Experience: Familiar
          • OS: Windows 10
          Is it still running?

          flomtl

            Topic Starter


            Beginner

            i ran it twice, both times it got stuck on the same file in my d drive. "frag-document.r00"  and the second time on "frag-document.r02" Ill tell the scanner to only scan the C drive which is where the infection was found both times, becasue without finishing the scan i cant view the log.

            ill paste log when it finishes

            evilfantasy

            • Malware Removal Specialist
            • Moderator


            • Genius
            • Calm like a bomb
            • Thanked: 489
            • Experience: Familiar
            • OS: Windows 10
            That's a torerent file that it's getting stuck on.

            Boot the computer into Safe Mode and run Dr Web.

            Download DrWeb CureIt & save it to your desktop.

            Scan with DrWeb-CureIt as follows:
            • Double-click on drweb-cureit.exe and then click Start.
            • An Express Scan of your PC notice will appear.
            • Under Start the Express Scan Now Click OK to start.
              • This is a short scan that will scan the files currently running in memory.
              • If or when something is found, click the Yes button when it asks you if you want to cure it.
            • Once the short scan has finished, Click Options > Change settings
            • Choose the Scan tab and UNcheck Heuristic analysis and click OK
            • Back at the main window, select the Complete scan button.
            • Then click the Green Arrow Start Scanning button on the right and the scan will start.
              • Click Yes to all if it asks if you want to cure/move any file(s).
            • When the scan is done.
            • In the Dr.Web CureIt menu on top left, click File and choose Save report list.
            • Save the DrWeb.csv report to your Desktop.
            • Exit Dr.Web Cureit.
            • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
            [/COLOR]
            • After reboot, Right-click the Dr.Web log on the desktop and choose Open With > Notepad
            • Copy and paste that log in the next reply

            flomtl

              Topic Starter


              Beginner

              The link you gave me for DrWeb CureIt doesnt work for me. it tells me that firefox cant find the server at ftp.

              do i have to download it in "safe mode with networking" or should it download in normal mode (which is what i tried)?

              evilfantasy

              • Malware Removal Specialist
              • Moderator


              • Genius
              • Calm like a bomb
              • Thanked: 489
              • Experience: Familiar
              • OS: Windows 10

              flomtl

                Topic Starter


                Beginner

                ya that worked, thanks. ill run in safe mode and scan then get back to you.

                flomtl

                  Topic Starter


                  Beginner

                  Heres the log from the scan.

                  mirc.exe;C:\Program Files\mIRC;Program.mIRC.60;;
                  A0256845.dll;C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP623;BackDoor.Tdss.20;Deleted.;
                  A0256846.dll;C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP623;BackDoor.Tdss.22;Deleted.;
                  A0256847.dll;C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP623;BackDoor.Tdss.21;Deleted.;
                  A0256848.dll;C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP623;BackDoor.Tdss.19;Deleted.;
                  A0256850.dll;C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP623;Trojan.Packed.673;Deleted.;
                  A0256885.dll;C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP623;BackDoor.Tdss.20;Deleted.;
                  A0256886.dll;C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP623;BackDoor.Tdss.22;Deleted.;
                  A0256887.dll;C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP623;BackDoor.Tdss.21;Deleted.;
                  A0256888.dll;C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP623;BackDoor.Tdss.19;Deleted.;
                  A0256890.dll;C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP623;Trojan.Packed.673;Deleted.;
                  A0256930.EXE;C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP623;Program.PsExec.170;;
                  A0257904.exe;C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP623;Tool.Prockill;;
                  A0257938.dll;C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP623;Trojan.Packed.673;Deleted.;
                  A0257939.dll;C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP623;BackDoor.Tdss.19;Deleted.;
                  A0257940.dll;C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP623;BackDoor.Tdss.22;Deleted.;
                  A0257941.dll;C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP623;BackDoor.Tdss.20;Deleted.;
                  A0257942.dll;C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP623;BackDoor.Tdss.21;Deleted.;
                  A0257963.exe\32788R22FWJFW\psexec.cfexe;C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP623\A0257963.exe;Program.PsExec.171;;
                  A0257963.exe;C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP623;Archive contains infected objects;Moved.;
                  mirc62.exe\data007;D:\My Downloads\Apps\MIRC.v6.2.WinALL.Incl.Keygen-ViRiLiTY\mirc62.exe;Program.mIRC.60;;
                  mirc62.exe;D:\My Downloads\Apps\MIRC.v6.2.WinALL.Incl.Keygen-ViRiLiTY;Archive contains infected objects;Moved.;
                  A0258326.exe\data007;D:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP625\A0258326.exe;Program.mIRC.60;;
                  A0258326.exe;D:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP625;Archive contains infected objects;Moved.;




                  florian

                  evilfantasy

                  • Malware Removal Specialist
                  • Moderator


                  • Genius
                  • Calm like a bomb
                  • Thanked: 489
                  • Experience: Familiar
                  • OS: Windows 10
                  How is the computer running now?