Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Generic trojan in System 32 folder


  • This topic is locked This topic is locked
2 replies to this topic

#1 Amy89

Amy89

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:58 AM

Posted 30 April 2012 - 01:35 PM

Hi Everyone,
I am hoping you can help me as I very stupidly downloaded a trojan virus onto my computer yesterday, I have backed up all of my files but really need the comp to be back in full working order asap as dissertation deadline is in two weeks! Initially trojans were popping up every minute or so as an AVG alert and websites were showing a warning that the site was using a weak algorithm, and Google was redirecting. All of the above problems seem to have been fixed after a system restore and virus scan in safe mode however on start-up a warning still pops up. I am worried that there is still something lurking and I have no idea how to find it! Here is my log, thanks in advance for any help!


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Amy at 18:28:06 on 2012-04-30
Microsoft Windows 7 Starter 6.1.7601.1.1252.44.1033.18.2037.854 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Intel\Bluetooth\devmonsrv.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\Bluetooth\obexsrv.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\AVG\AVG2012\avgidsagent.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\taskeng.exe
C:\Program Files\Samsung\Easy Display Manager\WifiManager.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\windows\system32\taskeng.exe
C:\Program Files\CyberLink\YouCam\YCMMirage.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\windows\system32\rundll32.exe
C:\Program Files\Intel\Bluetooth\mediasrv.exe
C:\windows\system32\hkcmd.exe
C:\Program Files\Intel\Bluetooth\BTPlayerCtrl.exe
C:\windows\system32\igfxtray.exe
C:\windows\system32\igfxpers.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Users\Amy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Amy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Amy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Amy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Amy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Amy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Amy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Amy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Users\Amy\Downloads\bbo7p09l.exe
C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\windows\system32\rundll32.exe
C:\Users\Amy\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://samsung.msn.com
uStart Page = https://www.google.co.uk/
mDefault_Page_URL = hxxp://www.thetechguys.com/welcome
uInternet Settings,ProxyOverride = 127.0.0.1;127.0.0.1:9421;<local>
uInternet Settings,ProxyServer = 127.0.0.1:8080
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Samsung BHO Class: {aa609d72-8482-4076-8991-8cdae5b93bcb} - c:\program files\samsung anyweb print\W2PBrowser.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [Google Update] "c:\users\amy\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - c:\program files\samsung anyweb print\W2PBrowser.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{7B05DA22-ACC1-43C4-ABCF-77B5A831F7D2} : DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{F4AABD68-6D3C-455C-B8B7-B7FFBE9963AD} : DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{F4AABD68-6D3C-455C-B8B7-B7FFBE9963AD}\244584572633D274251564 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{F4AABD68-6D3C-455C-B8B7-B7FFBE9963AD}\56465727F616D602D20235564757070294E637472757364796F6E637 : DhcpNameServer = 129.11.97.130 129.11.159.114 129.11.159.122
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\drivers\SABI.sys [2011-7-14 10752]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2011-7-14 48640]
R2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\intel\bluetoothhs\BTHSAmpPalService.exe [2011-4-21 923136]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-4-8 5158992]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files\intel\bluetooth\devmonsrv.exe [2011-3-30 923984]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\intel\bluetooth\obexsrv.exe [2011-3-30 1001808]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\intel\bluetoothhs\BTHSSecurityMgr.exe [2011-4-21 102672]
R2 NOBU;Norton Online Backup;c:\program files\symantec\norton online backup\NOBuAgent.exe [2010-6-1 2057560]
R3 AMPPAL;Intel® Centrino® Bluetooth 3.0 + High Speed Virtual Adapter;c:\windows\system32\drivers\AmpPal.sys [2011-4-21 240640]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\intel\bluetooth\mediasrv.exe [2011-3-30 1321296]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\drivers\btmaux.sys [2011-3-8 40960]
R3 btmhsf;btmhsf;c:\windows\system32\drivers\btmhsf.sys [2011-3-8 218112]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\drivers\clwvd.sys [2010-11-10 27632]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [2011-7-14 116008]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\drivers\iBtFltCoex.sys [2011-3-22 47104]
R3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2011-5-1 7513088]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-7-14 337512]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-23 253088]
S3 AMPPALP;Intel® Centrino® Bluetooth 3.0 + High Speed Protocol;c:\windows\system32\drivers\AmpPal.sys [2011-4-21 240640]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-3-1 183560]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 Samsung UPD Service;Samsung UPD Service;c:\windows\system32\SUPDSvc.exe [2011-7-14 131888]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-04-29 20:53:01 -------- d-----w- c:\users\amy\appdata\roaming\AVG
2012-04-29 20:10:12 -------- d-----w- c:\users\amy\appdata\roaming\Tific
2012-04-29 20:10:10 -------- d-----w- c:\users\amy\appdata\local\Symantec
2012-04-24 12:43:32 -------- d-----r- c:\users\amy\Dropbox
2012-04-24 12:36:38 -------- d-----w- c:\users\amy\appdata\roaming\Dropbox
2012-04-23 20:51:32 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-23 20:51:32 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-21 16:58:20 -------- d-----w- c:\users\amy\appdata\local\CRE
2012-04-19 03:50:26 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-04-16 08:43:20 -------- d-----w- c:\users\amy\appdata\local\Microsoft Games
2012-04-15 21:31:30 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-15 21:31:29 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-13 22:50:09 -------- d-----w- c:\users\amy\appdata\local\{09FFCE8F-70D4-4C85-9490-69174FCFE22F}
2012-04-13 22:45:22 -------- d-----w- c:\users\amy\appdata\local\{31514BF3-5413-49F2-8E50-32B65E7EA54D}
2012-04-13 22:04:55 -------- d-----w- c:\users\amy\appdata\local\{8D2B47DF-56C5-48D6-9A51-E943350CE815}
2012-04-13 22:02:32 -------- d-----w- c:\users\amy\appdata\local\Windows Live
2012-04-13 22:02:06 -------- d-----w- c:\users\amy\appdata\local\{E30CD94A-8567-4FDB-9742-BABA9481C22B}
2012-04-13 09:09:15 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-13 09:09:15 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-13 09:09:14 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-13 09:09:14 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-09 21:20:48 33280 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\EP0NPP01.DLL
2012-04-05 22:28:55 -------- d-----w- c:\users\amy\appdata\roaming\AVG2012
2012-04-05 22:13:57 -------- d-----w- c:\users\amy\appdata\local\CyberLink
2012-04-03 20:51:23 -------- d-----w- c:\windows\SHELLNEW
2012-04-03 20:51:22 -------- d-----w- c:\program files\Microsoft Analysis Services
2012-04-03 20:51:03 -------- d-----w- c:\users\amy\appdata\local\Microsoft Help
2012-04-03 20:19:37 -------- d-----w- c:\users\amy\appdata\local\Google
2012-04-03 20:18:48 -------- d-----w- c:\users\amy\appdata\local\Deployment
2012-04-03 20:18:48 -------- d-----w- c:\users\amy\appdata\local\Apps
2012-04-02 08:31:21 -------- d-----w- c:\program files\Conduit
2012-04-02 08:30:59 -------- d-----w- c:\users\amy\appdata\local\Conduit
2012-04-02 08:30:39 -------- d-----w- c:\program files\uTorrent
2012-04-02 08:29:29 -------- d-----w- c:\users\amy\appdata\roaming\uTorrent
2012-04-01 21:51:48 -------- d--h--w- C:\$AVG
2012-04-01 21:51:48 -------- d-----w- c:\windows\system32\drivers\AVG
2012-04-01 21:51:48 -------- d-----w- c:\programdata\AVG2012
2012-04-01 21:50:16 -------- d-----w- c:\program files\AVG
2012-04-01 21:43:03 -------- d--h--w- c:\programdata\Common Files
2012-04-01 21:42:43 -------- d-----w- c:\programdata\MFAData
2012-04-01 20:17:03 -------- d-----w- c:\users\amy\appdata\roaming\GetRightToGo
2012-04-01 16:00:24 -------- d-----w- c:\users\amy\appdata\local\Apple Computer
2012-04-01 14:46:11 6582328 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{31dd7006-6c0d-46b3-9df1-a5a776178920}\mpengine.dll
2012-04-01 14:46:11 237072 ------w- c:\windows\system32\MpSigStub.exe
.
==================== Find3M ====================
.
2012-03-19 04:17:28 301248 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-02-28 01:18:55 1799168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-22 04:25:32 235216 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-02-17 05:34:22 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14:08 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13:22 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-14 11:09:44 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-10 05:38:43 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-02-03 03:54:27 2343424 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 18:29:48.66 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,476 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:58 AM

Posted 30 April 2012 - 01:53 PM

Hi,

Please do the following

Refer to the ComboFix User's Guide

  • Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.


NEXT

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System is found then ensure Delete is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif
Microsoft MVP - 2010, 2011, 2012, 2013

#3 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,476 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:58 AM

Posted 05 May 2012 - 08:07 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif
Microsoft MVP - 2010, 2011, 2012, 2013




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users