Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TDSS infection (TDSS.killer failed)


  • This topic is locked This topic is locked
2 replies to this topic

#1 lennix

lennix

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:24 PM

Posted 19 October 2011 - 08:56 PM

Hey there, running Windows XP SP3. Managed to get Windows Recovery, which I've successfully removed. Along with it, however, came what I believe is TDSS. TDSS.killer is failing (I can't get it to run no matter what the name/location/download scheme). Booting into safe mode failed to grant any benefit. Advice would be greatly appreciated.

Note: This PC runs an installation of Micros, a POS system for restaurants and retail. In some of the reports below you'll see hijack flags for processes/IPs associated with this program. These are not malware, and are required.

GMEP also failed, partially. I received an error: uxrdypob.sys error 0xc000010E cannot create a stable subkey under a volatile parent key, and then opened GMEP to see only Services, Registry, Files, and ADS available -- the rest were grayed out. I ran the scan anyway, which came up negative.

Thanks in advance -- I really appreciate this.

DDS.TXT:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by administrator at 19:46:14 on 2011-10-19
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.450 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\1.3.21.69\GoogleCrashHandler.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\agrsmsvc.exe
D:\Micros\Common\Bin\DbUpdateServer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\SugarSync\SugarSyncManager.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
D:\MICROS\ProfessionalServices\StoredValueCard\svcServer.exe
D:\Micros\Common\Bin\3700d.exe
D:\MICROS\Alert Manager\MicrosAlertManager.exe
D:\MICROS\Common\Bin\AutoSeqServ.exe
D:\MICROS\Common\Bin\RunDBMS.exe
D:\Micros\Common\Bin\CALSrv.exe
D:\Micros\Common\Bin\DSM.exe
D:\Micros\Common\Bin\Ifs.exe
D:\Micros\Res\KDS\Bin\KDSController.exe
D:\Micros\RTA\WatchDog.exe
D:\Micros\RTA\RtaSvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\system32\java.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\system32\tcpsvcs.exe
D:\Micros\Common\Bin\ConnAdvisor.exe
D:\Micros\Common\Bin\MDSHTTPService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
D:\MICROS\Common\Bin\CMS.exe
D:\MICROS\Common\Bin\ComScheduler.exe
C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe
D:\Micros\Common\Bin\resdbs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Sybase\ASA\win32\dbsrv9.exe
D:\Micros\Common\Bin\CCS.exe
D:\Micros\Common\Bin\pcontrol.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\WINDOWS\system32\dllhost.exe
\\?\C:\WINDOWS\Microsoft.Net\Framework\v1.1.4322\aspnet_wp.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Administrator\My Documents\Downloads\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uWindow Title = Windows Internet Explorer provided by Yahoo!
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - c:\program files\startnow toolbar\Toolbar32.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - c:\program files\startnow toolbar\Toolbar32.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SugarSync] "c:\program files\sugarsync\SugarSyncManager.exe" -startInTray -usedelay=true
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [SetRefresh] c:\program files\compaq\setrefresh\SetRefresh.exe
mRun: [Reminder] c:\windows\creator\Remind_XP.exe
mRun: [Scheduler] c:\windows\sminst\Scheduler.exe
mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
mRun: [ToolBoxFX] "c:\program files\hp\toolboxfx\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [Recguard] c:\windows\sminst\Recguard.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\administrator\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://microsinc.webex.com/client/T26L/support/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{F4FFD1FF-AE45-4FEF-8502-A0248DA2C1E8} : NameServer = 192.168.1.1
Filter: text/html - {0d954432-7b7f-4e0f-9fd3-cc000c356492} -
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll
Notify: TPSvc - TPSvc.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
Hosts: 192.168.100.101 PCWS01
Hosts: 192.168.100.102 PCWS02
Hosts: 192.168.100.199 HotKDS
Hosts: 192.168.100.151 SaladKDS
Hosts: 192.168.100.150 Hot
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\i6ianj7o.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.startnow.com/s/?src=addrbar&provider=Bing&provider_code=Z102&partner_id=691&product_id=655&affiliate_id=&channel=VLC_MISBL_YFALL&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110625&user_guid=1E4404B4DFC04BDB8FF3FB7BBD9E7E41&machine_id=4947a3f19cab571be39e33ada5937946&browser=FF&os=win&os_version=5.1-x86-SP3&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\administrator\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R1 prcmondrv;prcmondrv;c:\windows\system32\drivers\prcmondrv1041.sys [2008-8-21 18432]
R2 DbUpdateServer;MICROS DB Update Service;d:\micros\common\bin\DbUpdateServer.exe [2006-3-30 102400]
R2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-10-20 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-6-24 47640]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-7 366152]
R2 mcrsSvcServer;MICROS - Stored Value Card Server;d:\micros\professionalservices\storedvaluecard\SvcServer.exe [2007-7-3 372800]
R2 MICROS 3700d Server;MICROS 3700d Server;d:\micros\common\bin\3700d.exe [2006-3-30 446464]
R2 MICROS Alert Manager;MICROS Alert Manager;d:\micros\alert manager\MicrosAlertManager.exe [2006-10-13 69632]
R2 MICROS Autosequence Server;MICROS Autosequence Server;d:\micros\common\bin\AutoSeqServ.exe [2006-3-30 86016]
R2 MICROS CAL Service;MICROS CAL Service;d:\micros\common\bin\CALSrv.exe [2006-3-30 155648]
R2 MICROS Distributed Service Manager;MICROS Distributed Service Manager;d:\micros\common\bin\DSM.exe [2006-3-30 688128]
R2 MICROS Interface Server;MICROS Interface Server;d:\micros\common\bin\Ifs.exe [2006-3-30 94208]
R2 MICROS KDS Controller;MICROS KDS Controller;d:\micros\res\kds\bin\KDSController.exe [2006-3-30 774144]
R2 MICROS WatchDog;MICROS WatchDog;d:\micros\rta\WatchDog.exe [2009-3-18 61440]
R2 MicrosAgent;MICROS Agent;d:\micros\rta\rtasvc.exe -s rtasvc.conf --> d:\micros\rta\RtaSvc.exe -s RtaSvc.conf [?]
R2 srvConnAdvisor;MICROS Connection Advisor;d:\micros\common\bin\ConnAdvisor.exe [2006-3-30 151552]
R2 srvMDSHTTPService;MICROS MDS HTTP Service;d:\micros\common\bin\MDSHTTPService.exe [2006-3-30 385024]
R2 svcCashManager;MICROS Cash Management;d:\micros\common\bin\CMS.exe [2006-3-30 2006016]
R2 svcCOMScheduler;MICROS LM COM Scheduler;d:\micros\common\bin\ComScheduler.exe [2006-3-30 412160]
R2 Toolbar Updater Service;Toolbar Updater Service;c:\program files\startnow toolbar\ToolbarUpdaterService.exe [2011-3-24 199904]
R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [2008-9-18 6016]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-7 22216]
R3 MICROS Credit Card Server;MICROS Credit Card Server;d:\micros\common\bin\CCS.exe [2006-3-30 180224]
R3 MICROS Database Service;MICROS Database Service;d:\micros\common\bin\resdbs.exe [2006-3-30 2056192]
R3 MICROS Print Controller;MICROS Print Controller;d:\micros\common\bin\pcontrol.exe [2006-3-30 360448]
R3 SQLANYs_sqlMICROS1;sqlMICROS1;c:\program files\sybase\asa\win32\dbsrv9.exe [2006-2-23 73728]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys --> c:\windows\system32\drivers\is3srv.sys [?]
S0 szkg5;szkg5;c:\windows\system32\drivers\szkg.sys --> c:\windows\system32\drivers\szkg.sys [?]
S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys --> c:\windows\system32\drivers\szkgfs.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-28 136176]
S2 MICROS Backup Server;MICROS Backup Server;d:\micros\common\bin\resbsm.exe [2006-3-30 827392]
S2 MICROS ILDS Server;MICROS ILDS Server;d:\micros\common\bin\ilds.exe [2006-3-30 495616]
S2 MICROS Table Management System;MICROS Table Management System;d:\micros\common\bin\TMSService.exe [2006-11-16 217088]
S3 Auto RTPatch Scheduler;Auto RTPatch Scheduler;c:\program files\common files\pocketsoft\rtpatch\autortp\artpschd.exe [2003-10-29 421888]
S3 CISERVICE;MICROS Caller ID Service;d:\micros\common\bin\CIService.exe [2006-3-30 65536]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-28 136176]
S3 MicrosDesk;MICROS Secure Desktop;d:\micros\common\bin\MicrosDsk.exe [2006-3-30 87040]
S3 MICROSTMSInterface;MICROS TMS Interface;d:\micros\common\bin\TMSInterface.exe [2006-3-30 511488]
S3 NTIdn;NTIdn;c:\windows\system32\drivers\ntidn.sys [2006-3-30 89012]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 POSPerformanceCounters;Point Of Service Performance Counters;c:\compaq\posdotnet\Microsoft.PointOfService.Service.exe [2007-2-2 42352]
.
=============== Created Last 30 ================
.
2011-10-16 23:10:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-10-16 23:10:49 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-10-16 23:04:56 1559344 ----a-w- C:\hi.exe
2011-10-16 22:54:09 -------- d-----w- c:\program files\common files\iS3
2011-10-16 22:54:09 -------- d-----w- c:\documents and settings\all users\application data\STOPzilla!
2011-10-07 19:25:04 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes
2011-10-07 19:22:04 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-10-07 19:22:01 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-07 19:22:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-05 03:31:59 -------- d-----w- C:\DLC
2011-10-05 03:18:37 232960 ----a-w- c:\windows\system32\libssl32.dll
2011-10-05 03:18:37 1177600 ----a-w- c:\windows\system32\libeay32.dll
2011-10-05 03:18:37 103424 ----a-w- c:\windows\system32\libintl3.dll
2011-10-05 03:18:37 1008128 ----a-w- c:\windows\system32\libiconv2.dll
2011-10-05 03:17:27 449024 ----a-w- c:\windows\wget.exe
2011-10-05 03:17:00 -------- d-----w- c:\program files\GnuWin32
2011-10-02 18:23:45 -------- d-----w- c:\documents and settings\administrator\local settings\application data\SugarSync
2011-10-02 18:23:34 -------- d-----w- c:\program files\SugarSync
2011-10-02 01:31:53 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-23 19:46:33 -------- d-----w- C:\Temp
.
==================== Find3M ====================
.
2010-12-15 02:04:16 8582536 ----a-w- c:\program files\Firefox Setup 3.6.13.exe
.
============= FINISH: 20:01:11.90 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 jedi

jedi

  • Members
  • 274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:06:24 PM

Posted 24 October 2011 - 10:15 AM

Hi,

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

jedi

#3 jedi

jedi

  • Members
  • 274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:06:24 PM

Posted 03 November 2011 - 04:23 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users