Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to run TDSSkiller


  • This topic is locked This topic is locked
22 replies to this topic

#1 ad030579

ad030579

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 17 December 2011 - 10:36 AM

Hi. I think I have a rootkit virus since when clicking on a link from Google, I am redirected to another site. I have downloaded TDSSkiller but when I click on the icon, nothing happens. I have renamed it and changed the extension to .com but it still won't run. I have a 64-bit system. Is there anything you can suggest?

This is part of a larger malware issue I had. I removed Windows Recovery 7 following your instructions (http://www.bleepingcomputer.com/virus-removal/remove-windows-7-recovery) and all seemed to work but the only thing I couldn't do was point 6, since I'm unable to run TDSSkiller. Any help would be most appreciated.

Thanks

Adam

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:18 AM

Posted 23 December 2011 - 10:40 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/432975 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 ad030579

ad030579
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 25 December 2011 - 07:35 AM

And now for some reason iTunes no longer recognises when my iPod is connected to my PC so will not download any recently-added music. Please help!

Thanks

Adam

#4 ad030579

ad030579
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 25 December 2011 - 07:45 AM

I've tried running DDS, it loads up and says the scan should not take longer than three minutes but it's now been running for about 20 minutes and doesn't seem to be progressing. I've tried this three times but am not getting anything different.

#5 ad030579

ad030579
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 25 December 2011 - 07:53 AM

DDS appears to have created the logs now:-

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Adam Wall at 12:38:35 on 2011-12-25
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3061.1771 [GMT 0:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
C:\PROGRA~1\COMMON~1\McAfee\MSC\McUICnt.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111219230732.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
TB: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [hka5av] C:\Users\Adam Wall\AppData\Roaming\4fhj.exe
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10y_ActiveX.exe -update activex
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [<NO NAME>]
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\ADAMWA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\ADAMWA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{D179B730-2625-41F6-999B-0FD46450935D} : DhcpNameServer = 192.168.1.254
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111219230732.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: LimeWire Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: EpsonToolBandKicker Class: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
TB-X64: EPSON Web-To-Page: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
TB-X64: LimeWire Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [(Default)]
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-10-27 92160]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-6 249936]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-6 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-6 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-6 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-7-26 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-7-26 208536]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-7-26 161168]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-10-14 994360]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-10-27 656624]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-11-3 135664]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-11-3 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-12-25 12:10:09 -------- d-----w- C:\Users\Adam Wall\AppData\Local\{B2C4145A-4CE5-42D3-AC07-F41DDDDF8B04}
2011-12-25 12:09:46 -------- d-----w- C:\Users\Adam Wall\AppData\Local\{0D8C6B83-69FB-4873-90D1-9E126D503B3D}
2011-12-24 18:40:18 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7A32AD17-FF13-4A02-9033-71CAD2C07648}\offreg.dll
2011-12-24 18:27:48 -------- d-----w- C:\Program Files (x86)\ESET
2011-12-24 17:46:30 -------- d-----w- C:\Users\Adam Wall\AppData\Local\{3CC48E92-C9A9-413D-A8F6-7799559E1D11}
2011-12-24 17:46:03 -------- d-----w- C:\Users\Adam Wall\AppData\Local\{4111DAAA-147E-4B69-87DC-FA87A57CF236}
2011-12-23 14:44:35 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7A32AD17-FF13-4A02-9033-71CAD2C07648}\mpengine.dll
2011-12-23 14:31:07 -------- d-----w- C:\Users\Adam Wall\AppData\Local\{0ADE78CE-D686-4435-A384-486EE392D839}
2011-12-23 14:30:39 -------- d-----w- C:\Users\Adam Wall\AppData\Local\{755BCE67-A370-4D4A-AD41-B581FA79B24F}
2011-12-19 20:49:52 -------- d-----w- C:\Users\Adam Wall\AppData\Local\{CB9445EA-9C72-4876-8810-6B59CAE47E35}
2011-12-19 20:49:36 -------- d-----w- C:\Users\Adam Wall\AppData\Local\{FAC1C41B-9C58-4391-B80B-7FCEC0EDE200}
2011-12-18 14:08:13 -------- d-----w- C:\Users\Adam Wall\AppData\Local\{6D580AE0-87D8-4817-960C-0D06B9A25159}
2011-12-18 14:07:57 -------- d-----w- C:\Users\Adam Wall\AppData\Local\{C540DEF5-CEFA-4377-B4F8-C700DB1930CC}
2011-12-17 12:28:20 -------- d-----w- C:\Users\Adam Wall\AppData\Local\{41BB0965-32F4-47C7-B998-4E3B4FE0F954}
2011-12-17 12:28:07 -------- d-----w- C:\Users\Adam Wall\AppData\Local\{1384082D-376D-4266-8DF2-F47BCB22EB6D}
2011-12-16 22:10:50 -------- d-----w- C:\Program Files\iPod
2011-12-16 22:10:49 -------- d-----w- C:\Program Files\iTunes
2011-12-16 22:10:49 -------- d-----w- C:\Program Files (x86)\iTunes
2011-12-16 22:07:00 -------- d-----w- C:\Program Files\Bonjour
2011-12-16 22:07:00 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-12-16 22:05:18 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-12-16 22:05:18 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-12-16 22:05:18 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-12-16 22:05:18 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-12-16 22:05:18 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-12-16 22:05:18 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-12-16 22:05:18 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-12-16 21:57:08 606544 ----a-w- C:\Program Files\GoogleEarthSetup.exe
2011-12-16 21:56:46 525544 ----a-w- C:\Windows\System32\deployJava1.dll
2011-12-16 21:42:15 -------- d-----w- C:\Users\Adam Wall\AppData\Local\Secunia PSI
2011-12-16 21:41:33 -------- d-----w- C:\Program Files (x86)\Secunia
2011-12-16 21:02:14 -------- d-----w- C:\Users\Adam Wall\AppData\Local\{FEEF68AF-CDD7-48B6-A165-D0F7FC40A8F5}
2011-12-16 20:59:58 -------- d-----w- C:\Users\Adam Wall\AppData\Local\{EC79AEEE-7D4C-47F1-83F8-1EF80AF9DD39}
2011-12-16 19:19:20 -------- d-----w- C:\Users\Adam Wall\AppData\Roaming\Malwarebytes
2011-12-16 19:19:08 -------- d-----w- C:\ProgramData\Malwarebytes
2011-12-16 19:19:04 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-12-15 21:02:10 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2011-12-15 21:02:01 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-12-15 20:46:16 -------- d-----w- C:\Users\Adam Wall\AppData\Local\{EE69D029-BBD8-45CC-845A-B05C22DF3063}
2011-12-15 20:46:04 -------- d-----w- C:\Users\Adam Wall\AppData\Local\{BAD29457-9CAF-46EC-AF0E-99CB590A5AA5}
2011-12-14 17:49:52 -------- d-----w- C:\Users\Adam Wall\AppData\Local\{B990B100-99F2-4797-ACBD-0FFF988C5B2F}
2011-12-14 17:49:39 -------- d-----w- C:\Users\Adam Wall\AppData\Local\{A347C167-CE3D-4A67-BB30-7459DDFA8076}
2011-12-13 18:15:15 -------- d-----w- C:\Users\Adam Wall\AppData\Local\{F859D216-49CA-4389-8CF2-96CD14ED21F0}
2011-12-13 18:15:03 -------- d-----w- C:\Users\Adam Wall\AppData\Local\{30F5E1C9-CAC2-4584-BA7C-5775137C4527}
2011-12-11 12:21:36 -------- d-----w- C:\Users\Adam Wall\AppData\Local\{CEA92B68-CD0E-4DA3-B408-559E266F6250}
2011-12-11 12:21:24 -------- d-----w- C:\Users\Adam Wall\AppData\Local\{C6415F0C-D191-4E5E-8EE6-FC414FEC5252}
2011-12-10 19:45:43 -------- d-----w- C:\Users\Adam Wall\AppData\Local\{B3DC2A20-674F-41F8-A4E0-C73E6E6F1D2F}
2011-12-10 19:45:28 -------- d-----w- C:\Users\Adam Wall\AppData\Local\{F975A757-E6C6-47A3-88EE-6AC61EC30407}
2011-12-07 10:26:36 -------- d-----w- C:\Users\Adam Wall\AppData\Local\{EFDB8025-5452-4D86-AFFE-72CC58F03BB7}
2011-12-07 10:26:24 -------- d-----w- C:\Users\Adam Wall\AppData\Local\{21331EE5-D6BA-4120-9CE0-650B10391DCB}
2011-12-06 16:15:12 -------- d-----w- C:\Users\Adam Wall\AppData\Local\{7447724E-A8CE-4776-BC89-1D4ACE643D18}
2011-12-06 16:14:56 -------- d-----w- C:\Users\Adam Wall\AppData\Local\{C96F6154-65CC-45E2-B730-6F08249A5A4A}
2011-12-05 18:26:31 -------- d-----w- C:\Users\Adam Wall\AppData\Local\{0F316DF9-D38B-46E4-94B6-33773E33C231}
2011-12-05 18:26:15 -------- d-----w- C:\Users\Adam Wall\AppData\Local\{F5E747A0-0D1B-4330-BA93-C5F6A4AFBF85}
2011-12-04 14:14:53 -------- d-----w- C:\Users\Adam Wall\AppData\Local\{C959DA3A-F9BA-450B-96AA-E898A47DE481}
2011-12-04 14:14:38 -------- d-----w- C:\Users\Adam Wall\AppData\Local\{0225A084-5C9C-4DDF-BC73-AEE0AF0ECB05}
2011-12-03 15:45:03 -------- d-----w- C:\Users\Adam Wall\AppData\Local\{38017BA2-B24A-44A8-88ED-A4CCEE1DA7A0}
2011-12-03 15:44:50 -------- d-----w- C:\Users\Adam Wall\AppData\Local\{118AAEAB-A1B6-4CBA-A793-BD679FA71ED3}
2011-11-30 20:09:11 -------- d-----w- C:\Users\Adam Wall\AppData\Local\{1C72C620-F570-4A54-9EBB-304319B811E3}
2011-11-30 20:08:50 -------- d-----w- C:\Users\Adam Wall\AppData\Local\{0A0D3406-EC7B-4B9A-BFDC-CEBEEBEC7B69}
2011-11-29 18:36:38 -------- d-----w- C:\Users\Adam Wall\AppData\Local\{08C53633-D6FA-41C5-BA0A-58BA2DDD8927}
2011-11-29 18:36:09 -------- d-----w- C:\Users\Adam Wall\AppData\Local\{74F12579-E29E-420F-9DAC-78DFE3C44BCB}
2011-11-27 13:25:03 -------- d-----w- C:\Program Files (x86)\Amazon
2011-11-27 12:56:55 -------- d-----w- C:\Users\Adam Wall\AppData\Local\{4EF95AA4-E885-46EA-B882-C4264E0929F9}
2011-11-27 12:56:44 -------- d-----w- C:\Users\Adam Wall\AppData\Local\{9A8FE35F-5000-4C3C-A124-F8785998E71D}
2011-11-26 19:56:56 -------- d-----w- C:\Users\Adam Wall\AppData\Local\{ABBB16C7-6129-4307-99D2-4D00A059064F}
2011-11-26 19:56:41 -------- d-----w- C:\Users\Adam Wall\AppData\Local\{378FF2AA-AC3E-448A-B3BB-D15236C35BF2}
.
==================== Find3M ====================
.
2011-12-16 22:10:28 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-16 21:59:46 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-11-05 05:32:50 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-11-05 04:35:00 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-05 04:26:03 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-11-05 03:32:47 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-05 02:48:51 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-10-24 14:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-10-24 14:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2011-10-15 13:16:16 75808 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys
2011-10-15 13:16:16 65264 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2011-10-15 13:16:16 647080 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2011-10-15 13:16:16 481768 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2011-10-15 13:16:16 284648 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2011-10-15 13:16:16 229528 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2011-10-15 13:16:16 160280 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2011-10-15 13:16:16 10248 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2011-10-15 13:16:16 100912 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2011-10-15 06:31:56 723456 ----a-w- C:\Windows\System32\EncDec.dll
2011-10-15 05:38:59 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-09-29 16:29:28 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 12:48:22.84 ===============

#6 ad030579

ad030579
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 25 December 2011 - 07:55 AM

And here's the Attach file zipped up as requested.

Attached Files



#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:18 AM

Posted 26 December 2011 - 03:24 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 ad030579

ad030579
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 26 December 2011 - 12:01 PM

Hi Gringo

Please find attached the ComboFix log as requested. Despite the prompts saying it would take 10 minutes (or double if the PC is badly infected), it took over an hour to complete, but it did get there in the end.

I've since restarted my PC and the only change I can see is that the Google logo now appears when going to the Google website (before it didn't). But that's where the good news ends. I am still unable to run TDSSKiller and continue to be redirected to other websites against my will. Furthermore, iTUNES still does not recognise my iPOD (it doesn't appear in My Computer either). Also, when I insert my USB memory stick, my PC now insists that I format this, which I don't want to do as it has data on it which I don't want to risk being lost.

Any ideas? It really is starting to become a major headache for me!

Thanks

Adam

Attached Files


Edited by ad030579, 26 December 2011 - 12:31 PM.


#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:18 AM

Posted 26 December 2011 - 12:53 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun TDSSKiller for me and send me the report

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 ad030579

ad030579
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 26 December 2011 - 04:39 PM

That seems to have done the trick....horray! FixTDSS detected an infected MBR and successfully repaired it. The Google redirects have nowgone and my PC is finally detecting my USB stick (and not requested it be formatted) and iPOD which now synchs with iTUNES once more [sighs with relief]. My PC did make a loud beeping noise 20 minutes or so later and I got what I thought was a blue 'screen of death', but it restarted and all still seems to be ok, so thank you SOOOOO much. At last I can get some sleep tonight!

Many thanks again!

Adam

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:18 AM

Posted 26 December 2011 - 04:46 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 ad030579

ad030579
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 27 December 2011 - 11:58 AM

Hi Gringo

How do I run the script? Since it doesn't appear to be a hyperlink, I've tried typing it into "Run" but it says, "Windows cannot find."

Might I also add that Internet Explorer closes down unexpectedly on quite a regular basis (every 5 mins or so). Could this be a sympton of the other stuff you've found?

Thanks

Adam

Edited by ad030579, 27 December 2011 - 01:36 PM.


#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:18 AM

Posted 27 December 2011 - 06:34 PM

Hello


under "run script" it says to open notepad

after you have opened notepad you need to copy the text that is in the box and paste it into the notepad that you have opened



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 ad030579

ad030579
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 29 December 2011 - 11:15 AM

Hi Gringo

Please find attached the logfile, as requested.

Kind Regards

Adam

Attached Files



#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:18 AM

Posted 29 December 2011 - 05:13 PM

Hello

I would ike to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users