Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan zeroaccess B


  • This topic is locked This topic is locked
64 replies to this topic

#1 tmoney12

tmoney12

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:03:15 AM

Posted 12 February 2012 - 05:23 PM

My computer is really acting weird. At some point I think I had the Google redirect virus but now I have Norton and I have run it. It says I have Trojan zeroaccess B but I cannot remove it with their tool because I have 64 bit windows. Every time I shut down Windows does not start up properly (it attempts to make repairs but then says it cannot and does a restore) and then it goes to system restore but I still have the same issues when it does boot up. Please help.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Todd at 16:58:15 on 2012-02-12
.
============== Running Processes ===============
.
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\sminst\sftservice.EXE
C:\Program Files (x86)\GetGo Software\GetGo Download Manager\GetGoDM.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Bradford Networks\Persistent Agent\bncsaui.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\ping.exe
C:\Users\Todd\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local;<local>
mURLSearchHooks: AOL Messaging Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
mURLSearchHooks: H - No File
BHO: GetGo URLCatch: {0315aa2c-10c7-4504-a1c4-f552aba8a095} - C:\Program Files (x86)\GetGo Software\GetGo Download Manager\URLCatch.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110504011555.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AOL Messaging Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: AOL Messaging Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
TB: GetGo Toolbar: {075bbe29-fec0-404a-a459-ff58713616fa} - C:\Program Files (x86)\GetGo Software\GetGo Download Manager\GGToolBand.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [GetGoDM] C:\Program Files (x86)\GetGo Software\GetGo Download Manager\GetGoDM.exe /minimized:
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [bncsaui.exe] %ProgramFiles%\Bradford Networks\Persistent Agent\bncsaui.exe
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [jusched] C:\Windows\TEMP\kjghsad.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
dRun: [jusched] C:\Windows\TEMP\kjghsad.exe
dRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10o_ActiveX.exe -update activex
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: {01A13E40-2F55-4397-B39B-7851BCFB8008} - C:\Program Files (x86)\GetGo Software\GetGo Download Manager\GetGoDM.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
LSP: mswsock.dll
Trusted Zone: medcity.net\capital.ns
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{8FE12D32-9541-446D-B89F-3BD38A7A29DF} : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{8FE12D32-9541-446D-B89F-3BD38A7A29DF}\25166756E63723 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8FE12D32-9541-446D-B89F-3BD38A7A29DF}\27166756E637 : DhcpNameServer = 68.87.75.198 68.87.64.150
TCP: Interfaces\{8FE12D32-9541-446D-B89F-3BD38A7A29DF}\64F6572705F696E647370275962756C6563737 : DhcpNameServer = 198.190.226.3 198.190.226.30
TCP: Interfaces\{8FE12D32-9541-446D-B89F-3BD38A7A29DF}\7505148435F575962756C6563737 : DhcpNameServer = 66.28.0.45
TCP: Interfaces\{F48F9893-38F0-41E2-88E6-03555DCB95EA} : DhcpNameServer = 68.87.73.246 68.87.71.230
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: GetGo URLCatch: {0315AA2C-10C7-4504-A1C4-F552ABA8A095} - C:\Program Files (x86)\GetGo Software\GetGo Download Manager\URLCatch.dll
BHO-X64: GetGo URL Catcher (dont remove!) - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Skype add-on (mastermind): {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO-X64: Skype add-on (mastermind) - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110504011555.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AOL Messaging Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
BHO-X64: AOL Messaging Toolbar Loader - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: AOL Messaging Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
TB-X64: GetGo Toolbar: {075BBE29-FEC0-404a-A459-FF58713616FA} - C:\Program Files (x86)\GetGo Software\GetGo Download Manager\GGToolBand.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\coIEPlg.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [bncsaui.exe] %ProgramFiles%\Bradford Networks\Persistent Agent\bncsaui.exe
mRun-x64: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun-x64: [jusched] C:\Windows\TEMP\kjghsad.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
IE-X64: {01A13E40-2F55-4397-B39B-7851BCFB8008} - C:\Program Files (x86)\GetGo Software\GetGo Download Manager\GetGoDM.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Todd\AppData\Roaming\Mozilla\Firefox\Profiles\ziikljgv.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R? BHDrvx64;BHDrvx64
R? cfwids;McAfee Inc. cfwids
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update Service (gupdatem)
R? McComponentHostService;McAfee Security Scan Component Host Service
R? McShield;McShield
R? mferkdet;McAfee Inc. mferkdet
R? Secunia Update Agent;Secunia Update Agent
R? SymIRON;Symantec Iron Driver
R? TsUsbFlt;TsUsbFlt
R? USBAAPL64;Apple Mobile USB Driver
R? WatAdminSvc;Windows Activation Technologies Service
R? WDC_SAM;WD SCSI Pass Thru driver
R? WSDPrintDevice;WSD Print Support via UMB
S? AESTFilters;Andrea ST Filters Service
S? BNPagent;Bradford Persistent Agent Service
S? CtClsFlt;Creative Camera Class Upper Filter Driver
S? ctxusbm;Citrix USB Monitor Driver
S? DockLoginService;Dock Login Service
S? HPSIService;HP SI Service
S? IDSVia64;IDSVia64
S? IntcHdmiAddService;Intel® High Definition Audio HDMI
S? itecir;ITECIR Infrared Receiver
S? k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0
S? mfeavfk;McAfee Inc. mfeavfk
S? mfefire;McAfee Firewall Core Service
S? mfefirek;McAfee Inc. mfefirek
S? mfehidk;McAfee Inc. mfehidk
S? mfenlfk;McAfee NDIS Light Filter
S? mfevtp;McAfee Validation Trust Protection Service
S? mfewfpk;McAfee Inc. mfewfpk
S? N360;Norton 360
S? OA001Ufd;Creative Camera OA001 Upper Filter Driver
S? OA001Vid;Creative Camera OA001 Function Driver
S? PxHlpa64;PxHlpa64
S? SftService;SoftThinks Agent Service
S? SymDS;Symantec Data Store
S? SymEFA;Symantec Extended File Attributes
S? SymNetS;Symantec Network Security WFP Driver
S? vwififlt;Virtual WiFi Filter Driver
S? vwifimp;Microsoft Virtual WiFi Miniport Service
.
=============== Created Last 30 ================
.
2012-02-12 21:41:15 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd
2012-02-12 19:41:39 -------- d-----w- C:\Program Files\Symantec
2012-02-12 19:41:01 -------- d-----w- C:\Windows\System32\drivers\NAVx64\1305000.091
2012-02-12 19:33:46 -------- d-----w- C:\Users\Todd\AppData\Local\CrashDumps
2012-01-29 18:59:04 -------- d-----w- C:\Users\Todd\AppData\Roaming\FixTDSS
2012-01-29 17:41:40 -------- d-----w- C:\Users\Todd\AppData\Roaming\Tific
2012-01-29 17:41:39 -------- d-----w- C:\Users\Todd\AppData\Local\Symantec
.
==================== Find3M ====================
.
2012-02-12 21:44:58 743400 ----a-w- C:\Windows\System32\PerfStringBackup.TMP
2012-01-07 00:22:11 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2011-12-09 01:47:52 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-27 16:53:31 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
.
============= FINISH: 16:59:22.72 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:15 AM

Posted 16 February 2012 - 10:32 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:15 AM

Posted 19 February 2012 - 01:45 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 tmoney12

tmoney12
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:03:15 AM

Posted 19 February 2012 - 01:19 PM

I ran combo fix without any problems but then I tried to open Firefox and explorer and got an error message saying the registry item had been marked for deletion. I then restarted my computer but it wouldn't start windows properly so it then repaired it with system restore. So when it did finally boot up combo fix was nowhere to be found. I have done this twice and the same thing has happened.

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:15 AM

Posted 19 February 2012 - 01:46 PM

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 tmoney12

tmoney12
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:03:15 AM

Posted 19 February 2012 - 03:52 PM

I am trying to post a response with my log but the connection isn't going through.

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:15 AM

Posted 19 February 2012 - 05:14 PM

Hello


Upload it to Mediafire.com and send me the link here



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 tmoney12

tmoney12
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:03:15 AM

Posted 19 February 2012 - 05:29 PM

I'm not sure whats going on but I get an error message when I try to upload it on mediafire.com. It says IO error?

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:15 AM

Posted 19 February 2012 - 05:44 PM

can you paste it in two parts


I really want to see the first half for now


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 tmoney12

tmoney12
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:03:15 AM

Posted 19 February 2012 - 08:16 PM

Scan result of Farbar Recovery Scan Tool Version: 17-02-2012 (L)
Ran by SYSTEM at 2012-02-19 15:36:32
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet002

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [272896 2008-08-25] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray64.exe [462848 2009-03-30] (IDT, Inc.)
HKLM\...\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m [1807600 2009-11-13] ()
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [161304 2010-08-25] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2010-08-25] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [415256 2010-08-25] (Intel Corporation)
HKLM-x32\...\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m [1807600 2009-11-13] ()
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [405639 2009-01-09] (Creative Technology Ltd)
HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [128232 2009-02-04] (CyberLink Corp.)
HKLM-x32\...\Run: [bncsaui.exe] %ProgramFiles%\Bradford Networks\Persistent Agent\bncsaui.exe [2625304 2010-09-29] (Bradford Networks)
HKLM-x32\...\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup [304568 2010-10-12] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [jusched] C:\Windows\TEMP\kjghsad.exe [x]
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2011-09-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-29] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-11-12] (Apple Inc.)
HKU\Admin\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized [x]
HKU\Guest\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [3882312 2008-12-02] (Microsoft Corporation)
HKU\Jenn\...\Run: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US [4321112 2011-01-05] (AOL Inc.)
HKU\Todd\...\Run: [GetGoDM] C:\Program Files (x86)\GetGo Software\GetGo Download Manager\GetGoDM.exe /minimized: [3668208 2011-01-24] (GetGo Software)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_73e1f0dede412369\AESTSr64.exe [89600 2009-03-30] (Andrea Electronics Corporation)
2 atixsaudio; C:\Windows\System32\servidor.dll [6656 2009-07-13] (Oak Technology Inc.)
2 BNPagent; "C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe" [3067672 2010-09-29] (Bradford Networks)
2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [462184 2011-08-30] (Apple Inc.)
2 HPSIService; C:\Windows\system32\HPSIsvc.exe [127800 2010-04-07] (HP)
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [200056 2010-10-13] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [245352 2010-10-13] (McAfee, Inc.)
2 mfevtp; "C:\Windows\system32\mfevtps.exe" [149032 2010-10-13] (McAfee, Inc.)
2 N360; "C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\ccSvcHst.exe" /s "N360" /m "C:\Program Files (x86)\Norton 360\Engine\5.1.0.29\diMaster.dll" /prefetch:1 [262584 2011-03-31] (Symantec Corporation)
2 SftService; "C:\Windows\sminst\sftservice.EXE" [632048 2009-02-23] (SoftThinks)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_73e1f0dede412369\STacSV64.exe [268288 2009-03-30] (IDT, Inc.)
2 Secunia Update Agent; "C:\Program Files (x86)\Secunia\PSI\sua.exe" --start-service [x]

========================== Drivers (Whitelisted) =============

1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111221.003\BHDrvx64.sys [1156216 2011-12-21] (Symantec Corporation)
3 cfwids; C:\Windows\System32\drivers\cfwids.sys [62800 2010-10-13] (McAfee, Inc.)
1 ctxusbm; C:\Windows\System32\DRIVERS\ctxusbm.sys [87600 2010-07-14] (Citrix Systems, Inc.)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2012-01-05] (Symantec Corporation)
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120106.002\IDSvia64.sys [488568 2012-01-05] (Symantec Corporation)
3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [60416 2009-10-08] (ITE Tech. Inc. )
3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [121248 2010-10-13] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [190136 2010-10-13] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [441328 2010-10-13] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [529128 2010-10-13] (McAfee, Inc.)
1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75032 2010-10-13] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [94864 2010-10-13] (McAfee, Inc.)
0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [283360 2010-10-13] (McAfee, Inc.)
3 OA001Ufd; C:\Windows\System32\DRIVERS\OA001Ufd.sys [158592 2009-01-19] (Creative Technology Ltd.)
3 OA001Vid; C:\Windows\System32\DRIVERS\OA001Vid.sys [318656 2009-01-19] (Creative Technology Ltd.)
1 SRTSP; C:\Windows\System32\drivers\N360x64\0501000.01D\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
1 SRTSPX; C:\Windows\System32\drivers\N360x64\0501000.01D\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\N360x64\0501000.01D\SYMDS64.SYS [450680 2011-01-26] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2012-01-06] (Symantec Corporation)
1 SymIRON; C:\Windows\System32\drivers\N360x64\0501000.01D\Ironx64.SYS [171128 2011-01-26] (Symantec Corporation)
1 SymNetS; C:\Windows\System32\drivers\N360x64\0501000.01D\SYMNETS.SYS [386168 2011-07-08] (Symantec Corporation)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120128.009_2eb\ENG64.SYS [x]
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120128.009_2eb\EX64.SYS [x]

========================== NetSvcs (Whitelisted) ===========
NETSVC: atixsaudio

============ One Month Created Files and Folders ==============

2012-02-19 15:36 - 2012-02-19 15:36 - 0000000 ____D C:\FRST
2012-02-19 12:29 - 2012-02-19 12:29 - 1381727 ____A C:\Users\Todd\Downloads\FRST64.exe
2012-02-19 12:26 - 2012-02-19 12:26 - 0000000 ____D C:\Windows\system64
2012-02-19 10:08 - 2012-02-19 10:08 - 0317604 ____A C:\ComboFix.txt
2012-02-19 08:46 - 2012-02-19 08:46 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG2
2012-02-19 08:46 - 2012-02-19 08:46 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG1
2012-02-19 08:46 - 2012-02-19 08:46 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG2
2012-02-19 08:46 - 2012-02-19 08:46 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG1
2012-02-19 08:46 - 2012-02-19 08:46 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG2
2012-02-19 08:46 - 2012-02-19 08:46 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG1
2012-02-19 08:46 - 2012-02-19 08:46 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG2
2012-02-19 08:46 - 2012-02-19 08:46 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG1
2012-02-19 08:46 - 2012-02-19 08:46 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG2
2012-02-19 08:46 - 2012-02-19 08:46 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG1
2012-02-12 14:01 - 2012-02-12 14:01 - 0002993 ____A C:\Users\Todd\Desktop\Attach.txt
2012-02-12 14:00 - 2012-02-12 14:00 - 0017161 ____A C:\Users\Todd\Desktop\DDS.txt
2012-02-12 13:55 - 2012-02-12 13:55 - 0000470 ____A C:\Users\Todd\Desktop\defogger_disable.log
2012-02-12 13:55 - 2012-02-12 13:55 - 0000000 ____A C:\Users\Todd\defogger_reenable
2012-02-12 13:41 - 2012-02-19 12:29 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-02-12 13:41 - 2012-02-19 12:26 - 0000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cce9cf1b4b37a0.job
2012-02-12 13:41 - 2012-02-19 12:26 - 0000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cce9cf1a28cfbe.job
2012-02-12 11:41 - 2012-02-12 11:41 - 0000000 ____D C:\Program Files\Symantec
2012-02-12 11:33 - 2012-02-12 11:36 - 0000000 ____D C:\Users\Todd\AppData\Local\CrashDumps
2012-01-29 10:59 - 2012-01-29 10:59 - 0000000 ____D C:\Users\Todd\AppData\Roaming\FixTDSS
2012-01-29 09:41 - 2012-01-29 09:41 - 0000000 ____D C:\Users\Todd\AppData\Roaming\Tific
2012-01-29 09:41 - 2012-01-29 09:41 - 0000000 ____D C:\Users\Todd\AppData\Local\Symantec
2012-01-28 12:50 - 2012-01-28 12:50 - 0002984 ____A C:\{F559C47A-DA2A-4034-BCDE-D76D32C49466}

============ 3 Months Modified Files and Folders =============

2012-02-19 15:36 - 2012-02-19 15:36 - 0000000 ____D C:\FRST
2012-02-19 14:12 - 2012-01-06 15:38 - 0000000 ____D C:\users\new
2012-02-19 14:12 - 2009-12-15 04:45 - 0000000 ___HD C:\users\Jenn
2012-02-19 14:12 - 2009-12-14 14:19 - 0000000 ___HD C:\users\Guest
2012-02-19 14:12 - 2009-12-14 14:19 - 0000000 ___HD C:\users\Admin
2012-02-19 14:12 - 2009-07-13 21:37 - 0000000 ___HD C:\Windows\SysWOW64\sysprep
2012-02-19 14:12 - 2009-07-13 21:32 - 0000000 ___HD C:\Program Files\Windows Sidebar
2012-02-19 14:12 - 2009-07-13 21:32 - 0000000 ___HD C:\Program Files (x86)\Windows Sidebar
2012-02-19 14:12 - 2009-07-13 19:20 - 0000000 ___HD C:\Windows\TAPI
2012-02-19 14:12 - 2009-07-13 19:20 - 0000000 ___HD C:\Windows\SysWOW64\Recovery
2012-02-19 14:12 - 2009-07-13 19:20 - 0000000 ___HD C:\Windows\System32\Msdtc
2012-02-19 14:12 - 2009-06-16 03:19 - 0000000 ___HD C:\Windows\SysWOW64\x64
2012-02-19 14:12 - 2009-06-16 03:19 - 0000000 ___HD C:\Windows\SysWOW64\Lang
2012-02-19 14:11 - 2012-01-06 16:18 - 0000000 ____D C:\Windows\System32\Drivers\N360x64
2012-02-19 14:11 - 2011-11-27 06:15 - 0000000 ____D C:\Users\Todd\Downloads\tdsskiller
2012-02-19 14:11 - 2011-07-06 14:48 - 0000000 ___HD C:\Windows\ERDNT
2012-02-19 14:11 - 2011-06-12 14:58 - 0000000 ___HD C:\Windows\System32\SPReview
2012-02-19 14:11 - 2011-06-12 14:57 - 0000000 ___HD C:\Windows\System32\EventProviders
2012-02-19 14:11 - 2011-05-23 16:37 - 0000000 ___HD C:\Users\Todd\Documents\SharePod
2012-02-19 14:11 - 2010-06-12 14:57 - 0000000 ___HD C:\Windows\Minidump
2012-02-19 14:11 - 2009-12-14 14:18 - 0000000 ___HD C:\Windows\System32\SRSLabs
2012-02-19 14:11 - 2009-07-13 23:45 - 0000000 ___HD C:\Windows\ShellNew
2012-02-19 14:11 - 2009-07-13 21:32 - 0000000 ___HD C:\Windows\Downloaded Program Files
2012-02-19 14:11 - 2009-07-13 20:45 - 0000000 ___HD C:\Windows\Setup
2012-02-19 14:11 - 2009-07-13 19:20 - 0000000 ___HD C:\Windows\System32\sysprep
2012-02-19 14:11 - 2009-07-13 19:20 - 0000000 ___HD C:\Windows\System32\spool
2012-02-19 14:11 - 2009-07-13 19:20 - 0000000 ___HD C:\Windows\System32\oobe
2012-02-19 14:11 - 2009-07-13 19:20 - 0000000 ___HD C:\Windows\System32\NDF
2012-02-19 14:11 - 2009-07-13 19:20 - 0000000 ___HD C:\Windows\security
2012-02-19 14:11 - 2009-07-13 19:20 - 0000000 ___HD C:\Windows\IME
2012-02-19 14:11 - 2009-07-13 19:20 - 0000000 ___HD C:\Windows\Help
2012-02-19 14:11 - 2009-07-13 19:20 - 0000000 ___HD C:\Windows\AppCompat
2012-02-19 14:11 - 2009-06-16 03:49 - 0000000 ___HD C:\Windows\sminst
2012-02-19 14:11 - 2009-06-16 03:33 - 0000000 ___HD C:\Windows\ITECIR
2012-02-19 14:10 - 2012-01-06 16:19 - 0000000 ____D C:\Program Files\Common Files\Symantec Shared
2012-02-19 14:10 - 2012-01-06 16:18 - 0000000 ____D C:\Program Files (x86)\Norton 360
2012-02-19 14:10 - 2012-01-06 15:40 - 0000000 ____D C:\Users\new\AppData\Roaming\Adobe
2012-02-19 14:10 - 2012-01-06 15:39 - 0000000 ____D C:\Users\new\AppData\Roaming\Mozilla
2012-02-19 14:10 - 2012-01-06 15:38 - 0000000 ____D C:\Users\new\AppData\Roaming\Macromedia
2012-02-19 14:10 - 2012-01-06 15:38 - 0000000 ____D C:\Users\new\AppData\Roaming\ICAClient
2012-02-19 14:10 - 2012-01-06 15:38 - 0000000 ____D C:\Users\new\AppData\LocalLow
2012-02-19 14:10 - 2011-12-17 08:22 - 0000000 ____D C:\Users\Admin\Downloads\tdsskiller
2012-02-19 14:10 - 2011-11-27 09:53 - 0000000 ____D C:\Users\All Users\Norton
2012-02-19 14:10 - 2011-11-27 09:53 - 0000000 ____D C:\ProgramData\Norton
2012-02-19 14:10 - 2011-11-27 09:35 - 0000000 ____D C:\Program Files\iTunes
2012-02-19 14:10 - 2011-11-27 09:35 - 0000000 ____D C:\Program Files\iPod
2012-02-19 14:10 - 2011-11-27 09:33 - 0000000 ____D C:\Program Files (x86)\Apple Software Update
2012-02-19 14:10 - 2011-11-27 09:32 - 0000000 ____D C:\Program Files\Bonjour
2012-02-19 14:10 - 2011-11-27 09:32 - 0000000 ____D C:\Program Files (x86)\Bonjour
2012-02-19 14:10 - 2011-11-13 17:37 - 0000000 ____D C:\Users\All Users\MFAData
2012-02-19 14:10 - 2011-11-13 17:37 - 0000000 ____D C:\ProgramData\MFAData
2012-02-19 14:10 - 2011-11-10 08:43 - 0000000 ___HD C:\Users\Jenn\AppData\Roaming\ICAClient
2012-02-19 14:10 - 2011-09-02 19:40 - 0000000 ___HD C:\Users\All Users\McAfee Security Scan
2012-02-19 14:10 - 2011-09-02 19:40 - 0000000 ___HD C:\ProgramData\McAfee Security Scan
2012-02-19 14:10 - 2011-09-02 19:40 - 0000000 ___HD C:\Program Files (x86)\McAfee Security Scan
2012-02-19 14:10 - 2011-08-13 08:09 - 0000000 ___HD C:\Users\Admin\AppData\Roaming\ICAClient
2012-02-19 14:10 - 2011-08-02 14:16 - 0000000 ___HD C:\Users\Todd\AppData\Roaming\ICAClient
2012-02-19 14:10 - 2011-07-04 15:20 - 0000000 ___HD C:\Program Files (x86)\FLAC
2012-02-19 14:10 - 2011-06-12 10:07 - 0000000 ___HD C:\Users\Todd\AppData\Local\Stardock_Corporation
2012-02-19 14:10 - 2011-05-24 18:47 - 0000000 ___HD C:\Program Files (x86)\iTunes
2012-02-19 14:10 - 2011-05-02 15:49 - 0000000 ___HD C:\Jude Knee X-Ray
2012-02-19 14:10 - 2011-05-02 15:28 - 0000000 ___HD C:\Program Files (x86)\Mozilla Firefox
2012-02-19 14:10 - 2011-02-10 14:11 - 0000000 ___HD C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-19 14:10 - 2011-01-30 12:02 - 0000000 ___HD C:\Program Files (x86)\Free Download Manager
2012-02-19 14:10 - 2011-01-30 11:19 - 0000000 ___HD C:\Users\Todd\AppData\Roaming\GetGo Software
2012-02-19 14:10 - 2011-01-30 10:54 - 0000000 ___HD C:\Users\All Users\Apple Computer
2012-02-19 14:10 - 2011-01-30 10:54 - 0000000 ___HD C:\ProgramData\Apple Computer
2012-02-19 14:10 - 2011-01-30 10:54 - 0000000 ___HD C:\Program Files (x86)\QuickTime
2012-02-19 14:10 - 2011-01-30 10:53 - 0000000 ___HD C:\Program Files\Common Files\Apple
2012-02-19 14:10 - 2011-01-15 15:26 - 0000000 ___HD C:\Program Files (x86)\AIM Toolbar
2012-02-19 14:10 - 2011-01-15 15:25 - 0000000 ___HD C:\Program Files (x86)\AIM
2012-02-19 14:10 - 2010-11-13 10:44 - 0000000 ___HD C:\Program Files (x86)\10Q Study
2012-02-19 14:10 - 2010-11-13 04:25 - 0000000 ___HD C:\Program Files (x86)\2010 OITE
2012-02-19 14:10 - 2010-11-12 15:40 - 0000000 ___HD C:\Users\All Users\Apple
2012-02-19 14:10 - 2010-11-12 15:40 - 0000000 ___HD C:\ProgramData\Apple
2012-02-19 14:10 - 2010-09-19 13:11 - 0000000 ___HD C:\Program Files (x86)\vShare
2012-02-19 14:10 - 2010-07-22 16:23 - 0000000 ___HD C:\Program Files (x86)\Veetle
2012-02-19 14:10 - 2009-12-26 04:55 - 0000000 ___HD C:\Users\Todd\AppData\Local\PowerDVD DX
2012-02-19 14:10 - 2009-12-25 13:02 - 0000000 ___HD C:\Users\Jenn\AppData\Roaming\Skype
2012-02-19 14:10 - 2009-12-15 07:41 - 0000000 __RHD C:\Program Files (x86)\Skype
2012-02-19 14:10 - 2009-12-15 07:41 - 0000000 ___HD C:\Users\All Users\Skype
2012-02-19 14:10 - 2009-12-15 07:41 - 0000000 ___HD C:\Users\Admin\AppData\Roaming\Skype
2012-02-19 14:10 - 2009-12-15 07:41 - 0000000 ___HD C:\ProgramData\Skype
2012-02-19 14:10 - 2009-12-15 05:47 - 0000000 ___HD C:\Program Files (x86)\Microsoft ActiveSync
2012-02-19 14:10 - 2009-12-15 05:46 - 0000000 ___HD C:\Program Files (x86)\Microsoft Visual Studio
2012-02-19 14:10 - 2009-12-15 04:38 - 0000000 ___HD C:\Program Files\Alwil Software
2012-02-19 14:10 - 2009-12-14 14:17 - 0000000 ___HD C:\Program Files\DellTPad
2012-02-19 14:10 - 2009-12-14 12:06 - 0000000 ___HD C:\Users\Admin\AppData\Local\DellWin7Upgrade
2012-02-19 14:10 - 2009-10-09 11:28 - 0000000 ___HD C:\Users\Admin\AppData\Roaming\Creative
2012-02-19 14:10 - 2009-08-29 08:48 - 0000000 ___HD C:\Users\Guest\AppData\Local\Stardock_Corporation
2012-02-19 14:10 - 2009-07-31 12:43 - 0000000 ___HD C:\Users\Guest\AppData\Roaming\Creative
2012-02-19 14:10 - 2009-07-15 10:37 - 0000000 ___HD C:\Users\Guest\AppData\Local\PowerDVD DX
2012-02-19 14:10 - 2009-07-13 21:32 - 0000000 ___HD C:\Program Files\Microsoft Games
2012-02-19 14:10 - 2009-07-13 19:20 - 0000000 ___HD C:\Program Files\Common Files\Microsoft Shared
2012-02-19 14:10 - 2009-06-16 05:28 - 0000000 ___HD C:\DELL
2012-02-19 14:10 - 2009-06-16 04:01 - 0000000 ___HD C:\Program Files (x86)\Creative Live! Cam
2012-02-19 14:10 - 2009-06-16 04:01 - 0000000 ___HD C:\Program Files (x86)\Creative
2012-02-19 14:10 - 2009-06-16 04:00 - 0000000 ___HD C:\Program Files (x86)\CyberLink
2012-02-19 14:10 - 2009-06-16 03:59 - 0000000 ___HD C:\Program Files (x86)\Microsoft Silverlight
2012-02-19 14:10 - 2009-06-16 03:55 - 0000000 ___HD C:\Program Files (x86)\Windows Live SkyDrive
2012-02-19 14:10 - 2009-06-16 03:55 - 0000000 ___HD C:\Program Files (x86)\Windows Live
2012-02-19 14:10 - 2009-06-16 03:49 - 0000000 ___HD C:\Program Files (x86)\Dell DataSafe Online
2012-02-19 14:10 - 2009-06-16 03:44 - 0000000 ___HD C:\Users\All Users\Uninstall
2012-02-19 14:10 - 2009-06-16 03:44 - 0000000 ___HD C:\ProgramData\Uninstall
2012-02-19 14:10 - 2009-06-16 03:44 - 0000000 ___HD C:\Program Files (x86)\Citrix
2012-02-19 14:10 - 2009-06-16 03:42 - 0000000 ___HD C:\Users\All Users\InstallShield
2012-02-19 14:10 - 2009-06-16 03:42 - 0000000 ___HD C:\ProgramData\InstallShield
2012-02-19 14:10 - 2009-06-16 03:42 - 0000000 ___HD C:\Program Files (x86)\Roxio
2012-02-19 14:10 - 2009-06-16 03:41 - 0000000 ___HD C:\Program Files (x86)\Microsoft Office
2012-02-19 14:10 - 2009-06-16 03:40 - 0000000 ___HD C:\Program Files (x86)\Microsoft Works
2012-02-19 14:09 - 2011-07-06 17:11 - 0000000 __SHD C:\$RECYCLE.BIN
2012-02-19 14:08 - 2009-07-13 19:20 - 0000000 ___HD C:\Windows\registration
2012-02-19 14:04 - 2009-07-13 21:37 - 0000000 ___HD C:\Windows\SysWOW64\winrm
2012-02-19 14:04 - 2009-07-13 21:37 - 0000000 ___HD C:\Windows\SysWOW64\WCN
2012-02-19 14:04 - 2009-07-13 21:37 - 0000000 ___HD C:\Windows\SysWOW64\slmgr
2012-02-19 14:04 - 2009-07-13 21:37 - 0000000 ___HD C:\Windows\SysWOW64\Printing_Admin_Scripts
2012-02-19 14:04 - 2009-07-13 21:32 - 0000000 ___HD C:\Windows\SysWOW64\WindowsPowerShell
2012-02-19 14:04 - 2009-07-13 19:20 - 0000000 ___HD C:\Windows\Web
2012-02-19 14:04 - 2009-07-13 19:20 - 0000000 ___HD C:\Windows\Vss
2012-02-19 14:04 - 2009-07-13 19:20 - 0000000 ___HD C:\Windows\SysWOW64\spp
2012-02-19 14:04 - 2009-07-13 19:20 - 0000000 ___HD C:\Windows\SysWOW64\Speech
2012-02-19 14:04 - 2009-07-13 19:20 - 0000000 ___HD C:\Windows\SysWOW64\NetworkList
2012-02-19 14:04 - 2009-07-13 19:20 - 0000000 ___HD C:\Windows\SysWOW64\MUI
2012-02-19 14:04 - 2009-07-13 19:20 - 0000000 ___HD C:\Windows\SysWOW64\Msdtc
2012-02-19 14:04 - 2009-07-13 19:20 - 0000000 ___HD C:\Windows\SysWOW64\migwiz
2012-02-19 14:04 - 2009-07-13 19:20 - 0000000 ___HD C:\Windows\SysWOW64\InstallShield
2012-02-19 14:04 - 2009-07-13 19:20 - 0000000 ___HD C:\Windows\SysWOW64\IME
2012-02-19 14:04 - 2009-07-13 19:20 - 0000000 ___HD C:\Windows\SysWOW64\Dism
2012-02-19 14:04 - 2009-06-16 03:29 - 0000000 ___HD C:\Windows\SysWOW64\Macromed
2012-02-19 14:01 - 2011-11-27 09:01 - 0000000 ____D C:\Windows\System32\Macromed
2012-02-19 14:01 - 2009-07-13 21:37 - 0000000 ___HD C:\Windows\System32\winrm
2012-02-19 14:01 - 2009-07-13 21:37 - 0000000 ___HD C:\Windows\System32\WCN
2012-02-19 14:01 - 2009-07-13 21:37 - 0000000 ___HD C:\Windows\System32\slmgr
2012-02-19 14:01 - 2009-07-13 21:37 - 0000000 ___HD C:\Windows\System32\Printing_Admin_Scripts
2012-02-19 14:01 - 2009-07-13 21:32 - 0000000 ___HD C:\Windows\System32\WindowsPowerShell
2012-02-19 14:01 - 2009-07-13 21:32 - 0000000 ___HD C:\Windows\System32\WinBioPlugIns
2012-02-19 14:01 - 2009-07-13 19:20 - 0000000 ___HD C:\Windows\SysWOW64\com
2012-02-19 14:01 - 2009-07-13 19:20 - 0000000 ___HD C:\Windows\System32\spp
2012-02-19 14:01 - 2009-07-13 19:20 - 0000000 ___HD C:\Windows\System32\Speech
2012-02-19 14:01 - 2009-07-13 19:20 - 0000000 ___HD C:\Windows\System32\SMI
2012-02-19 14:01 - 2009-07-13 19:20 - 0000000 ___HD C:\Windows\System32\NetworkList
2012-02-19 14:01 - 2009-07-13 19:20 - 0000000 ___HD C:\Windows\System32\MUI
2012-02-19 14:01 - 2009-07-13 19:20 - 0000000 ___HD C:\Windows\System32\migwiz
2012-02-19 14:01 - 2009-07-13 19:20 - 0000000 ___HD C:\Windows\System32\IME
2012-02-19 14:01 - 2009-07-13 19:20 - 0000000 ___HD C:\Windows\System32\Dism
2012-02-19 14:01 - 2009-07-13 19:20 - 0000000 ___HD C:\Windows\System32\com
2012-02-19 14:01 - 2009-07-13 19:20 - 0000000 ___HD C:\Windows\Speech
2012-02-19 14:00 - 2009-07-13 21:32 - 0000000 ___HD C:\Windows\Performance
2012-02-19 14:00 - 2009-07-13 20:45 - 0000000 ___HD C:\Windows\ServiceProfiles
2012-02-19 14:00 - 2009-07-13 19:20 - 0000000 ___HD C:\Windows\schemas
2012-02-19 14:00 - 2009-07-13 19:20 - 0000000 ___HD C:\Windows\Resources
2012-02-19 14:00 - 2009-07-13 19:20 - 0000000 ___HD C:\Windows\PolicyDefinitions
2012-02-19 14:00 - 2009-07-13 19:20 - 0000000 ___HD C:\Windows\PLA
2012-02-19 13:56 - 2009-07-13 19:20 - 0000000 ___HD C:\Windows\Globalization
2012-02-19 13:56 - 2009-07-13 19:20 - 0000000 ___HD C:\Windows\Branding
2012-02-19 13:54 - 2011-11-27 09:53 - 0000000 ____D C:\Users\Public\Downloads\Norton
2012-02-19 13:54 - 2011-11-27 08:52 - 0000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2012-02-19 13:54 - 2011-11-27 08:52 - 0000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2012-02-19 13:54 - 2011-05-16 16:05 - 0000000 ___HD C:\Users\Todd\AppData\Roaming\Mozilla
2012-02-19 13:54 - 2011-05-02 15:29 - 0000000 ___HD C:\Users\Jenn\AppData\Roaming\Mozilla
2012-02-19 13:54 - 2011-01-30 10:55 - 0000000 ___HD C:\Users\Todd\AppData\Roaming\Apple Computer
2012-02-19 13:54 - 2010-10-16 06:37 - 0000000 ___HD C:\Users\Todd\AppData\Local\Google
2012-02-19 13:54 - 2010-01-03 16:54 - 0000000 ___HD C:\Users\Jenn\AppData\Local\Adobe
2012-02-19 13:54 - 2009-12-26 04:56 - 0000000 ___HD C:\Users\Todd\AppData\Roaming\Macromedia
2012-02-19 13:54 - 2009-12-26 04:56 - 0000000 ___HD C:\Users\Todd\AppData\Roaming\Adobe
2012-02-19 13:54 - 2009-12-26 04:54 - 0000000 ___HD C:\Users\Todd\AppData\LocalLow
2012-02-19 13:54 - 2009-12-26 04:54 - 0000000 ___HD C:\Users\Todd\AppData\Local\VirtualStore
2012-02-19 13:54 - 2009-12-15 05:49 - 0000000 ___HD C:\Users\Jenn\AppData\Roaming\Adobe
2012-02-19 13:54 - 2009-12-15 04:46 - 0000000 ___HD C:\Users\Jenn\AppData\Local\VirtualStore
2012-02-19 13:54 - 2009-12-15 04:45 - 0000000 ___HD C:\Users\Jenn\AppData\LocalLow
2012-02-19 13:54 - 2009-07-23 06:39 - 0000000 ___HD C:\Users\Guest\AppData\Local\Microsoft Games
2012-02-19 13:54 - 2009-07-15 10:37 - 0000000 ___HD C:\Users\Guest\AppData\Local\SupportSoft
2012-02-19 13:54 - 2009-07-13 23:44 - 0000000 __RHD C:\Users\Public\Recorded TV
2012-02-19 13:54 - 2009-07-13 19:20 - 0000000 __RHD C:\users\Public
2012-02-19 13:54 - 2009-07-13 19:20 - 0000000 __RHD C:\users\Default
2012-02-19 13:53 - 2011-08-02 14:16 - 0000000 ___HD C:\Users\All Users\Citrix
2012-02-19 13:53 - 2011-08-02 14:16 - 0000000 ___HD C:\ProgramData\Citrix
2012-02-19 13:53 - 2011-07-06 14:44 - 0000000 __AHD C:\Qoobox

#11 tmoney12

tmoney12
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:03:15 AM

Posted 19 February 2012 - 08:31 PM

Every time I try to load the second half it says internet explorer cannot display the page

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:15 AM

Posted 19 February 2012 - 08:38 PM

Hello


You gave me anough for me to work with.


I want you to run the fix below and when it is complete I want you to rerun combofix for me


Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

SubSystems: [Windows] ==> ZeroAccess
NETSVC: atixsaudio
2 atixsaudio; C:\Windows\System32\servidor.dll [6656 2009-07-13] (Oak Technology Inc.)
C:\Windows\System32\servidor.dll 


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Edited by gringo_pr, 20 February 2012 - 03:58 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 tmoney12

tmoney12
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:03:15 AM

Posted 20 February 2012 - 10:42 AM

Let me make sure I understand and this.
First paste the fix in notepad then save it on my flash drive and close notepad.
Then run frst64.
Then run combo fix.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:15 AM

Posted 20 February 2012 - 03:58 PM

Yes that is correct :thumbup2:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 tmoney12

tmoney12
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:03:15 AM

Posted 20 February 2012 - 10:57 PM

Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 17-02-2012 (L)
Ran by SYSTEM at 2012-02-20 22:13:56 R:1
Running from F:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Session Manager\SubSystems\\Windows Value was restored.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs atixsaudio Deleted successfully.
atixsaudio service deleted successfully.
C:\Windows\System32\servidor.dll moved successfully.

==== End of Fixlog ====




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users