Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Security Shield; Firefox and Opera crash


  • This topic is locked This topic is locked
48 replies to this topic

#1 Mar C

Mar C

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 22 August 2012 - 04:59 AM

Good evening.

About an hour or so ago while I was browsing the net, a warning message popped up on my screen.

Security Shield has been installed successfully!


Hardly a minute or so afterwards, Firefox crashed as I was trying to get to this site. Since I also had Opera open, I tried to use it instead, but it crashed practically right away as well.
(My Opera has been rather slow and unresponsive most of the time since I got my internet back up, though).

Firefox also had problems with sites redirecting if I tried to click a link from Google. (After it restarted from the crash.)


Gmer will not allow me to un/check every option, since everything down to Services is greyed out, but I was still able to download both DDS and Gmer, as well as get a log from both. While first attempting to open Gmer though, I did receive an error message (here's a screencap of it).

edit : Just now, the phantom sounds have started up as well. Firefox is my only open window (that I can see), as well as the warning message.

Here are the logs now.


DDS Log :

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13
Run by Martina at 1:56:15 on 2012-08-22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.295 [GMT -7:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\java.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\DOCUME~1\Martina\LOCALS~1\APPLIC~1\rllwajprk.exe
C:\WINDOWS\TEMP\91dbcd379c049ad0
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\mmc.exe
"C:\WINDOWS\System32\svchost.exe" -k LocalServiceDns
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: Open with WordPerfect
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: mswsock.dll
Trusted Zone: keepvid.com
DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/A/7/D/A7D1EBE3-8E78-4CBE-B22B-EEECF9E3A1BC/fhg.CAB
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} - hxxp://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{62F930CC-A9FF-48C6-AD3C-13055739CEB8} : DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\martina\application data\mozilla\firefox\profiles\yrgob70c.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-11-13 204800]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-2-17 654408]
R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [2010-6-24 28256]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-2-17 22344]
S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [2010-6-24 28256]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-6-4 32072]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-6-14 113120]
S3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [2012-6-2 9472]
S3 USB200M;Linksys USB 2.0 Network Adapter ver.2;c:\windows\system32\drivers\USB200M2.sys [2008-11-1 18048]
S3 XDva225;XDva225;\??\c:\windows\system32\xdva225.sys --> c:\windows\system32\XDva225.sys [?]
UnknownUnknown 86286b;86286b; [x]
.
=============== Created Last 30 ================
.
2012-08-22 08:43:27 71680 ----a-w- c:\windows\system32\drivers\65a4cb7ac0058f63.sys
2012-08-22 08:43:10 495616 ----a-w- c:\documents and settings\martina\local settings\application data\rllwajprk.exe
2012-08-10 19:59:48 -------- d-----w- C:\ComboFix
2012-08-02 22:47:01 162816 -c--a-w- c:\windows\system32\dllcache\netbt.sys
2012-08-02 22:47:01 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-08-02 21:45:22 98816 ----a-w- c:\windows\sed.exe
2012-08-02 21:45:22 518144 ----a-w- c:\windows\SWREG.exe
2012-08-02 21:45:22 256000 ----a-w- c:\windows\PEV.exe
2012-08-02 21:45:22 208896 ----a-w- c:\windows\MBR.exe
2012-07-30 21:52:13 103904 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 15:07:44 832512 ----a-w- c:\windows\system32\wininet.dll
2012-07-03 15:07:43 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-03 15:07:42 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-07-03 15:07:42 17408 ----a-w- c:\windows\system32\corpol.dll
2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 11:37:59 32072 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-06-26 17:31:33 522928 ----a-w- c:\windows\system32\SpoonUninstall.exe
2012-06-12 03:27:01 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-12 03:27:01 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-05 15:50:25 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-03 05:42:47 102400 ----a-w- c:\windows\RegBootClean.exe
2012-06-02 22:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 22:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 22:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 22:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 22:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 22:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 22:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 22:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
.
============= FINISH: 2:06:06.65 ===============




Gmer Log :

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-08-22 02:58:30
Windows 5.1.2600 Service Pack 3
Running: errs2ff3.exe


---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\System32\Drivers\65a4cb7ac0058f63.sys (*** hidden *** ) [BOOT] 65a4cb7ac0058f63 <-- ROOTKIT !!!
Service C:\WINDOWS\Installer\{886EFFCA-528F-214F-0372-3437E35CA864}\syshost.exe (*** hidden *** ) [AUTO] syshost32 <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\65a4cb7ac0058f63@ImagePath \SystemRoot\System32\Drivers\65a4cb7ac0058f63.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\65a4cb7ac0058f63@Group Boot Bus Extender
Reg HKLM\SYSTEM\CurrentControlSet\Services\65a4cb7ac0058f63@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\65a4cb7ac0058f63@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\65a4cb7ac0058f63@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\65a4cb7ac0058f63@Tag 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\65a4cb7ac0058f63@DisplayName syshost.exe
Reg HKLM\SYSTEM\CurrentControlSet\Services\syshost32@Type 16
Reg HKLM\SYSTEM\CurrentControlSet\Services\syshost32@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\syshost32@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\syshost32@ImagePath "C:\WINDOWS\Installer\{886EFFCA-528F-214F-0372-3437E35CA864}\syshost.exe" /service
Reg HKLM\SYSTEM\CurrentControlSet\Services\syshost32@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\Services\syshost32\Security
Reg HKLM\SYSTEM\CurrentControlSet\Services\syshost32\Security@Security 0x01 0x00 0x14 0x80 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Run@4Y3Y0C3A1IVA3J0IV C:\ReGBe.Bin\071BAAF8E9F.exe /q

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\LocalService\Cookies\TLKOTND3.txt 692 bytes
File C:\Documents and Settings\LocalService\Cookies\TUPT95GQ.txt 781 bytes
File C:\Documents and Settings\LocalService\Cookies\DITCETHW.txt 105 bytes
File C:\Documents and Settings\LocalService\Cookies\EE60HA8A.txt 0 bytes
File C:\Documents and Settings\LocalService\Cookies\50UWE6CP.txt 1756 bytes
File C:\Documents and Settings\LocalService\Cookies\6IE9RC3O.txt 146 bytes
File C:\Documents and Settings\LocalService\Cookies\I3W4JN18.txt 0 bytes
File C:\Documents and Settings\LocalService\Cookies\PJHKLJQW.txt 3097 bytes
File C:\Documents and Settings\LocalService\Cookies\WUH7Q2Z3.txt 226 bytes
File C:\Documents and Settings\LocalService\Cookies\Y1AL4LF7.txt 0 bytes
File C:\Documents and Settings\LocalService\Cookies\YFA7KC24.txt 512 bytes
File C:\Documents and Settings\LocalService\Cookies\4HUKG6VM.txt 0 bytes
File C:\Documents and Settings\LocalService\Cookies\ABFVH830.txt 428 bytes
File C:\Documents and Settings\LocalService\Cookies\ET4X38LI.txt 1016 bytes
File C:\Documents and Settings\LocalService\Cookies\G8L8V7CO.txt 5003 bytes
File C:\Documents and Settings\LocalService\Cookies\VC7YMNGI.txt 675 bytes
File C:\Documents and Settings\LocalService\Cookies\N82D4RB8.txt 103 bytes
File C:\Documents and Settings\LocalService\Cookies\1B7ZQDDA.txt 134 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\1WO1VRL5\8305[1].js 5251 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4DNXBCO3\afr[1].htm 0 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4DNXBCO3\afr[2].htm 0 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\71Z1CV52\r[2].js 0 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\71Z1CV52\2823;u=http%3A%2F%2Fwww.directorslive.com%2Frubicon%2Frubicon_300_250_atf-ros.html;r=http%3A%2F%2Fwww.directorslive.com%2Fbannerad%2Fdlive_300_250-ros[1].htm 0 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CEYD4GL3\comedyunderground_mevio_com[1].htm 352109 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CEYD4GL3\data[1].gif 42 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\E2X0CBQZ\fw-nonplayer-banner[1].htm 0 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\K4VB8DES\crossdomainCA5V8EUD.xml 0 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LSA2Y2WZ\passback.c.r[1].htm 0 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\NCKHC10B\set[1].gif 43 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\NCKHC10B\fpi[1].htm 0 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\NCKHC10B\getAds[1].htm 0 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\NCKHC10B\afr[5].htm 2502 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\NCKHC10B\hub[2].htm 20501 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\NCKHC10B\st[2] 4524 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\NCKHC10B\blankCA0JOHD7.gif 43 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\NCKHC10B\blankCAE6O79R.gif 43 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\NCKHC10B\blank[10].gif 43 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\NCKHC10B\blank[11].gif 43 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\RNQDPWNQ\01[1].htm 6652 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\RNQDPWNQ\freq[1].htm 0 bytes
File C:\ReGBe.Bin 0 bytes
File C:\ReGBe.Bin\071BAAF8E9F.exe 213504 bytes executable
File C:\ReGBe.Bin\43E3A0F3753668B 18102 bytes

---- EOF - GMER 1.0.15 ----

Attached Files


Edited by Mar C, 22 August 2012 - 05:05 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:02 PM

Posted 22 August 2012 - 11:59 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Mar C

Mar C
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 23 August 2012 - 05:36 PM

Hello!

Thank you for your time~.

When I started to run ComboFix, it had one error message that occurred each time I tried to run it. Another problem was Security Shield popping up before its command/run window opened, and it blocked it. I know you don't want us to run anything without being asked to, but I went ahead and ran Rkill to end the process and let ComboFix run again. It still had the error message from before, it was able to fully run and get everything done.

Oh! And it tried to install the recovery console, but couldn't find the file.

Unfortunately, even after my computer restarted and the log was done, Security Shield has still popped up once more, but it closed out fairly quickly as well. (I couldn't watch everything entirely either, as I had to leave shortly after the prompt for ComboFix to be writing the log popped up.)

The error message said it could not write this file :

C:\32788R22FWJFW\License\iexplore.exe



And here is the log. :

ComboFix 12-08-22.03 - Martina 08/23/2012 12:29:38.5.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.503 [GMT -7:00]
Running from: C:\Documents and Settings\Martina\My Documents\Downloads\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\Martina\Local Settings\Application Data\{0b02cc5a-e857-da07-f499-e3c17d0585a5}\@
C:\Documents and Settings\Martina\Local Settings\Application Data\{0b02cc5a-e857-da07-f499-e3c17d0585a5}\L\00000004.@
C:\Documents and Settings\Martina\Local Settings\Application Data\{0b02cc5a-e857-da07-f499-e3c17d0585a5}\L\1afb2d56
C:\Documents and Settings\Martina\Local Settings\Application Data\{0b02cc5a-e857-da07-f499-e3c17d0585a5}\L\80000032.@
C:\Documents and Settings\Martina\Local Settings\Application Data\{0b02cc5a-e857-da07-f499-e3c17d0585a5}\n
C:\Documents and Settings\Martina\Local Settings\Application Data\{0b02cc5a-e857-da07-f499-e3c17d0585a5}\U\00000004.@
C:\Documents and Settings\Martina\Local Settings\Application Data\{0b02cc5a-e857-da07-f499-e3c17d0585a5}\U\000000cb.@
C:\Documents and Settings\Martina\Local Settings\Application Data\{0b02cc5a-e857-da07-f499-e3c17d0585a5}\U\80000032.@
C:\Documents and Settings\Martina\Local Settings\Application Data\rllwajprk.exe
C:\Documents and Settings\Martina\Local Settings\Application Data\zvbcfgrwm.exe
C:\ReGBe.Bin
C:\ReGBe.Bin\071BAAF8E9F.exe
C:\ReGBe.Bin\43E3A0F3753668B
C:\WINDOWS\assembly\GAC\Desktop.ini
C:\WINDOWS\Installer\{0b02cc5a-e857-da07-f499-e3c17d0585a5}\@
C:\WINDOWS\Installer\{0b02cc5a-e857-da07-f499-e3c17d0585a5}\L\00000004.@
C:\WINDOWS\Installer\{0b02cc5a-e857-da07-f499-e3c17d0585a5}\L\201d3dde
C:\WINDOWS\Installer\{0b02cc5a-e857-da07-f499-e3c17d0585a5}\n
C:\WINDOWS\Installer\{0b02cc5a-e857-da07-f499-e3c17d0585a5}\U\00000004.@
C:\WINDOWS\Installer\{0b02cc5a-e857-da07-f499-e3c17d0585a5}\U\00000008.@
C:\WINDOWS\Installer\{0b02cc5a-e857-da07-f499-e3c17d0585a5}\U\000000cb.@
C:\WINDOWS\Installer\{0b02cc5a-e857-da07-f499-e3c17d0585a5}\U\80000000.@
C:\WINDOWS\Installer\{0b02cc5a-e857-da07-f499-e3c17d0585a5}\U\80000032.@
C:\WINDOWS\system32\drivers\65a4cb7ac0058f63.sys


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SYSHOST32
-------\Service_syshost32
-------\Legacy_65a4cb7ac0058f63
-------\Service_65a4cb7ac0058f63


((((((((((((((((((((((((( Files Created from 2012-07-23 to 2012-08-23 )))))))))))))))))))))))))))))))


2012-08-23 20:21:41 . 2012-08-23 20:21:41 -------- d-----w- C:\WINDOWS\LastGood
2012-08-02 22:47:01 . 2008-04-13 19:21:00 162816 -c--a-w- C:\WINDOWS\system32\dllcache\netbt.sys
2012-08-02 22:47:01 . 2008-04-13 19:21:00 162816 ----a-w- C:\WINDOWS\system32\drivers\netbt.sys
2012-07-30 21:52:13 . 2012-07-30 21:52:13 103904 ----a-w- C:\Program Files\Internet Explorer\Plugins\nppdf32.dll
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-07-06 13:58:51 . 2006-02-28 12:00:00 78336 ----a-w- C:\WINDOWS\system32\browser.dll
2012-07-04 14:05:18 . 2008-11-01 23:35:15 139784 ----a-w- C:\WINDOWS\system32\drivers\rdpwd.sys
2012-07-03 15:07:44 . 2006-02-28 12:00:00 832512 ----a-w- C:\WINDOWS\system32\wininet.dll
2012-07-03 15:07:43 . 2006-02-28 12:00:00 1830912 ----a-w- C:\WINDOWS\system32\inetcpl.cpl
2012-07-03 15:07:42 . 2012-02-21 11:11:43 78336 ----a-w- C:\WINDOWS\system32\ieencode.dll
2012-07-03 15:07:42 . 2006-02-28 12:00:00 17408 ----a-w- C:\WINDOWS\system32\corpol.dll
2012-07-03 13:40:15 . 2006-02-28 12:00:00 1866112 ----a-w- C:\WINDOWS\system32\win32k.sys
2012-07-02 11:37:59 . 2012-06-05 00:30:22 32072 ----a-w- C:\WINDOWS\system32\drivers\mbamchameleon.sys
2012-06-26 17:31:33 . 2012-06-26 17:32:18 522928 ----a-w- C:\WINDOWS\system32\SpoonUninstall.exe
2012-06-12 03:27:01 . 2012-04-03 00:29:35 426184 ----a-w- C:\WINDOWS\system32\FlashPlayerApp.exe
2012-06-12 03:27:01 . 2011-05-13 16:13:46 70344 ----a-w- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2012-06-05 15:50:25 . 2008-04-14 00:12:01 1372672 ------w- C:\WINDOWS\system32\msxml6.dll
2012-06-05 15:50:25 . 2006-02-28 12:00:00 1172480 ----a-w- C:\WINDOWS\system32\msxml3.dll
2012-06-04 04:32:08 . 2006-02-28 12:00:00 152576 ----a-w- C:\WINDOWS\system32\schannel.dll
2012-06-03 05:42:47 . 2012-06-03 05:42:34 102400 ----a-w- C:\WINDOWS\RegBootClean.exe
2012-06-02 22:19:44 . 2007-07-31 03:18:44 22040 ----a-w- C:\WINDOWS\system32\wucltui.dll.mui
2012-06-02 22:19:38 . 2008-11-01 23:37:13 329240 ----a-w- C:\WINDOWS\system32\wucltui.dll
2012-06-02 22:19:38 . 2008-11-01 23:37:13 219160 ----a-w- C:\WINDOWS\system32\wuaucpl.cpl
2012-06-02 22:19:38 . 2008-11-01 23:37:13 210968 ----a-w- C:\WINDOWS\system32\wuweb.dll
2012-06-02 22:19:38 . 2007-07-31 03:19:32 15384 ----a-w- C:\WINDOWS\system32\wuaucpl.cpl.mui
2012-06-02 22:19:34 . 2008-11-01 23:37:13 35864 ----a-w- C:\WINDOWS\system32\wups.dll
2012-06-02 22:19:34 . 2008-11-01 23:37:12 53784 ----a-w- C:\WINDOWS\system32\wuauclt.exe
2012-06-02 22:19:34 . 2007-07-31 03:19:12 45080 ----a-w- C:\WINDOWS\system32\wups2.dll
2012-06-02 22:19:34 . 2007-07-31 03:19:02 15384 ----a-w- C:\WINDOWS\system32\wuapi.dll.mui
2012-06-02 22:19:34 . 2006-02-28 12:00:00 97304 ----a-w- C:\WINDOWS\system32\cdm.dll
2012-06-02 22:19:30 . 2007-07-31 03:18:14 17944 ----a-w- C:\WINDOWS\system32\wuaueng.dll.mui
2012-06-02 22:19:24 . 2008-11-01 23:37:12 577048 ----a-w- C:\WINDOWS\system32\wuapi.dll
2012-06-02 22:19:18 . 2008-11-01 23:37:13 1933848 ----a-w- C:\WINDOWS\system32\wuaueng.dll
2012-06-02 22:18:58 . 2009-02-26 15:14:23 214256 ----a-w- C:\WINDOWS\system32\muweb.dll
2012-06-02 22:18:58 . 2009-02-26 15:14:23 17136 ----a-w- C:\WINDOWS\system32\mucltui.dll.mui
2012-06-02 22:18:58 . 2009-02-26 15:14:22 275696 ----a-w- C:\WINDOWS\system32\mucltui.dll
2012-05-31 13:22:09 . 2006-02-28 12:00:00 599040 ----a-w- C:\WINDOWS\system32\crypt32.dll
2012-08-21 04:10:54 . 2012-06-15 03:38:29 136672 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll


((((((((((((((((((((((((((((( SnapShot@2012-08-02_22.59.12 )))))))))))))))))))))))))))))))))))))))))

+ 2012-08-23 20:19:51 . 2012-08-23 20:19:51 16384 C:\WINDOWS\temp\Perflib_Perfdata_7fc.dat
+ 2006-02-28 12:00:00 . 2012-07-03 15:07:43 44544 C:\WINDOWS\system32\pngfilt.dll
- 2006-02-28 12:00:00 . 2012-04-23 14:46:48 44544 C:\WINDOWS\system32\pngfilt.dll
+ 2006-02-28 12:00:00 . 2012-08-02 23:01:03 67740 C:\WINDOWS\system32\perfc009.dat
- 2006-02-28 12:00:00 . 2012-06-14 09:28:22 67740 C:\WINDOWS\system32\perfc009.dat
- 2007-08-14 02:54:10 . 2012-04-23 14:46:48 52224 C:\WINDOWS\system32\msfeedsbs.dll
+ 2007-08-14 02:54:10 . 2012-07-03 15:07:43 52224 C:\WINDOWS\system32\msfeedsbs.dll
- 2006-02-28 12:00:00 . 2012-04-23 14:46:47 27648 C:\WINDOWS\system32\jsproxy.dll
+ 2006-02-28 12:00:00 . 2012-07-03 15:07:43 27648 C:\WINDOWS\system32\jsproxy.dll
- 2006-02-28 12:00:00 . 2012-04-23 14:46:47 44544 C:\WINDOWS\system32\iernonce.dll
+ 2006-02-28 12:00:00 . 2012-07-03 15:07:43 44544 C:\WINDOWS\system32\iernonce.dll
+ 2006-02-28 12:00:00 . 2012-07-03 12:18:22 70656 C:\WINDOWS\system32\ie4uinit.exe
- 2006-02-28 12:00:00 . 2012-04-23 11:33:28 70656 C:\WINDOWS\system32\ie4uinit.exe
+ 2007-08-14 02:36:26 . 2012-07-03 15:07:42 63488 C:\WINDOWS\system32\icardie.dll
- 2007-08-14 02:36:26 . 2012-04-23 14:46:47 63488 C:\WINDOWS\system32\icardie.dll
+ 2006-02-28 12:00:00 . 2012-07-03 15:07:43 44544 C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2006-02-28 12:00:00 . 2012-04-23 14:46:48 44544 C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-11-02 01:46:27 . 2012-07-03 15:07:43 52224 C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2008-11-02 01:46:27 . 2012-04-23 14:46:48 52224 C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2006-02-28 12:00:00 . 2012-04-23 14:46:47 27648 C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2006-02-28 12:00:00 . 2012-07-03 15:07:43 27648 C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-11-02 01:46:27 . 2012-07-03 12:18:23 13824 C:\WINDOWS\system32\dllcache\ieudinit.exe
- 2008-11-02 01:46:27 . 2012-04-23 11:33:29 13824 C:\WINDOWS\system32\dllcache\ieudinit.exe
- 2006-02-28 12:00:00 . 2012-04-23 14:46:47 44544 C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2006-02-28 12:00:00 . 2012-07-03 15:07:43 44544 C:\WINDOWS\system32\dllcache\iernonce.dll
- 2012-02-21 11:11:43 . 2012-04-23 14:46:47 78336 C:\WINDOWS\system32\dllcache\ieencode.dll
+ 2012-02-21 11:11:43 . 2012-07-03 15:07:42 78336 C:\WINDOWS\system32\dllcache\ieencode.dll
- 2006-02-28 12:00:00 . 2012-04-23 11:33:28 70656 C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2006-02-28 12:00:00 . 2012-07-03 12:18:22 70656 C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-11-02 01:46:27 . 2012-07-03 15:07:42 63488 C:\WINDOWS\system32\dllcache\icardie.dll
- 2008-11-02 01:46:27 . 2012-04-23 14:46:47 63488 C:\WINDOWS\system32\dllcache\icardie.dll
+ 2009-06-29 16:12:14 . 2012-07-03 15:07:42 17408 C:\WINDOWS\system32\dllcache\corpol.dll
- 2009-06-29 16:12:14 . 2012-04-23 14:46:47 17408 C:\WINDOWS\system32\dllcache\corpol.dll
+ 2012-07-06 13:58:51 . 2012-07-06 13:58:51 78336 C:\WINDOWS\system32\dllcache\browser.dll
+ 2012-08-21 17:33:40 . 2012-04-23 14:46:48 44544 C:\WINDOWS\ie7updates\KB2722913-IE7\pngfilt.dll
+ 2012-08-21 17:33:41 . 2012-04-23 14:46:48 52224 C:\WINDOWS\ie7updates\KB2722913-IE7\msfeedsbs.dll
+ 2012-08-21 17:33:41 . 2012-04-23 14:46:47 27648 C:\WINDOWS\ie7updates\KB2722913-IE7\jsproxy.dll
+ 2012-08-21 17:33:43 . 2012-04-23 11:33:29 13824 C:\WINDOWS\ie7updates\KB2722913-IE7\ieudinit.exe
+ 2012-08-21 17:33:41 . 2012-04-23 14:46:47 44544 C:\WINDOWS\ie7updates\KB2722913-IE7\iernonce.dll
+ 2012-08-21 17:33:43 . 2012-04-23 14:46:47 78336 C:\WINDOWS\ie7updates\KB2722913-IE7\ieencode.dll
+ 2012-08-21 17:33:42 . 2012-04-23 11:33:28 70656 C:\WINDOWS\ie7updates\KB2722913-IE7\ie4uinit.exe
+ 2012-08-21 17:33:42 . 2012-04-23 14:46:47 63488 C:\WINDOWS\ie7updates\KB2722913-IE7\icardie.dll
+ 2012-08-21 17:33:42 . 2012-04-23 14:46:47 17408 C:\WINDOWS\ie7updates\KB2722913-IE7\corpol.dll
+ 2006-02-28 12:00:00 . 2012-07-03 15:07:44 233472 C:\WINDOWS\system32\webcheck.dll
- 2006-02-28 12:00:00 . 2012-04-23 14:46:48 233472 C:\WINDOWS\system32\webcheck.dll
+ 2006-02-28 12:00:00 . 2012-07-03 15:07:43 106496 C:\WINDOWS\system32\url.dll
- 2006-02-28 12:00:00 . 2012-04-23 14:46:48 106496 C:\WINDOWS\system32\url.dll
- 2006-02-28 12:00:00 . 2012-06-14 09:28:22 432784 C:\WINDOWS\system32\perfh009.dat
+ 2006-02-28 12:00:00 . 2012-08-02 23:01:03 432784 C:\WINDOWS\system32\perfh009.dat
+ 2006-02-28 12:00:00 . 2012-07-03 15:07:43 102912 C:\WINDOWS\system32\occache.dll
- 2006-02-28 12:00:00 . 2012-04-23 14:46:48 102912 C:\WINDOWS\system32\occache.dll
+ 2006-02-28 12:00:00 . 2012-07-06 13:58:52 337920 C:\WINDOWS\system32\netapi32.dll
+ 2006-02-28 12:00:00 . 2012-07-03 15:07:43 671232 C:\WINDOWS\system32\mstime.dll
- 2006-02-28 12:00:00 . 2012-04-23 14:46:48 671232 C:\WINDOWS\system32\mstime.dll
+ 2006-02-28 12:00:00 . 2012-07-03 15:07:43 193024 C:\WINDOWS\system32\msrating.dll
- 2006-02-28 12:00:00 . 2012-04-23 14:46:48 193024 C:\WINDOWS\system32\msrating.dll
- 2006-02-28 12:00:00 . 2012-04-23 14:46:48 479744 C:\WINDOWS\system32\mshtmled.dll
+ 2006-02-28 12:00:00 . 2012-07-03 15:07:43 479744 C:\WINDOWS\system32\mshtmled.dll
+ 2007-08-14 02:54:10 . 2012-07-03 15:07:43 496128 C:\WINDOWS\system32\msfeeds.dll
- 2007-08-14 02:54:10 . 2012-04-23 14:46:48 496128 C:\WINDOWS\system32\msfeeds.dll
+ 2006-02-28 12:00:00 . 2012-05-14 09:22:41 345600 C:\WINDOWS\system32\localspl.dll
- 2006-02-28 12:00:00 . 2009-05-07 15:32:35 345600 C:\WINDOWS\system32\localspl.dll
- 2007-08-14 02:34:04 . 2012-04-23 14:46:47 268288 C:\WINDOWS\system32\iertutil.dll
+ 2007-08-14 02:34:04 . 2012-07-03 15:07:43 268288 C:\WINDOWS\system32\iertutil.dll
+ 2006-02-28 12:00:00 . 2012-07-03 15:07:43 192512 C:\WINDOWS\system32\iepeers.dll
- 2006-02-28 12:00:00 . 2012-04-23 14:46:47 192512 C:\WINDOWS\system32\iepeers.dll
- 2006-02-28 12:00:00 . 2012-04-23 14:46:47 384512 C:\WINDOWS\system32\iedkcs32.dll
+ 2006-02-28 12:00:00 . 2012-07-03 15:07:42 384512 C:\WINDOWS\system32\iedkcs32.dll
- 2007-07-11 20:27:48 . 2012-04-23 14:46:47 380928 C:\WINDOWS\system32\ieapfltr.dll
+ 2007-07-11 20:27:48 . 2012-07-03 15:07:42 380928 C:\WINDOWS\system32\ieapfltr.dll
+ 2006-02-28 12:00:00 . 2012-07-03 10:56:15 161792 C:\WINDOWS\system32\ieakui.dll
- 2006-02-28 12:00:00 . 2012-04-22 06:39:08 161792 C:\WINDOWS\system32\ieakui.dll
+ 2006-02-28 12:00:00 . 2012-07-03 15:07:42 230400 C:\WINDOWS\system32\ieaksie.dll
- 2006-02-28 12:00:00 . 2012-04-23 14:46:47 230400 C:\WINDOWS\system32\ieaksie.dll
+ 2006-02-28 12:00:00 . 2012-07-03 15:07:42 153088 C:\WINDOWS\system32\ieakeng.dll
- 2006-02-28 12:00:00 . 2012-04-23 14:46:47 153088 C:\WINDOWS\system32\ieakeng.dll
+ 2008-11-01 15:19:26 . 2012-08-21 20:40:53 445816 C:\WINDOWS\system32\FNTCACHE.DAT
- 2008-11-01 15:19:26 . 2012-06-14 09:39:18 445816 C:\WINDOWS\system32\FNTCACHE.DAT
- 2006-02-28 12:00:00 . 2012-04-23 14:46:47 133120 C:\WINDOWS\system32\extmgr.dll
+ 2006-02-28 12:00:00 . 2012-07-03 15:07:42 133120 C:\WINDOWS\system32\extmgr.dll
+ 2006-02-28 12:00:00 . 2012-07-03 15:07:42 214528 C:\WINDOWS\system32\dxtrans.dll
- 2006-02-28 12:00:00 . 2012-04-23 14:46:47 214528 C:\WINDOWS\system32\dxtrans.dll
+ 2006-02-28 12:00:00 . 2012-07-03 15:07:42 347136 C:\WINDOWS\system32\dxtmsft.dll
- 2006-02-28 12:00:00 . 2012-04-23 14:46:47 347136 C:\WINDOWS\system32\dxtmsft.dll
+ 2006-02-28 12:00:00 . 2012-07-03 15:07:44 832512 C:\WINDOWS\system32\dllcache\wininet.dll
- 2006-02-28 12:00:00 . 2012-05-15 15:39:54 832512 C:\WINDOWS\system32\dllcache\wininet.dll
- 2006-02-28 12:00:00 . 2012-04-23 14:46:48 233472 C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2006-02-28 12:00:00 . 2012-07-03 15:07:44 233472 C:\WINDOWS\system32\dllcache\webcheck.dll
- 2006-02-28 12:00:00 . 2012-04-23 14:46:48 106496 C:\WINDOWS\system32\dllcache\url.dll
+ 2006-02-28 12:00:00 . 2012-07-03 15:07:43 106496 C:\WINDOWS\system32\dllcache\url.dll
+ 2008-12-05 06:54:55 . 2012-06-04 04:32:08 152576 C:\WINDOWS\system32\dllcache\schannel.dll
+ 2011-08-09 21:29:27 . 2012-07-04 14:05:18 139784 C:\WINDOWS\system32\dllcache\rdpwd.sys
+ 2006-02-28 12:00:00 . 2012-07-03 15:07:43 102912 C:\WINDOWS\system32\dllcache\occache.dll
- 2006-02-28 12:00:00 . 2012-04-23 14:46:48 102912 C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-11-02 01:04:52 . 2012-07-06 13:58:52 337920 C:\WINDOWS\system32\dllcache\netapi32.dll
- 2006-02-28 12:00:00 . 2012-04-23 14:46:48 671232 C:\WINDOWS\system32\dllcache\mstime.dll
+ 2006-02-28 12:00:00 . 2012-07-03 15:07:43 671232 C:\WINDOWS\system32\dllcache\mstime.dll
+ 2006-02-28 12:00:00 . 2012-07-03 15:07:43 193024 C:\WINDOWS\system32\dllcache\msrating.dll
- 2006-02-28 12:00:00 . 2012-04-23 14:46:48 193024 C:\WINDOWS\system32\dllcache\msrating.dll
+ 2006-02-28 12:00:00 . 2012-07-03 15:07:43 479744 C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2006-02-28 12:00:00 . 2012-04-23 14:46:48 479744 C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-11-02 01:46:27 . 2012-07-03 15:07:43 496128 C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2008-11-02 01:46:27 . 2012-04-23 14:46:48 496128 C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2010-11-09 14:52:35 . 2010-11-09 14:52:35 536576 C:\WINDOWS\system32\dllcache\msado15.dll
+ 2010-11-09 14:52:35 . 2012-05-28 18:16:33 536576 C:\WINDOWS\system32\dllcache\msado15.dll
+ 2009-05-07 15:32:35 . 2012-05-14 09:22:41 345600 C:\WINDOWS\system32\dllcache\localspl.dll
- 2009-05-07 15:32:35 . 2009-05-07 15:32:35 345600 C:\WINDOWS\system32\dllcache\localspl.dll
+ 2008-11-01 23:36:45 . 2012-07-03 10:57:55 634488 C:\WINDOWS\system32\dllcache\iexplore.exe
- 2008-11-01 23:36:45 . 2012-04-22 06:40:38 634488 C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-11-02 01:46:27 . 2012-07-03 15:07:43 268288 C:\WINDOWS\system32\dllcache\iertutil.dll
- 2008-11-02 01:46:27 . 2012-04-23 14:46:47 268288 C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2006-02-28 12:00:00 . 2012-07-03 15:07:43 192512 C:\WINDOWS\system32\dllcache\iepeers.dll
- 2006-02-28 12:00:00 . 2012-04-23 14:46:47 192512 C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2006-02-28 12:00:00 . 2012-07-03 15:07:42 384512 C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2006-02-28 12:00:00 . 2012-04-23 14:46:47 384512 C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-11-02 01:46:27 . 2012-07-03 15:07:42 380928 C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2008-11-02 01:46:27 . 2012-04-23 14:46:47 380928 C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2006-02-28 12:00:00 . 2012-04-22 06:39:08 161792 C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2006-02-28 12:00:00 . 2012-07-03 10:56:15 161792 C:\WINDOWS\system32\dllcache\ieakui.dll
- 2006-02-28 12:00:00 . 2012-04-23 14:46:47 230400 C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2006-02-28 12:00:00 . 2012-07-03 15:07:42 230400 C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2006-02-28 12:00:00 . 2012-07-03 15:07:42 153088 C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2006-02-28 12:00:00 . 2012-04-23 14:46:47 153088 C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2006-02-28 12:00:00 . 2012-04-23 14:46:47 133120 C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2006-02-28 12:00:00 . 2012-07-03 15:07:42 133120 C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2006-02-28 12:00:00 . 2012-07-03 15:07:42 214528 C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2006-02-28 12:00:00 . 2012-04-23 14:46:47 214528 C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2006-02-28 12:00:00 . 2012-07-03 15:07:42 347136 C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2006-02-28 12:00:00 . 2012-04-23 14:46:47 347136 C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2006-02-28 12:00:00 . 2012-07-03 15:07:42 124928 C:\WINDOWS\system32\dllcache\advpack.dll
- 2006-02-28 12:00:00 . 2012-04-23 14:46:47 124928 C:\WINDOWS\system32\dllcache\advpack.dll
+ 2006-02-28 12:00:00 . 2012-07-03 15:07:42 124928 C:\WINDOWS\system32\advpack.dll
- 2006-02-28 12:00:00 . 2012-04-23 14:46:47 124928 C:\WINDOWS\system32\advpack.dll
+ 2012-08-22 08:43:20 . 2012-08-22 08:43:14 362496 C:\WINDOWS\Installer\{886EFFCA-528F-214F-0372-3437E35CA864}\syshost.exe
+ 2011-04-22 21:26:12 . 2011-04-22 21:26:12 688128 C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\JP2KLib.dll
+ 2009-01-19 00:00:28 . 2009-01-19 00:00:28 598016 C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\AXSLE.dll
+ 2012-01-03 07:37:53 . 2012-01-03 07:37:53 320456 C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\adobearmhelper.exe
+ 2012-01-02 18:07:56 . 2012-01-02 18:07:56 843712 C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\adobearm.exe
+ 2012-08-21 17:33:40 . 2012-05-15 15:39:54 832512 C:\WINDOWS\ie7updates\KB2722913-IE7\wininet.dll
+ 2012-08-21 17:33:40 . 2012-04-23 14:46:48 233472 C:\WINDOWS\ie7updates\KB2722913-IE7\webcheck.dll
+ 2012-08-21 17:33:40 . 2012-04-23 14:46:48 106496 C:\WINDOWS\ie7updates\KB2722913-IE7\url.dll
+ 2012-08-21 17:33:44 . 2010-07-05 13:16:02 382840 C:\WINDOWS\ie7updates\KB2722913-IE7\spuninst\updspapi.dll
+ 2012-08-21 17:33:44 . 2010-07-05 13:15:51 231288 C:\WINDOWS\ie7updates\KB2722913-IE7\spuninst\spuninst.exe
+ 2012-08-21 17:33:40 . 2012-04-23 14:46:48 102912 C:\WINDOWS\ie7updates\KB2722913-IE7\occache.dll
+ 2012-08-21 17:33:40 . 2012-04-23 14:46:48 671232 C:\WINDOWS\ie7updates\KB2722913-IE7\mstime.dll
+ 2012-08-21 17:33:40 . 2012-04-23 14:46:48 193024 C:\WINDOWS\ie7updates\KB2722913-IE7\msrating.dll
+ 2012-08-21 17:33:40 . 2012-04-23 14:46:48 479744 C:\WINDOWS\ie7updates\KB2722913-IE7\mshtmled.dll
+ 2012-08-21 17:33:41 . 2012-04-23 14:46:48 496128 C:\WINDOWS\ie7updates\KB2722913-IE7\msfeeds.dll
+ 2012-08-21 17:33:43 . 2012-04-22 06:40:38 634488 C:\WINDOWS\ie7updates\KB2722913-IE7\iexplore.exe
+ 2012-08-21 17:33:41 . 2012-04-23 14:46:47 268288 C:\WINDOWS\ie7updates\KB2722913-IE7\iertutil.dll
+ 2012-08-21 17:33:41 . 2012-04-23 14:46:47 192512 C:\WINDOWS\ie7updates\KB2722913-IE7\iepeers.dll
+ 2012-08-21 17:33:42 . 2012-04-23 14:46:47 384512 C:\WINDOWS\ie7updates\KB2722913-IE7\iedkcs32.dll
+ 2012-08-21 17:33:42 . 2012-04-23 14:46:47 380928 C:\WINDOWS\ie7updates\KB2722913-IE7\ieapfltr.dll
+ 2012-08-21 17:33:42 . 2012-04-22 06:39:08 161792 C:\WINDOWS\ie7updates\KB2722913-IE7\ieakui.dll
+ 2012-08-21 17:33:42 . 2012-04-23 14:46:47 230400 C:\WINDOWS\ie7updates\KB2722913-IE7\ieaksie.dll
+ 2012-08-21 17:33:42 . 2012-04-23 14:46:47 153088 C:\WINDOWS\ie7updates\KB2722913-IE7\ieakeng.dll
+ 2012-08-21 17:33:43 . 2012-04-23 14:46:47 133120 C:\WINDOWS\ie7updates\KB2722913-IE7\extmgr.dll
+ 2012-08-21 17:33:42 . 2012-04-23 14:46:47 214528 C:\WINDOWS\ie7updates\KB2722913-IE7\dxtrans.dll
+ 2012-08-21 17:33:42 . 2012-04-23 14:46:47 347136 C:\WINDOWS\ie7updates\KB2722913-IE7\dxtmsft.dll
+ 2012-08-21 17:33:43 . 2012-04-23 14:46:47 124928 C:\WINDOWS\ie7updates\KB2722913-IE7\advpack.dll
+ 2006-02-28 12:00:00 . 2012-07-03 15:07:43 1168896 C:\WINDOWS\system32\urlmon.dll
- 2006-02-28 12:00:00 . 2012-04-23 14:46:48 1168896 C:\WINDOWS\system32\urlmon.dll
+ 2006-02-28 12:00:00 . 2012-06-08 14:26:20 8462848 C:\WINDOWS\system32\shell32.dll
+ 2006-02-28 12:00:00 . 2012-07-03 15:07:43 3618816 C:\WINDOWS\system32\mshtml.dll
- 2006-02-28 12:00:00 . 2012-04-23 14:46:48 3618816 C:\WINDOWS\system32\mshtml.dll
+ 2007-08-14 02:54:10 . 2012-07-03 15:07:42 6105088 C:\WINDOWS\system32\ieframe.dll
- 2007-08-14 02:54:10 . 2012-04-23 14:46:47 6105088 C:\WINDOWS\system32\ieframe.dll
+ 2008-11-02 01:06:59 . 2012-07-03 13:40:15 1866112 C:\WINDOWS\system32\dllcache\win32k.sys
+ 2006-02-28 12:00:00 . 2012-07-03 15:07:43 1168896 C:\WINDOWS\system32\dllcache\urlmon.dll
- 2006-02-28 12:00:00 . 2012-04-23 14:46:48 1168896 C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-06-17 19:02:19 . 2012-06-08 14:26:20 8462848 C:\WINDOWS\system32\dllcache\shell32.dll
+ 2008-04-14 00:12:01 . 2012-06-05 15:50:25 1372672 C:\WINDOWS\system32\dllcache\msxml6.dll
- 2008-04-14 00:12:01 . 2009-07-31 18:05:44 1372672 C:\WINDOWS\system32\dllcache\msxml6.dll
+ 2006-02-28 12:00:00 . 2012-06-05 15:50:25 1172480 C:\WINDOWS\system32\dllcache\msxml3.dll
- 2006-02-28 12:00:00 . 2010-06-14 07:41:45 1172480 C:\WINDOWS\system32\dllcache\msxml3.dll
- 2006-02-28 12:00:00 . 2012-04-23 14:46:48 3618816 C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2006-02-28 12:00:00 . 2012-07-03 15:07:43 3618816 C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-11-02 01:46:27 . 2012-07-03 15:07:42 6105088 C:\WINDOWS\system32\dllcache\ieframe.dll
- 2008-11-02 01:46:27 . 2012-04-23 14:46:47 6105088 C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2012-07-31 16:18:14 . 2012-07-31 16:18:14 5018624 C:\WINDOWS\Installer\f0bbfb.msp
+ 2011-01-31 05:16:14 . 2011-01-31 05:16:14 5713408 C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0500000010\9.5.0\AGM.dll
+ 2012-08-21 17:33:40 . 2012-04-23 14:46:48 1168896 C:\WINDOWS\ie7updates\KB2722913-IE7\urlmon.dll
+ 2012-08-21 17:33:40 . 2012-04-23 14:46:48 3618816 C:\WINDOWS\ie7updates\KB2722913-IE7\mshtml.dll
+ 2012-08-21 17:33:41 . 2012-04-23 14:46:47 6105088 C:\WINDOWS\ie7updates\KB2722913-IE7\ieframe.dll
+ 2008-11-02 01:45:21 . 2012-08-03 11:46:56 59884088 C:\WINDOWS\system32\MRT.exe

-- Snapshot reset to current date --

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-09-17 17:55:00 13574144]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 11:20:01 38872]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 19:00:46 919008]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Martina^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Martina\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Martina^Start Menu^Programs^Startup^PdaNet Desktop.lnk]
path=C:\Documents and Settings\Martina\Start Menu\Programs\Startup\PdaNet Desktop.lnk
backup=C:\WINDOWS\pss\PdaNet Desktop.lnkStartup

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:02 PM

Posted 23 August 2012 - 06:21 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:02 PM

Posted 26 August 2012 - 01:36 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Mar C

Mar C
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 27 August 2012 - 03:07 AM

Sorry, I would have gotten on sooner, but a larger problem came up. Since my computer was shut down after the ComboFix, it won't actually bot Windows.

It cannot start in normal or any safe mode. Apparently, this is because Windows\System32\Config\System is missing. I tried to use the recovery console and my CD, and while I was able to copy the file, I couldn't figure out what to do from there and gave up.

I am willing to set-up Windows again, but if it means it will overwrite everything on my computer, I'll wait for an alternative.

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:02 PM

Posted 27 August 2012 - 03:26 AM

Try this please. You will need a USB drive.

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will install a little bootable OS on your USB device
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Next download http://noahdfear.net/downloads/driver.sh to your USB
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see driver.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh
  • Press Enter
  • After it has finished a report will be located on your USB drive named report.txt
  • Remove the USB drive and insert back in your working computer and navigate to report.txt

    Please note - all text entries are case sensitive
Copy and paste the report.txt for my review
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:02 PM

Posted 29 August 2012 - 11:15 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Mar C

Mar C
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 01 September 2012 - 10:54 PM

Good evening.

I tried what you posted, and somehow, my computer didn't have the prompt or anything. It didn't matter how much I pressed F12, held it or anything or what screen; it simply never recognized the USB and/or that I was even trying.

I will try again tonight a few more times, but is there something else I should try?

Would it be worth it to put my computer's hard-drive into this computer and maybe copy-paste the file onto my computer that way? Or is there something else I should try?

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:02 PM

Posted 01 September 2012 - 11:06 PM

1. Restart your computer
2. Before Windows loads, you will be prompted to choose which Operating System to start
3. Use the up and down arrow key to select Microsoft Windows Recovery Console
4. You must enter which Windows installation to log onto. Type 1 and press enter.
5. At the C:\Windows prompt, type the following bolded text, and press Enter:

cd erdnt\subs


or


cd erdnt\hiv-backup


6. At the next prompt, type the following bolded text, and press Enter:

batch erdnt.con

7. The erunt backups will begin copying.
8. At the next prompt, type the following bolded text, and press Enter:

exit
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Mar C

Mar C
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 04 September 2012 - 07:28 PM

I will try this in a little while and report back tonight~.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:02 PM

Posted 04 September 2012 - 09:14 PM

:thumbup2:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Mar C

Mar C
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 05 September 2012 - 02:15 AM

Well, when I did the second part, it told me "ACCESS DENIED."

I don't remember if I tried your first, suggested method while the Windows CD was actually in the computer though, so should I make sure hat both the CD and USB are in and try again?

Also, I noticed it only gave me the option of D:\WINDOWS. Should I take the CD out and try this instead?

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:02 PM

Posted 05 September 2012 - 02:36 AM

try cd C: first and see if it changes directory
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Mar C

Mar C
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:07:02 PM

Posted 05 September 2012 - 06:43 PM

There is no option for the C: drive, but I'll try to access recovery console without the CD in the comp and see what it says then.

It seems I cannot get it to access the recovery console at all without the CD.

Edited by Mar C, 05 September 2012 - 06:48 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users