Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit zeroaccess removal


  • This topic is locked This topic is locked
3 replies to this topic

#1 bsm58

bsm58

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 09 September 2012 - 08:54 AM

Sorry, I'm an impatient newbie and ran Combofix before reading instructions that I should wait until instructed to do so. Fortunately, I think it ran fine, but I believe the pesky rootkit is still embedded somewhere. Below is log file. Thanks

ComboFix 12-09-09.02 - Owner 09/09/2012 7:57.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2351 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: CA Anti-Virus Plus *Disabled/Outdated* {6B98D35F-BB76-41C0-876B-A50645ED099A}
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: CA Personal Firewall *Disabled* {C3E7091E-E650-4951-B8A4-1F00252D52C3}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TheBflix
c:\documents and settings\All Users\Application Data\TheBflix\background.html
c:\documents and settings\All Users\Application Data\TheBflix\content.js
c:\documents and settings\All Users\Application Data\TheBflix\data\content.js
c:\documents and settings\All Users\Application Data\TheBflix\data\jsondb.js
c:\documents and settings\All Users\Application Data\TheBflix\fgnippahjheicjenccifemomfgjofdhp.crx
c:\documents and settings\All Users\Application Data\TheBflix\settings.ini
c:\documents and settings\All Users\Application Data\TheBflix\uninstall.exe
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Guest\WINDOWS
c:\documents and settings\Joe Mintz\WINDOWS
c:\documents and settings\Kelsey Mintz\WINDOWS
c:\documents and settings\Kim\WINDOWS
c:\documents and settings\NeroMediaHomeUser.4\WINDOWS
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\j745em7z.default\searchplugins\bing-zugo.xml
c:\documents and settings\Owner\cachex.exe
c:\documents and settings\Owner\WINDOWS
c:\documents and settings\TEMP\WINDOWS
c:\documents and settings\UpdatusUser\WINDOWS
C:\Install.exe
c:\windows\$NtUninstallKB568$
c:\windows\$NtUninstallKB568$\2620219882\@
c:\windows\$NtUninstallKB568$\2620219882\click.tlb
c:\windows\$NtUninstallKB568$\2620219882\L\maaamtym
c:\windows\$NtUninstallKB568$\2620219882\loader.tlb
c:\windows\$NtUninstallKB568$\2620219882\U\@00000001
c:\windows\$NtUninstallKB568$\2620219882\U\@000000c0
c:\windows\$NtUninstallKB568$\2620219882\U\@000000cb
c:\windows\$NtUninstallKB568$\2620219882\U\@000000cf
c:\windows\$NtUninstallKB568$\2620219882\U\@80000000
c:\windows\$NtUninstallKB568$\2620219882\U\@800000c0
c:\windows\$NtUninstallKB568$\2620219882\U\@800000cb
c:\windows\$NtUninstallKB568$\2620219882\U\@800000cf
c:\windows\$NtUninstallKB568$\349077211
c:\windows\EventSystem.log
c:\windows\system32\
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\PowerToyReadme.htm
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_9c2d61ea
.
.
((((((((((((((((((((((((( Files Created from 2012-08-09 to 2012-09-09 )))))))))))))))))))))))))))))))
.
.
2012-09-07 19:06 . 2012-08-23 07:15 7022536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{B85B18BF-EEF2-4577-A26B-2531E1160240}\mpengine.dll
2012-08-22 21:38 . 2012-08-22 21:38 -------- d-----w- c:\documents and settings\Owner\Application Data\LolClient
2012-08-22 21:08 . 2012-08-22 21:08 -------- d-----w- C:\Riot Games
2012-08-22 20:39 . 2012-08-22 21:39 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\PMB Files
2012-08-22 20:39 . 2012-08-22 21:39 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2012-08-22 20:39 . 2012-08-22 20:39 -------- d-----w- C:\PMB Files
2012-08-22 20:39 . 2012-08-22 20:39 -------- d-----w- c:\program files\Pando Networks
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-02 17:17 . 2012-04-08 11:44 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-02 17:17 . 2011-05-19 11:08 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-23 07:15 . 2011-10-03 21:41 7022536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-07-21 17:53 . 2012-07-21 17:53 402280 ----a-w- c:\program files\curse client.exe
2012-07-12 17:16 . 2012-07-12 17:15 125920424 ----a-w- c:\program files\zStarCraft-II-Beta-Setup-enUS.exe
2012-07-06 13:58 . 2005-04-13 16:55 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2005-04-13 17:12 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40 . 2005-04-13 16:56 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-28 21:33 . 2005-04-13 16:56 667136 ----a-w- c:\windows\system32\wininet.dll
2012-06-28 21:33 . 2005-04-13 16:56 61952 ----a-w- c:\windows\system32\tdc.ocx
2012-06-28 21:33 . 2005-04-13 16:55 81920 ----a-w- c:\windows\system32\ieencode.dll
2012-06-28 12:46 . 2005-04-13 16:55 369664 ----a-w- c:\windows\system32\html.iec
2012-09-09 10:41 . 2012-09-09 10:40 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-12-01 77824]
"SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 282624]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-23 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-23 7630848]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"CHotkey"="zHotkey.exe" [2004-05-18 543232]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-25 202296]
.
c:\documents and settings\Kim\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
Asset UPnP uMediaLibrary.lnk - c:\program files\Illustrate\dBpoweramp\uMediaLibrary.exe [2012-1-19 1063936]
Asset UPnP.lnk - c:\program files\Illustrate\dBpoweramp\Asset-uPNP.exe [2012-1-19 1600000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\UmxSbxExw.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\StarCraft II\\StarCraft II.exe"=
"c:\\Program Files\\StarCraft II\\Support\\BlizzardDownloader.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Nero\\Nero MediaHome 4\\NMMediaServerService.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Illustrate\\dBpoweramp\\Asset-uPNP.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"26125:TCP"= 26125:TCP:Asset UPnP TCP
"26125:UDP"= 26125:UDP:Asset UPnP UDP
.
R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [7/29/2011 10:39 AM 123984]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/29/2009 10:39 AM 64288]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [3/4/2011 1:23 PM 11352]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [7/29/2011 10:39 AM 83536]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [7/29/2011 10:39 AM 63056]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [7/28/2011 11:17 AM 116304]
R2 BackupService;BackupService;c:\documents and settings\Owner\Application Data\HP SimpleSave Application\uUACTokenSvc.exe [6/25/2011 11:33 PM 83512]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [7/29/2011 10:39 AM 150608]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [7/29/2011 10:39 AM 82000]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R2 WinExtManager;WinSock Extention Manager;c:\windows\system32\mdmcls32.exe [3/13/2011 8:03 AM 3207184]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [3/10/2011 6:34 PM 34608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [11/2/2009 8:27 PM 19472]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [7/29/2011 10:39 AM 331344]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [8/14/2011 5:14 PM 2255464]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/29/2012 8:50 AM 158856]
S2 UmxEngine;TM Engine;"c:\program files\CA\SharedComponents\TMEngine\UmxEngine.exe" --> c:\program files\CA\SharedComponents\TMEngine\UmxEngine.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/8/2012 7:44 AM 250568]
S3 AssetUPnP;AssetUPnP;c:\program files\Illustrate\dBpoweramp\Asset-UPnPService.exe [1/19/2012 10:29 PM 77824]
S3 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [12/12/2007 9:18 PM 724152]
S3 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [12/12/2007 9:18 PM 724152]
S3 kbeepm;kbeepm;\??\c:\docume~1\Owner\LOCALS~1\Temp\kbeepm.sys --> c:\docume~1\Owner\LOCALS~1\Temp\kbeepm.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [6/12/2011 11:15 AM 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/26/2012 2:38 PM 114144]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
S3 UXDCMN;UXDCMN;\??\e:\uxdcmn.sys --> e:\UXDCMN.SYS [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 17:17]
.
2012-09-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 22:57]
.
2012-09-09 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.babylon.com/?affID=111385&babsrc=HP_ss&mntrId=24bbbc6b00000000000000137232eb59
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s%s
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
LSP: c:\windows\system32\VetRedir.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\j745em7z.default\
FF - prefs.js: browser.search.defaulturl - Bing
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=111385&babsrc=KW_ss&mntrId=24bbbc6b00000000000000137232eb59&q=
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-nwiz - nwiz.exe
Notify-PFW - (no file)
AddRemove-Password Safe - c:\program files\Password Safe\Uninstall.exe
AddRemove-{37476589-E48E-439E-A706-56189E2ED4C4} - c:\documents and settings\All Users\Application Data\TheBflix\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-09 08:37
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1016)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(1756)
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\SOUNDMAN.EXE
c:\windows\stsystra.exe
c:\windows\zHotkey.exe
c:\windows\eHome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2012-09-09 08:51:55 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-09 12:51
.
Pre-Run: 28,166,062,080 bytes free
Post-Run: 30,360,412,160 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - C08A5C51878760309DA1BAA931BF27B7

BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:14 PM

Posted 09 September 2012 - 10:37 AM

Hello bsm58 ,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.


1.
Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    Posted Image
  • Put a checkmark beside loaded modules.
    Posted Image
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    Posted Image
  • Click the Start Scan button.
    Posted Image
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    Posted Image
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Posted Image
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


2.
Download AdwCleaner
  • Double click on AdwCleaner.exe to run the tool.
    ***Note: Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select
    Posted Image
  • Click the Search button.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your next reply.
  • Or you can find the logfile at C:\AdwCleaner[R1].txt.

3.
Please download Listparts
Run the tool, click Scan and post the log (Result.txt) it makes.



Things to include in your next reply::
TdssKiller log
ADWcleaner log
Result.txt
Tell me how your machine is running and exactly what is wrong with it if anything.

Edited by fireman4it, 09 September 2012 - 10:39 AM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:14 PM

Posted 11 September 2012 - 07:23 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:14 PM

Posted 16 September 2012 - 05:01 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users