Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojan.ZeroAccess.c in Program Files


  • This topic is locked This topic is locked
3 replies to this topic

#1 agawthrop

agawthrop

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:05 PM

Posted 30 July 2013 - 12:34 PM

Computer is infected with what appears to be a trojan.zeroacces.c rootkit.  Malwarebytes, tdss killer, and spybot find nothing when ran.  Symantec antivirus continuously alerts user to trojan.zeroaccess.c located in "C:\Windows\Program Files\Google\Desktop\Installer\" then a several empty nameless folders, then one with a bunch of random characters as the name.  Need help to remove this so that coworker can get back to work. Thanks in advance.

 

DDS (Ver_2012-11-20.01) - NTFS_x86 MINIMAL
Internet Explorer: 10.0.9200.16635
Run by max at 13:23:58 on 2013-07-30
#Option MBR scan  is disabled.
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - <orphaned>
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Spotify Web Helper] "c:\users\max\appdata\roaming\spotify\data\SpotifyWebHelper.exe"
uRun: [Adobe CSS5.1 Manager] c:\users\max\appdata\local\2723c582-36c6-4114-ada0-8b0bb6f5b273ad\ccadabbbfbad.exe
uRunOnce: [Adobe CSS5.1 Manager] c:\users\max\appdata\local\2723c582-36c6-4114-ada0-8b0bb6f5b273ad\ccadabbbfbad.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [USCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe  startup
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [SplitView] "c:\program files\splitview 2010\SplitScr.exe" -auto
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [iapht] "c:\windows\system32\rundll32.exe" "c:\users\max\appdata\roaming\iapht.dll",get_gAMA_fixed
mRun: [asrfps] "c:\windows\system32\rundll32.exe" "c:\users\max\appdata\roaming\asrfps.dll",Set_New
mRun: [sipap] rundll32.exe "c:\users\max\appdata\roaming\sipap.dll",_Size
mRun: [aputui] "c:\windows\system32\rundll32.exe" "c:\users\max\appdata\roaming\aputui.dll",read_init_3
uExplorerRun: [ccadabbbfbad] c:\users\max\appdata\local\2723c582-36c6-4114-ada0-8b0bb6f5b273ad\ccadabbbfbad.exe
StartupFolder: c:\users\max\appdata\roaming\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\windows\installer\{90140000-003d-0000-0000-0000000ff1ce}\outicon.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\intuit~1.lnk - c:\program files\common files\intuit\dataprotect\IntuitDataProtect.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~3.lnk - c:\program files\common files\intuit\quickbooks\qbwebconnector\QBWebConnector.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~2.lnk - c:\program files\intuit\quickbooks 2013\QBW32.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\scansn~1.lnk - c:\program files\pfu\scansnap\driver\PfuSsMon.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\speedl~1.lnk - c:\program files\checkpoint\speedlink\CheckpointSpeedlink.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tdmnot~1.lnk - c:\program files\wave systems corp\trusted drive manager\TdmNotify.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {0DE70C1A-5136-45F6-95DA-B81CCF0DA5B3} - hxxps://gosystemrs.fasttax.com/OCX/RIARSDocumentum.cab
DPF: {13F71666-05F2-11D2-B2F6-00A0C9A08B64} - hxxps://gosystemrs.fasttax.com/OCX/comconv.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {227F25BE-BCDC-11D0-BA80-0000F6181652} - hxxps://gosystemrs.fasttax.com/OCX/RSLoginModule.cab
DPF: {2EC07293-4DF5-11D5-992B-0001020FC1FC} - hxxps://gosystemrs.fasttax.com/OCX/comconv.cab
DPF: {455182EE-8F93-11D2-BA3C-00C04F7F6533} - hxxps://gosystemrs.fasttax.com/OCX/RSTabbedList.cab
DPF: {7B640A40-EEC1-11D2-B526-00C04F8DEE99} - hxxps://gosystemrs.fasttax.com/OCX/WebAttachments.cab
DPF: {82BFFC8C-B4BD-11D4-9908-000102053AFB} - hxxps://gosystemrs.fasttax.com/OCX/webnotifier.cab
DPF: {86B092BC-7ABA-11D4-98E7-000102053AFB} - hxxps://gosystemrs.fasttax.com/OCX/Downloader.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {973EA5BE-9ED6-11D3-AB1D-00C04F7468E4} - hxxps://gosystemrs.fasttax.com/OCX/DCParse.cab
DPF: {97A90946-2984-11D3-AAE7-00C04F7468E4} - hxxps://gosystemrs.fasttax.com/OCX/frmsrc.cab
DPF: {C945E31A-102E-4A0D-8854-D599D7AED5FA} - hxxps://gosystemrs.fasttax.com/OCX/vsflex8.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D76D712E-4A96-11D3-BD95-D296DC2DD072} - hxxps://gosystemrs.fasttax.com/OCX/vsflex7.cab
TCP: NameServer = 10.0.0.6
TCP: Interfaces\{08695663-A85E-46F5-BCE3-927BD7C89AAB} : DHCPNameServer = 10.0.0.6
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\intuit\quickbooks 2011\HelpAsyncPluggableProtocol.dll
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - c:\program files\intuit\quickbooks enterprise solutions 12.0\HelpAsyncPluggableProtocol.dll
Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - c:\program files\intuit\quickbooks 2013\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - 
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - <orphaned>
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WebCheck - <orphaned>
LSA: Authentication Packages =  msv1_0 wvauth
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2013-07-29 20:55:00 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-07-29 20:55:00 -------- d-----w- c:\program files\Spybot - Search & Destroy
2013-07-29 20:51:03 -------- d-----w- c:\program files\VS Revo Group
2013-07-29 20:49:02 -------- d-----w- c:\program files\CCleaner
2013-07-29 19:43:19 417792 ----a-w- c:\users\max\appdata\roaming\aputui.dll
2013-07-29 19:43:14 618496 ----a-w- c:\users\max\appdata\roaming\sipap.dll
2013-07-29 13:23:35 -------- d-----w- c:\users\max\appdata\roaming\Malwarebytes
2013-07-29 13:23:31 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-07-29 13:23:30 -------- d-----w- c:\programdata\Malwarebytes
2013-07-29 13:23:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-07-29 13:23:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-07-24 20:35:44 -------- d-----w- c:\users\max\appdata\local\2723c582-36c6-4114-ada0-8b0bb6f5b273ad
2013-07-24 20:34:13 425984 ----a-w- c:\users\max\appdata\roaming\asrfps.dll
2013-07-24 20:34:07 647168 ----a-w- c:\users\max\appdata\roaming\iapht.dll
2013-07-17 07:00:36 -------- d-----w- c:\windows\system32\MRT
2013-07-10 09:22:28 1247744 ----a-w- c:\windows\system32\DWrite.dll
2013-07-10 09:22:26 509440 ----a-w- c:\windows\system32\qedit.dll
2013-07-10 09:22:26 1620480 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-10 09:22:25 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-07-10 09:22:22 988672 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2013-07-10 09:22:22 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll
2013-07-10 09:22:22 936448 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2013-07-10 09:22:22 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL
2013-07-09 16:27:34 21504 ----a-w- c:\program files\windows defender\en-us\systemprofile\appdata\local\assembly\dl3\g704vjj5.9mq\9dp8qooc.ted\ea09e1a6\00f863ef_449bcd01\PPCLicense.DLL
2013-07-09 16:27:34 18432 ----a-w- c:\program files\windows defender\en-us\systemprofile\appdata\local\assembly\dl3\g704vjj5.9mq\9dp8qooc.ted\6a705154\00c73391_0fc2cd01\PPCShared.DLL
2013-07-09 16:27:33 30208 ----a-w- c:\program files\windows defender\en-us\systemprofile\appdata\local\assembly\dl3\g704vjj5.9mq\9dp8qooc.ted\fe3e935d\009975da_eb9ccd01\Excel_xlEvents_Sample.DLL
2013-07-09 16:27:33 150528 ----a-w- c:\program files\windows defender\en-us\systemprofile\appdata\local\assembly\dl3\g704vjj5.9mq\9dp8qooc.ted\248bea50\0056f9d8_7fcecd01\PPCOffice.DLL
2013-07-09 16:27:32 54784 ----a-w- c:\program files\windows defender\en-us\systemprofile\appdata\local\assembly\dl3\g704vjj5.9mq\9dp8qooc.ted\75bb277b\00f46492_0fc2cd01\PPCExceptions.DLL
2013-07-09 16:27:32 32664 ----a-w- c:\program files\windows defender\en-us\systemprofile\appdata\local\assembly\dl3\g704vjj5.9mq\9dp8qooc.ted\88a74bcf\0099d6c0_ec9fcd01\Microsoft.Office.Tools.Common.v4.0.Utilities.DLL
2013-07-09 16:27:32 30208 ----a-w- c:\program files\windows defender\en-us\systemprofile\appdata\local\assembly\dl3\g704vjj5.9mq\9dp8qooc.ted\8e8863b7\00508101_80cecd01\PPCExcel12Repurpose.DLL
2013-07-09 16:27:32 245248 ----a-w- c:\program files\windows defender\en-us\systemprofile\appdata\local\assembly\dl3\g704vjj5.9mq\9dp8qooc.ted\24a012dd\003180fd_2edacd01\PPCExcel12.DLL
2013-07-08 13:02:49 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-07-08 13:02:49 -------- d-----w- c:\program files\iTunes
2013-07-08 13:02:49 -------- d-----w- c:\program files\iPod
2013-07-08 12:57:19 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2013-07-08 12:57:19 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2013-07-08 12:57:19 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2013-07-08 12:57:19 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2013-07-08 12:57:19 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
.
==================== Find3M  ====================
.
2013-06-11 23:43:37 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- c:\windows\system32\jscript9.dll
2013-06-11 23:42:58 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-06-11 23:42:58 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-06-11 23:10:18 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-11 23:10:18 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-11 22:51:45 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-06-07 02:37:52 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-13 04:45:55 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 03:08:10 903168 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- c:\windows\system32\certenc.dll
2013-05-10 03:20:54 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-05-08 05:38:00 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-06 05:06:47 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-05-06 05:06:47 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe
.
============= FINISH: 13:24:46.36 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:09:05 PM

Posted 01 August 2013 - 05:33 PM

Hello agawthrop and welcome to Bleeping Computer!

I am D-FRED-BROWN and I will be helping you. smile.png

Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.


----------Step 1----------------
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

----------Step 2----------------
Please download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

----------Step 3----------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.


NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


----------Step 4----------------
Please download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

----------Step 5----------------
In your next reply, please include the following:

  • TDSSKiller's logfile
  • MBAR mbar-log.txt and system-log.txt
  • ComboFix's report (C:\ComboFix.txt)
  • Security Check checkup.txt

After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask. smile.png

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Note:

Please make sure you are subscribed to this topic: Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly"
 

-------> Your topic will be closed if you haven't replied within 3 days! <--------
(If I don't respond within 24 hours, please send me a PM)



-DFB


Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#3 agawthrop

agawthrop
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:05 PM

Posted 02 August 2013 - 08:03 AM

D-Fred, due the the necessary expedience required my boss decided to send the computer to a local company to be repaired.

 

Could you lock this thread, and then if they are unable to solve the issue is there a way to reopen this thread or would I create a new one.  

 

Thanks,

 

Alex



#4 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:09:05 PM

Posted 02 August 2013 - 12:11 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users