Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ZeroAccess Infection - Cannot access some folders


  • This topic is locked This topic is locked
3 replies to this topic

#1 cooter2

cooter2

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 29 October 2013 - 08:21 AM

Last week RKill log showed a ZeroAccess Infection. Ran malwarebytes, did not find anything. I am losing access to folders in my C:\Program Files folder. It is saying I need to be an administrator, click contine, when I click continue it says I do not have access. I am also not able to run any windows updates, fails on install.

 

I ran RKill again today, did not show the same ZeroAccess issue. I am still pretty concerned something is wrong.

 

Here is dds.txt:

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16514  BrowserJavaVersion: 10.45.2
Run by RonNy at 8:10:50 on 2013-10-29
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3069.1767 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Fingerprint Reader Suite\psqltray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe
C:\Program Files\AVG SafeGuard toolbar\vprot.exe
C:\Program Files\DefaultTab\DefaultTabSearch.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5090130
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: SySaver: {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - c:\users\ronny\appdata\local\sysaver\temp.dat
BHO: PDF Architect Helper: {3A2D5EBA-F86D-4BD3-A177-019765996711} -
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\users\ronny\appdata\roaming\defaulttab\defaulttab\DefaultTabBHO.dll
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg safeguard toolbar\17.0.0.12\AVG SafeGuard toolbar_toolbar.dll
BHO: Free Download Manager: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - c:\program files\free download manager\iefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg safeguard toolbar\17.0.0.12\AVG SafeGuard toolbar_toolbar.dll
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Free Download Manager] "c:\program files\free download manager\fdm.exe" -autorun
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [PSQLLauncher] "c:\program files\fingerprint reader suite\launcher.exe" /startup
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe
mRun: [Reader Library Launcher] c:\program files\sony\reader\data\bin\launcher\Reader Library Launcher.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [MSC] "c:\program files\microsoft security client\mssecex.exe" -hide -runkey
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [vProt] "c:\program files\avg safeguard toolbar\vprot.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: DisableCAD = dword:1
IE: Download all with Free Download Manager - c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - c:\program files\free download manager\dllink.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} -
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
TCP: NameServer = 216.146.35.35 216.146.36.36
TCP: Interfaces\{55EF00DA-4985-4C0D-B48F-9FDDF1EDAC12} : DHCPNameServer = 216.146.35.35 216.146.36.36
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\17.0.12\ViProtocol.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} -
LSA: Notification Packages =  scecli psqlpwd
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\30.0.1599.101\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ronny\appdata\roaming\mozilla\firefox\profiles\wxc2zkgf.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxps://plus.google.com/u/0/|http://www.morningstar.com/
FF - prefs.js: keyword.URL -
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\17.0.12\npsitesafety.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1204144.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
FF - ExtSQL: 2013-10-27 10:24; fdm_ffext@freedownloadmanager.org; c:\program files\free download manager\firefox\Extension
FF - ExtSQL: 2013-10-27 10:25; avg@toolbar; c:\programdata\avg safeguard toolbar\firefoxext\17.0.0.12
FF - ExtSQL: 2013-10-27 10:26; addon@defaulttab.com; c:\users\ronny\appdata\roaming\mozilla\firefox\profiles\wxc2zkgf.default\extensions\addon@defaulttab.com.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [2011-10-12 14448]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-10-27 37664]
R1 MpKsle133479a;MpKsle133479a;c:\programdata\microsoft\microsoft antimalware\definition updates\{be5e3a57-f56c-418f-94d8-c777a09168a5}\MpKsle133479a.sys [2013-10-27 40392]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2009-1-29 73728]
R2 DefaultTabSearch;DefaultTabSearch;c:\program files\defaulttab\DefaultTabSearch.exe [2013-10-7 573952]
R2 DisplayLinkService;DisplayLinkManager;c:\program files\displaylink core software\DisplayLinkManager.exe [2011-10-5 6831464]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 100328]
R2 vToolbarUpdater17.0.12;vToolbarUpdater17.0.12;c:\program files\common files\avg secure search\vtoolbarupdater\17.0.12\ToolbarUpdater.exe [2013-10-27 1734680]
R3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [2011-10-12 251504]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-1-27 295232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 DefaultTabUpdate;DefaultTabUpdate;c:\users\ronny\appdata\roaming\defaulttab\defaulttab\dtupdate.exe [2013-10-27 107520]
S2 gupdate1c9f524484e7190;Google Update Service (gupdate1c9f524484e7190);c:\program files\google\update\GoogleUpdate.exe [2009-6-24 133104]
S2 PDF Architect Helper Service;PDF Architect Helper Service;"c:\program files\pdf architect\helperservice.exe" --> c:\program files\pdf architect\HelperService.exe [?]
S2 PDF Architect Service;PDF Architect Service;"c:\program files\pdf architect\conversionservice.exe" --> c:\program files\pdf architect\ConversionService.exe [?]
S3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\drivers\DisplayLinkUsbPort_6.0.32700.0.sys [2011-10-12 21888]
S3 MOSUMAC;USB-Ethernet Driver;c:\windows\system32\drivers\MOSUMAC.SYS [2009-12-10 43520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S4 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-9-23 155648]
S4 iaNvStor;Intel® Turbo Memory Controller;c:\windows\system32\drivers\iaNvStor.sys [2009-1-30 209408]
.
=============== Created Last 30 ================
.
2013-10-27 15:26:43    --------    d-----w-    c:\users\ronny\appdata\local\SySaver
2013-10-27 15:26:10    --------    d-----w-    c:\program files\DefaultTab
2013-10-27 15:26:00    --------    d-----w-    c:\users\ronny\appdata\roaming\defaulttab
2013-10-27 15:25:24    --------    d-----w-    c:\users\ronny\appdata\local\AVG SafeGuard toolbar
2013-10-27 15:25:10    37664    ----a-w-    c:\windows\system32\drivers\avgtpx86.sys
2013-10-27 15:25:08    --------    d-----w-    c:\programdata\AVG SafeGuard toolbar
2013-10-27 15:25:07    --------    d-----w-    c:\program files\common files\AVG Secure Search
2013-10-27 15:25:06    --------    d-----w-    c:\program files\AVG SafeGuard toolbar
2013-10-27 15:24:40    --------    d-----w-    c:\users\ronny\appdata\roaming\Free Download Manager
2013-10-27 15:24:36    --------    d-----w-    c:\program files\Free Download Manager
2013-10-27 15:24:04    --------    d--h--w-    c:\programdata\Common Files
2013-10-27 15:17:21    836008    ----a-w-    c:\program files\Setup.exe
2013-10-27 06:52:34    62576    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{be5e3a57-f56c-418f-94d8-c777a09168a5}\offreg.dll
2013-10-27 06:52:34    40392    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{be5e3a57-f56c-418f-94d8-c777a09168a5}\MpKsle133479a.sys
2013-10-25 21:03:07    7796464    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{be5e3a57-f56c-418f-94d8-c777a09168a5}\mpengine.dll
2013-10-25 20:54:08    --------    d-----w-    c:\users\ronny\appdata\roaming\FixZeroAccess
2013-10-25 20:54:06    35752    ----a-w-    c:\windows\system32\drivers\FixZeroAccess.sys
2013-10-25 20:44:13    --------    d-sh--w-    C:\$RECYCLE.BIN
2013-10-25 20:43:02    --------    d-s---w-    C:\ComboFix
2013-10-25 20:09:10    --------    d-----w-    c:\programdata\HitmanPro
2013-10-25 19:53:21    --------    d-----w-    c:\users\ronny\appdata\local\temp
2013-10-25 19:18:42    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-10-25 15:05:41    --------    d-----w-    c:\windows\ERUNT
2013-10-25 14:50:16    --------    d-----w-    C:\AdwCleaner
2013-10-25 12:36:16    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-10-25 12:36:16    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-10-23 09:12:51    --------    d-----w-    c:\program files\iPod
2013-10-23 09:12:47    --------    d-----w-    c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-10-23 09:12:47    --------    d-----w-    c:\program files\iTunes
2013-10-10 04:23:12    --------    d-----w-    c:\programdata\Spybot - Search & Destroy
2013-10-10 02:56:36    1069056    ----a-w-    c:\windows\system32\DWrite.dll
2013-10-02 17:16:15    --------    d-----w-    c:\programdata\Auslogics
2013-10-02 16:58:30    --------    d-----w-    c:\program files\Auslogics
2013-10-02 16:58:01    --------    d-----w-    c:\windows\system32\Adobe
.
==================== Find3M  ====================
.
2013-10-09 03:57:05    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-09 03:57:05    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-09-22 10:22:59    1800704    ----a-w-    c:\windows\system32\jscript9.dll
2013-09-22 10:14:39    1427968    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-09-22 10:13:22    1129472    ----a-w-    c:\windows\system32\wininet.dll
2013-09-22 10:08:41    142848    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-09-22 10:06:58    420864    ----a-w-    c:\windows\system32\vbscript.dll
2013-09-22 10:03:18    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
2013-08-29 07:36:04    2050048    ----a-w-    c:\windows\system32\win32k.sys
2013-08-27 02:47:50    219648    ----a-w-    c:\windows\system32\d3d10_1core.dll
2013-08-27 02:47:50    189952    ----a-w-    c:\windows\system32\d3d10core.dll
2013-08-27 02:47:50    160768    ----a-w-    c:\windows\system32\d3d10_1.dll
2013-08-27 02:47:50    1029120    ----a-w-    c:\windows\system32\d3d10.dll
2013-08-27 01:52:08    1172480    ----a-w-    c:\windows\system32\d3d10warp.dll
2013-08-27 01:50:40    486400    ----a-w-    c:\windows\system32\d3d10level9.dll
2013-08-27 01:32:20    683008    ----a-w-    c:\windows\system32\d2d1.dll
2013-08-27 01:28:35    798208    ----a-w-    c:\windows\system32\FntCache.dll
2013-08-02 04:09:35    1548288    ----a-w-    c:\windows\system32\WMVDECOD.DLL
2013-08-01 03:16:32    638400    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
2013-08-01 02:49:15    37376    ----a-w-    c:\windows\system32\cdd.dll
.
============= FINISH:  8:11:18.91 ===============
 


Edited by cooter2, 29 October 2013 - 08:23 AM.


BC AdBot (Login to Remove)

 


#2 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:13 AM

Posted 30 October 2013 - 08:50 AM

Hi and Welcome!!   
 
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to the topic if you have not already done so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.

 
Having said that....   YBCQLm4.gif   Let's get going!!  
----------
 

weVCzW0.jpg Please download TDSSKiller

  • Double click TDSSKiller.exe
  • Press Start Scan but do nothing else as we are just looking for what is there.
  • If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
  • Attach the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

81mYIKe.jpg  AdwCleaner
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#3 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:13 AM

Posted 01 November 2013 - 07:00 AM

Still need help?


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#4 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:13 AM

Posted 02 November 2013 - 11:12 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users