Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combofix not working properly - long story


  • This topic is locked This topic is locked
4 replies to this topic

#1 plox

plox

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:40 AM

Posted 17 January 2014 - 01:00 PM

Hi

 

Over the last few months, I have been recovering from a very nasty situation where my XP Pro SP3 computer was hacked, attached to a mysterious network and and infested with all sorts of malware and trojans and other baddies.

 

I think that I have cleared most of the infections which I have had to do on my own but there is a stubborn hiden rootkit/program which still persists.

 

I explain my situation in this link which I hope you don't mind my posting rather than repeating it here

"http://superuser.com/questions/701989/windows-xp-pro-sp3-stop-changes-to-security-software-registry-keys-set-by-unk/703109#703109"

 

In using  Combofix (I know one is not supposed to without instruction but I've had no other options) the problem arises that when it reaches the stage after any deletions are done and for it to reboot the computer, nothing happens and it just hangs.And of course in restarting it normally Combofix does not restart and complete.

 

I have also found that \??\ is added to the image path of the catchme program in my user temp folder which to me would indicate one of the reasons for it not to continue its work.

 

Can anyone confirm that this would have an effect on it?

 

I have also tried all the other anti-rookit programs to no avail apart from avz4 which identifies these hook entries:

1.1 Searching for user-mode API hooks
 Analysis: kernel32.dll, export table found in section .text
Function kernel32.dll:CreateProcessA (99) intercepted, method - APICodeHijack.JmpTo[044F02E2]
 >>> Rootkit code in function CreateProcessA blocked
Function kernel32.dll:CreateProcessInternalA (100) intercepted, method - APICodeHijack.JmpTo[052702E2]
 >>> Rootkit code in function CreateProcessInternalA blocked
Function kernel32.dll:CreateProcessInternalW (101) intercepted, method - APICodeHijack.JmpTo[052802E2]
 >>> Rootkit code in function CreateProcessInternalW blocked
Function kernel32.dll:CreateProcessW (103) intercepted, method - APICodeHijack.JmpTo[045002E2]
 >>> Rootkit code in function CreateProcessW blocked
Function kernel32.dll:LoadLibraryExW (583) intercepted, method - APICodeHijack.JmpTo[052902E2]
 >>> Rootkit code in function LoadLibraryExW blocked

 

 

Analysis: ntdll.dll, export table found in section .text
 Analysis: user32.dll, export table found in section .text
 Analysis: advapi32.dll, export table found in section .text
 Analysis: ws2_32.dll, export table found in section .text
 Analysis: wininet.dll, export table found in section .text
 Analysis: rasapi32.dll, export table found in section .text
 Analysis: urlmon.dll, export table found in section .text
 Analysis: netapi32.dll, export table found in section .text

 

It temporarily intercepts the rootkit but does not remove it which was also injecting code in the dlls  above that interfered with my network connection creating hidden connections to some remote computer while activating anonymous logons through Telnet/ Remote Desktop (which are disabled in services) and enabling disk drives' autoruns,  other components and disabling my firewall.

 

I have since disabled NetBIOS, blocked the runonce key in the registry, blocked ports 445 , 23, 1900, 3389, 500 and 5000 in the firewall which seems to have had an effect on curbing that but this \??\  is the puzzle which defies explanation. Just now as I was running the avz scan I received this notice from a program I use to watch the registry - it refers to the avz extended monitoring driver and it really makes me wonder if it actually is being loaded and working.

 

An unauthenticated driver with the following details was loaded:

Base name: utixmzg4.sys
Registered path: \??\C:\WINDOWS\system32\Drivers\utixmzg4.sys
 

Hoping that you may be of assistance, here is the DDS.txt:

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by ***current user*** at 3:06:10 on 2014-01-18
#Option Extended Search is enabled.
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1789.357 [GMT 10:00]
.
AV: Kingsoft Antivirus System Defense *Enabled/Updated* {B3DDB456-E18B-4D81-9EB0-E23ABB4D2B12}
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Returnil System Safe 2011 *Disabled/Updated* {535A8864-C2D9-4337-B49A-B5E35815B9BB}
FW: R-Firewall *Disabled*
FW: Rising Personal Firewall *Enabled*
.
============== Running Processes ================
.
C:\Program Files\Common Files\COMODO\launcher_service.exe
C:\WINDOWS\system32\Ati2evxx.exe
d:\Program Files\Rising\RFW\RavMonD.exe
D:\Program Files\Returnil\RSS\rvsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
d:\Program files\Kingsoft\PCDoctor\KSafeSvc.exe
C:\WINDOWS\system32\spoolsv.exe
d:\Program Files\SUPERAntiSpyware\SASCORE.EXE
d:\Program Files\COMODO\COMODO Programs Manager\CPMService.exe
d:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\WINDOWS\system32\oodag.exe
d:\Program Files\Portable Apps\SpybotPortable\SpybotPortable\App\Spybot\SDFSSvc.exe
d:\Program Files\Portable Apps\SpybotPortable\SpybotPortable\App\Spybot\SDUpdSvc.exe
D:\Program Files\OO Software\CleverCache\ooccag.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\peko Software\Win IP Config\winipcfg.exe
C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\RTHDCPL.EXE
D:\Program Files\Process Lasso\processlasso.exe
D:\Program Files\Process Lasso\processgovernor.exe
C:\WINDOWS\system32\oodtray.exe
D:\Program Files\OO Software\CleverCache\ooccctrl.exe
D:\Program files\Kingsoft\PCDoctor\KSafeTray.exe
D:\Program Files\Kingsoft\kingsoft antivirus\kxetray.exe
D:\Program Files\Rising\RFW\RSTRAY.EXE
D:\Program Files\Portable Apps\AnVir Task Manager Free Portable\taskfree\AnVir.exe
D:\Program Files\Returnil\RSS\rvsgui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
d:\Program Files\NirSoft\cports\cports.exe
d:\Program Files\NetCutDefender\services\AIPS.exe
d:\Program Files\FirefoxPortable_4.0\FirefoxPortable\App\Firefox\firefox.exe
C:\Program Files\Rising\RSD\RsMgrSvc.exe
C:\Program Files\Rising\RSD\popwndexe.exe
D:\Program Files\Kingsoft\kingsoft antivirus\kxescore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
c:\avz4\avz.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
BHO: SDHelper: {53707962-6F74-2D53-2644-206D7942484F} - d:\program files\portable apps\spybotportable\spybotportable\app\spybot\SDHelper.dll
uRun: [AnVir Task Manager Free] "d:\program files\portable apps\anvir task manager free portable\taskfree\AnVir.exe" Minimized
mRun: [Win IP Config] d:\program files\peko software\win ip config\winipcfg.exe -a
mRun: [Trend Micro RUBotted V2.0 Beta] c:\program files\trend micro\rubotted\RUBottedGUI.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [ProcessLassoManagementConsole] "d:\program files\process lasso\processlasso.exe"
mRun: [ProcessG] "d:\program files\process lasso\processgovernor.exe"
mRun: [OODefragTray] c:\windows\system32\oodtray.exe
mRun: [ooccctrl.exe] d:\program files\oo software\clevercache\ooccctrl.exe /tasktray
mRun: [KSafeTray] "d:\program files\kingsoft\pcdoctor\KSafeTray.exe" -autorun
mRun: [AVG_UI] "d:\program files\avg\avg2014\avgui.exe" /TRAYONLY
mRun: [Malware Defender] d:\program files\malware defender\malwaredefender.exe
mRun: [kxesc] "d:\program files\kingsoft\kingsoft antivirus\kxetray.exe" -autorun
mRun: [RSDTRAY] "c:\program files\rising\rsd\popwndexe.exe"
mRun: [RFWTRAY] "d:\program files\rising\rfw\RSTRAY.EXE" -system
mRunOnce: [R-FirewallUninstall1] cmd /C rmdir /S /Q c:\program files\r-tt\r-firewall\Service
mRunOnce: [R-FirewallUninstall2] cmd /C rmdir /S /Q c:\program files\r-tt\R-Firewall
mRunOnce: [InnoSetupRegFile.0000000001] "c:\windows\is-MCR8C.exe" /REG /REGSVRMODE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\***current user***\startm~1\programs\startup\shortc~2.lnk - c:\avz4\avz.exe
StartupFolder: c:\docume~1\***current user***\startm~1\programs\startup\autoru~1\mailwa~1.lnk - d:\program files\firetrust\mailwasher\MailWasher.exe
StartupFolder: c:\docume~1\***current user***\startm~1\programs\startup\autoru~1\secuni~1.lnk - d:\program files\secunia\psi\psi_tray.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\rss.lnk - d:\program files\returnil\rss\rvsgui.exe
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: DisableCurrentUserRunOnce = dword:1
uPolicies-Explorer: NoDriveTypeAutorun = dword:12
mPolicies-Explorer: NoDriveTypeAutoRun = dword:351
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: MaxRecentDocs = dword:0
mPolicies-Explorer: NoWinKey = dword:0
mPolicies-Explorer: NoNetConnextDisconnect = dword:0
mPolicies-Explorer: NoSMConfigurePrograms = dword:0
mPolicies-Explorer: NoControlPanle = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: HideShutdownScripts = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-System: NoAdminPage = dword:0
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} - hxxp://download.gigabyte.com.tw/object/Dldrv.ocx
DPF: {6e32070a-766d-4ee6-879c-dc1fa91d2fc3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139406804265
TCP: NameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{A2BA54CE-1505-4E74-9E02-B70BAC0B3A25} : DHCPNameServer = 208.67.222.222 208.67.220.220
Notify: AtiExtEvent - Ati2evxx.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - d:\program files\superantispyware\SASSEH.DLL
SEH: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - c:\program files\windows defender\MpShHook.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVG Anti-Rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys [2014-1-15 5632]
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-10-24 147768]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-10-31 222520]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-10-1 102712]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-9-10 27448]
R0 cumon;cumon;c:\windows\system32\drivers\cumon.sys [2014-1-17 187120]
R0 Evdd;evdd;c:\windows\system32\drivers\evdd.sys [2014-1-17 16360]
R0 kavbootc;kavbootc;c:\windows\system32\drivers\kavbootc.sys [2014-1-14 27240]
R0 rvsystem;rvsystem;c:\windows\system32\drivers\rvsystem.sys [2011-7-1 58808]
R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [2014-1-15 18544]
R1 AvgArCln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\AvgArCln.sys [2014-1-15 3968]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2013-11-5 120600]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-11-4 209176]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-9-17 22840]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-10-31 176952]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-8-1 193848]
R1 bcpdfnki;bcpdfnki;c:\windows\system32\drivers\bcpdfnki.sys [2014-1-17 258392]
R1 RFWNDIS;Rising RfwNdis Driver;c:\windows\system32\drivers\rfwndis.sys [2014-1-17 20248]
R1 rvsmon;rvsmon;c:\windows\system32\drivers\rvsmon.sys [2011-6-24 276104]
R1 rvsmonf;rvsmonf;c:\windows\system32\drivers\rvsmonf.sys [2011-6-24 43712]
R1 rvsmonn;rvsmonn;c:\windows\system32\drivers\rvsmonn1.sys [2011-6-24 31096]
R1 uzixmzg4;AVZ-RK Kernel Driver;c:\windows\system32\drivers\uzixmzg4.sys [2014-1-15 11264]
R2 !SASCORE;SAS Core Service;d:\program files\superantispyware\SASCore.exe [2013-10-11 120088]
R2 AIPS;Arp Intelligent Protection Service;d:\program files\netcutdefender\services\aips.exe [2014-1-4 262144]
R2 AVGIDSAgent;AVGIDSAgent;d:\program files\avg\avg2014\avgidsagent.exe [2013-11-11 3478544]
R2 avgwd;AVG WatchDog;d:\program files\avg\avg2014\avgwdsvc.exe [2013-9-24 348008]
R2 CLPSLauncher;COMODO LPS Launcher;c:\program files\common files\comodo\launcher_service.exe [2013-12-13 70352]
R2 CPMService;COMODO Programs Manager Service;d:\program files\comodo\comodo programs manager\CPMservice.exe [2011-9-6 105792]
R2 KDHacker;KDHacker;d:\program files\kingsoft\kingsoft antivirus\security\kxescan\kdhacker.sys [2014-1-9 125784]
R2 KSafeSvc;KSafe service;d:\program files\kingsoft\pcdoctor\KSafeSvc.exe [2012-4-11 452512]
R2 kxescore;Kingsoft Core Service;d:\program files\kingsoft\kingsoft antivirus\kxescore.exe [2014-1-9 123992]
R2 MalwareDefenderService;Malware Defender Service;d:\program files\malware defender\mdservice.exe [2012-1-10 90968]
R2 MBAMScheduler;MBAMScheduler;d:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-11-11 418376]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-26 35088]
R2 O&O CleverCache;O&O CleverCache;d:\program files\oo software\clevercache\ooccag.exe [2009-12-9 701768]
R2 RFWARP;Rising RfwARP Driver;c:\windows\system32\drivers\rfwarp.sys [2014-1-17 27672]
R2 RsMgrSvc;Rsd Service;c:\program files\rising\rsd\RsMgrSvc.exe [2014-1-17 150168]
R2 RsRFWMon;RFW Service;d:\program files\rising\rfw\RavMonD.exe [2014-1-17 167544]
R2 RVSMONBL;Returnil System Safe Core Service;d:\program files\returnil\rss\rvsmon.exe [2011-7-1 1801504]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;d:\program files\portable apps\spybotportable\spybotportable\app\spybot\SDFSSvc.exe [2012-11-14 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;d:\program files\portable apps\spybotportable\spybotportable\app\spybot\SDUpdSvc.exe [2012-11-14 1369624]
R3 ksapi;ksapi;c:\windows\system32\drivers\ksapi.sys [2014-1-14 82264]
R3 rvseng;rvseng;c:\windows\system32\drivers\rvseng.sys [2011-6-24 1091992]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2014-1-15 43392]
S1 ESProtectionDriver;Malwarebytes Anti-Exploit;d:\program files\malwarebytes anti-exploit\mbae.sys [2013-11-11 44632]
S1 kmodurl;kmodurl;d:\program files\kingsoft\pcdoctor\kmodurl.sys [2011-12-20 111008]
S2 kisknl;kisknl;c:\windows\system32\drivers\kisknl.sys [2014-1-14 151896]
S2 MBAMService;MBAMService;d:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-11-11 701512]
S2 rfwtdi;rfwtdi;d:\program files\rising\rfw\rfwtdi.sys [2014-1-17 25880]
S2 rsdsys;rsd protect;c:\windows\system32\drivers\protreg.sys [2014-1-17 21208]
S2 rsfwdrv;rsfwdrv;d:\program files\rising\rfw\rsfwdrv.sys [2014-1-17 60952]
S2 RUBotSrv;Trend Micro RUBotted Service;c:\program files\trend micro\rubotted\RUBotSrv.exe [2013-12-11 443416]
S2 SASDIFSV;SASDIFSV;d:\program files\superantispyware\sasdifsv.sys [2011-7-23 12880]
S2 SASKUTIL;SASKUTIL;d:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2014-1-15 1691480]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 etdrv;etdrv;c:\windows\etdrv.sys [2013-12-20 17488]
S3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [2014-1-15 24944]
S3 lxci_device;lxci_device;c:\windows\system32\lxcicoms.exe -service --> c:\windows\system32\lxcicoms.exe -service [?]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-1-15 22856]
S4 GeekBuddyRSP;GeekBuddyRSP Server;c:\program files\common files\comodo\GeekBuddyRSP.exe [2013-12-13 2327248]
.
=============== Created Last 60 ================
.
2014-01-17 16:04:47    7168    ----a-w-    c:\windows\system32\drivers\utixmzg4.sys
2014-01-17 13:40:29    --------    d-----w-    c:\documents and settings\all users.windows\application data\AVG 1213b Campaign
2014-01-17 12:33:40    704512    ----a-w-    c:\windows\is-MCR8C.exe
2014-01-17 12:33:34    389120    ----a-w-    c:\windows\system32\actskn43.ocx
2014-01-17 11:19:03    258392    ------w-    c:\windows\system32\drivers\bcpdfnki.sys
2014-01-17 06:53:57    --------    d-----w-    c:\documents and settings\***current user***\local settings\application data\RegistryBackups
2014-01-17 06:31:27    27672    ----a-w-    c:\windows\system32\drivers\rfwarp.sys
2014-01-17 06:31:22    20248    ----a-w-    c:\windows\system32\drivers\rfwndis.sys
2014-01-17 06:29:46    21208    ----a-w-    c:\windows\system32\drivers\protreg.sys
2014-01-17 04:54:46    187120    ----a-w-    c:\windows\system32\drivers\cumon.sys
2014-01-17 04:54:39    16360    ----a-w-    c:\windows\system32\drivers\evdd.sys
2014-01-17 04:22:18    1700352    ----a-w-    c:\windows\system32\gdiplus.dll
2014-01-17 03:07:51    --------    d-----r-    C:\RavBin
2014-01-17 01:28:34    7760024    ------w-    c:\documents and settings\all users.windows\application data\microsoft\windows defender\definition updates\{32de597f-05d0-4bac-bfdd-28bfb152a5bd}\mpengine.dll
2014-01-16 13:34:37    601088    -c----w-    c:\windows\system32\dllcache\crypt32.dll
2014-01-16 13:07:23    179712    -c----w-    c:\windows\system32\dllcache\mrxdav.sys
2014-01-16 13:07:19    715776    -c----w-    c:\windows\system32\dllcache\ntdll.dll
2014-01-16 12:59:05    151552    -c----w-    c:\windows\system32\dllcache\schannel.dll
2014-01-16 12:51:18    354816    -c----w-    c:\windows\system32\dllcache\winhttp.dll
2014-01-16 10:33:54    --------    d-----w-    c:\windows\system32\SoftwareDistribution
2014-01-16 06:49:14    --------    d-----w-    c:\documents and settings\all users.windows\application data\InstallMate
2014-01-14 22:46:02    10752    ----a-w-    c:\windows\system32\clb.dll
2014-01-14 22:39:55    21504    ----a-w-    c:\windows\system32\CINTLGNT.IME
2014-01-14 22:39:52    571392    ----a-w-    c:\windows\system32\TINTLGNT.IME
2014-01-14 22:39:32    482304    ----a-w-    c:\windows\system32\PINTLGNT.IME
2014-01-14 17:50:02    15104    ----a-w-    c:\windows\system32\drivers\usbscan.sys
2014-01-14 17:50:02    121984    ----a-w-    c:\windows\system32\drivers\usbvideo.sys
2014-01-14 17:50:00    60032    ----a-w-    c:\windows\system32\drivers\usbaudio.sys
2014-01-14 17:50:00    12800    ----a-w-    c:\windows\system32\drivers\usb8023x.sys
2014-01-14 16:59:16    --------    d-----w-    c:\documents and settings\all users.windows\application data\Rising
2014-01-14 16:54:24    --------    d-----w-    c:\documents and settings\***current user***\application data\AVG2014
2014-01-14 16:52:04    --------    d-----w-    C:\$AVG
2014-01-14 16:52:03    --------    d-----w-    c:\documents and settings\all users.windows\application data\AVG2014
2014-01-14 16:51:03    --------    d-----w-    c:\documents and settings\all users.windows\application data\MFAData
2014-01-14 16:34:54    --------    d-----w-    c:\documents and settings\***current user***\local settings\application data\Avg2014
2014-01-14 16:29:07    --------    d-----w-    C:\New Folder
2014-01-14 16:27:58    --------    d-----w-    c:\documents and settings\***current user***\local settings\application data\MFAData
2014-01-14 15:30:50    11264    ----a-w-    c:\windows\system32\drivers\uzixmzg4.sys
2014-01-14 15:25:59    53328    ----a-w-    c:\windows\system32\LMouFiltCoInst.dll
2014-01-14 15:09:31    --------    d-----w-    c:\windows\system32\DirectX
2014-01-14 15:09:30    16384    ----a-w-    c:\program files\internet explorer\connection wizard\isignup.exe
2014-01-14 15:03:31    53248    ----a-w-    c:\windows\system32\wbem\fwdprov.dll
2014-01-14 15:03:31    120320    ----a-w-    c:\windows\system32\wbem\dsprov.dll
2014-01-14 15:03:27    --------    d-----w-    c:\windows\system32\MsDtc
2014-01-14 15:03:26    110592    ----a-w-    c:\windows\system32\clbcatex.dll
2014-01-14 15:03:24    218112    ----a-w-    c:\windows\system32\wbem\wmiprvse.exe
2014-01-14 15:03:22    185344    ----a-w-    c:\windows\system32\wbem\framedyn.dll
2014-01-14 15:03:21    1358848    ----a-w-    c:\windows\system32\wbem\cimwin32.dll
2014-01-14 14:55:16    --------    d-----w-    c:\windows\system32\RTCOM
2014-01-14 14:44:16    24661    ----a-w-    c:\windows\system32\spxcoins.dll
2014-01-14 14:44:16    13312    ----a-w-    c:\windows\system32\irclass.dll
2014-01-14 14:44:01    16535    ----a-r-    c:\windows\SET36.tmp
2014-01-14 14:43:59    1088840    ----a-r-    c:\windows\SET2C.tmp
2014-01-14 14:43:57    1296669    ----a-r-    c:\windows\SET29.tmp
2014-01-14 14:28:31    3765464    ----a-w-    c:\documents and settings\all users.windows\application data\cis1A.exe
2014-01-14 14:28:29    3765464    ----a-w-    c:\documents and settings\all users.windows\application data\cisC.exe
2014-01-14 12:54:49    126464    ----a-w-    c:\windows\system32\madCHook.dll
2014-01-14 12:18:30    --------    d--h--w-    c:\windows\system32\GroupPolicy
2014-01-14 11:50:36    27240    ----a-w-    c:\windows\system32\drivers\kavbootc.sys
2014-01-14 11:12:18    --------    d-----w-    c:\windows\system32\LogFiles
2014-01-14 10:56:31    10752    ----a-w-    c:\windows\system32\aamd532.dll
2014-01-14 10:25:45    --------    d-----w-    c:\windows\system32\NtmsData
2014-01-14 10:09:37    --------    d-----w-    c:\windows\system32\oodag
2014-01-14 09:51:33    --------    d-----w-    C:\VritualRoot
2014-01-14 09:51:04    --------    d-----w-    c:\windows\system32\wbem\Performance
2014-01-14 09:48:08    --------    d-----w-    c:\windows\system32\Lang
2014-01-14 07:20:08    --------    d-----w-    c:\windows\system32\wbem\AutoRecover
2014-01-14 07:20:00    151896    ----a-w-    c:\windows\system32\drivers\kisknl.sys
2014-01-14 07:19:50    82264    ----a-w-    c:\windows\system32\drivers\ksapi.sys
2014-01-14 04:38:09    --------    d-s---w-    c:\windows\system32\Microsoft
2014-01-14 04:37:48    74752    ----a-w-    c:\windows\system32\storprop.dll
2014-01-13 22:32:47    --------    d-----w-    c:\windows\Config
2014-01-13 13:01:47    73216    ----a-w-    c:\program files\outlook express\setup50.exe
2014-01-13 13:01:44    86016    ----a-w-    c:\program files\internet explorer\connection wizard\icwconn2.exe
2014-01-13 02:30:53    --------    d-----w-    c:\windows\system32\CatRoot2
2014-01-12 23:52:39    --------    d-s---w-    C:\ComboFix
2014-01-12 15:57:33    --------    d-----w-    c:\documents and settings\***current user***\local settings\application data\Nektra
2014-01-12 14:24:58    4751064    ----a-w-    C:\cmdinstall.exe
2014-01-10 13:10:09    --------    d-----w-    c:\documents and settings\all users.windows\application data\Common Files
2014-01-10 12:26:54    --------    d-----w-    c:\documents and settings\all users.windows\application data\Comodo Downloader
2014-01-10 11:24:55    --------    d-----w-    C:\SafeRecycle
2014-01-10 10:06:01    --------    d-----w-    c:\documents and settings\all users.windows\application data\Safe
2014-01-10 07:50:29    --------    d-----w-    c:\documents and settings\all users.windows\application data\Comodo
2014-01-09 10:11:57    --------    d-----w-    c:\documents and settings\all users.windows\application data\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-01-09 10:11:55    --------    d-----w-    c:\documents and settings\all users.windows\application data\IObit
2014-01-07 14:59:05    98816    ----a-w-    c:\windows\sed.exe
2014-01-07 03:53:17    --------    d-----w-    c:\windows\.rsrc
2014-01-05 13:49:24    --------    d-----w-    c:\documents and settings\***current user***\local settings\application data\Help
2014-01-05 12:01:44    --------    d-----w-    c:\documents and settings\***current user***\local settings\application data\ChemTable Software
2014-01-05 11:55:51    --------    d-----w-    c:\documents and settings\***current user***\.android
2014-01-05 11:55:29    --------    d-----w-    c:\documents and settings\***current user***\application data\shoujizhushou
2014-01-05 11:55:26    --------    d-----w-    c:\documents and settings\***current user***\local settings\application data\Kingsoft
2014-01-04 08:32:11    --------    d-----w-    c:\documents and settings\all users.windows\application data\Trend Micro
2014-01-04 06:28:35    --------    d-s-a-r-    C:\cmdcons
2014-01-04 05:07:10    --------    d-----w-    c:\documents and settings\***current user***\local settings\application data\ToolwizCareFree
2014-01-03 14:20:53    --------    d-----w-    c:\documents and settings\***current user***\local settings\application data\Lunarsoft
2014-01-03 11:56:02    --------    d-s---w-    c:\documents and settings\***current user***\IECompatCache
2014-01-03 06:27:33    --------    d-----w-    c:\documents and settings\***current user***\application data\Returnil
2014-01-03 06:25:10    --------    d-----w-    c:\documents and settings\all users.windows\application data\Returnil
2013-12-31 12:33:57    --------    d-----w-    c:\program files\WindowsUpdate
2013-12-31 02:11:13    --------    d-----w-    c:\documents and settings\***current user***\local settings\application data\FreeFixer
2013-12-30 23:37:13    --------    d-----w-    c:\documents and settings\***current user***\local settings\application data\KSafe
2013-12-30 10:52:13    --------    d-s---w-    c:\documents and settings\all users.windows\application data\KRSHistory
2013-12-30 10:21:37    --------    d-----w-    c:\documents and settings\***current user***\application data\KSafe
2013-12-30 10:21:28    --------    d-----w-    c:\documents and settings\all users.windows\application data\kingsoft
2013-12-29 10:01:40    --------    d-----w-    c:\documents and settings\all users.windows\Immunet
2013-12-29 09:40:51    --------    d-----w-    c:\documents and settings\all users.windows\application data\AntiTracks
2013-12-29 05:21:03    --------    d-----w-    c:\documents and settings\all users.windows\application data\Spybot - Search & Destroy
2013-12-29 03:53:23    --------    d-----w-    c:\documents and settings\all users.windows\application data\abelhadigital.com
2013-12-28 12:19:01    --------    d-----w-    c:\documents and settings\all users.windows\application data\Doctor Web
2013-12-28 11:38:48    --------    d-----w-    C:\VundoFix Backups
2013-12-27 06:02:56    --------    d-----w-    c:\documents and settings\***current user***\application data\ism
2013-12-26 21:31:32    --------    d-----w-    c:\documents and settings\***current user***\local settings\application data\WiFi Guard
2013-12-26 09:37:02    --------    d-----w-    c:\documents and settings\***current user***\local settings\application data\360Amigo
2013-12-26 07:14:05    --------    d-----w-    c:\documents and settings\all users.windows\application data\ProcessLasso
2013-12-26 07:12:21    --------    d-----w-    c:\documents and settings\***current user***\local settings\application data\Identities
2013-12-26 03:50:43    --------    d-----w-    c:\documents and settings\all users.windows\application data\Cucusoft
2013-12-25 20:19:40    --------    d-----w-    c:\windows\Microsoft Antimalware
2013-12-25 08:53:41    --------    d-----w-    c:\documents and settings\all users.windows\application data\CounterPath
2013-12-25 08:51:50    --------    d-----w-    c:\documents and settings\***current user***\local settings\application data\CounterPath
2013-12-24 12:36:32    7760024    ------w-    c:\documents and settings\all users.windows\application data\microsoft\windows defender\definition updates\backup\mpengine.dll
2013-12-24 11:47:36    --------    d-----w-    c:\documents and settings\all users.windows\application data\RegRun
2013-12-24 11:45:32    2    --shatr-    c:\windows\winstart.bat
2013-12-24 11:06:45    1698408    ----a-r-    c:\windows\RtlExUpd.dll
2013-12-24 06:50:48    --------    d-----w-    c:\documents and settings\all users.windows\application data\Trusteer
2013-12-24 03:46:28    --------    d-----w-    c:\documents and settings\***current user***\local settings\application data\CutePDF Writer
2013-12-23 23:31:23    --------    d-s---w-    c:\documents and settings\***current user***\PrivacIE
2013-12-23 23:26:50    --------    d-----w-    c:\documents and settings\***current user***\local settings\application data\KeePass
2013-12-23 23:20:32    --------    d-----w-    c:\documents and settings\***current user***\local settings\application data\Ashampoo
2013-12-23 22:43:13    --------    d-----w-    c:\documents and settings\***current user***\local settings\application data\ORPALIS
2013-12-23 22:41:09    --------    d-----w-    c:\documents and settings\***current user***\local settings\application data\Downloaded Installations
2013-12-23 22:17:54    88656    ----a-w-    c:\windows\system32\cpwmon2k.dll
2013-12-23 06:43:33    --------    d-----w-    c:\documents and settings\***current user***\local settings\application data\AnVir
2013-12-23 06:09:10    --------    d-----w-    c:\documents and settings\***current user***\local settings\application data\ABR
2013-12-23 06:04:14    --------    d-----w-    c:\documents and settings\all users.windows\application data\{4C0DBD62-F011-4A41-B11D-BE5CFA6DEDD7}
2013-12-23 06:02:02    --------    d-----w-    c:\documents and settings\***current user***\local settings\application data\Seven Zip
2013-12-23 05:13:46    256000    ----a-w-    c:\windows\PEV.exe
2013-12-23 05:13:46    208896    ----a-w-    c:\windows\MBR.exe
2013-12-23 03:23:51    --------    d-----w-    c:\documents and settings\***current user***\application data\SUPERAntiSpyware.com
2013-12-23 03:23:23    --------    d-----w-    c:\documents and settings\all users.windows\application data\SUPERAntiSpyware.com
2013-12-22 11:55:27    --------    d-----w-    c:\documents and settings\***current user***\local settings\application data\ApplicationHistory
2013-12-22 11:45:24    --------    d-----w-    c:\documents and settings\***current user***\local settings\application data\PCHealth
2013-12-22 11:40:10    --------    d-sh--w-    c:\documents and settings\***current user***\IETldCache
2013-12-22 11:35:04    --------    d-----w-    c:\documents and settings\all users.windows\application data\Package Cache
2013-12-22 11:01:37    61440    ----a-w-    c:\windows\ContextMenuExt.dll
2013-12-22 09:10:26    --------    d-----w-    c:\windows\$hf_mig$
2013-12-22 01:40:06    --------    d-----w-    c:\documents and settings\all users.windows\application data\Anvisoft
2013-12-22 00:42:38    --------    d-----w-    c:\documents and settings\***current user***\local settings\application data\Mozilla
2013-12-21 03:19:06    --------    d-----w-    c:\documents and settings\all users.windows\application data\Adtrustmedia
2013-12-21 02:48:58    --------    d-----w-    c:\documents and settings\***current user***\local settings\application data\Free_Empty_Folder_Delete
2013-12-21 02:23:00    --------    d-----w-    c:\documents and settings\***current user***\local settings\application data\Remove_Empty_Directories
2013-12-21 01:50:23    --------    d-----w-    c:\documents and settings\***current user***\local settings\application data\Karen's Power Tools
2013-12-21 01:49:11    --------    d-----w-    c:\documents and settings\all users.windows\application data\Karen's Power Tools
2013-12-20 16:49:20    --------    d-----w-    c:\documents and settings\***current user***\SecurityScans
2013-12-20 16:49:20    --------    d-----w-    c:\documents and settings\***current user***\profile
2013-12-20 16:48:09    --------    d-----w-    c:\documents and settings\***current user***\Mozilla
2013-12-20 16:48:09    --------    d-----w-    c:\documents and settings\***current user***\Immunet
2013-12-20 16:48:09    --------    d-----w-    c:\documents and settings\***current user***\Downloads
2013-12-20 16:47:18    --------    d-----w-    c:\documents and settings\***current user***\Doctor Web
2013-12-20 16:44:46    --------    d-----w-    c:\documents and settings\***current user***\application data\StartMenuX
2013-12-20 16:43:27    --------    d-----w-    c:\documents and settings\***current user***\application data\Risingware
2013-12-20 16:43:27    --------    d-----w-    c:\documents and settings\***current user***\application data\Registry_Alert
2013-12-20 16:43:27    --------    d-----w-    c:\documents and settings\***current user***\application data\Recover Files Platinum
2013-12-20 16:41:36    --------    d-----w-    c:\documents and settings\***current user***\application data\Moonchild Productions
2013-12-20 16:41:36    --------    d-----w-    c:\documents and settings\***current user***\application data\Moon Software
2013-12-20 16:41:36    --------    d-----w-    c:\documents and settings\***current user***\application data\minuscule
2013-12-20 16:41:36    --------    d-----w-    c:\documents and settings\***current user***\application data\MicroWorld
2013-12-20 16:41:29    --------    d-----w-    c:\documents and settings\***current user***\application data\Memeo
2013-12-20 16:41:28    --------    d-----w-    c:\documents and settings\***current user***\application data\Maxthon3
2013-12-20 16:41:28    --------    d-----w-    c:\documents and settings\***current user***\application data\MAXACookie
2013-12-20 16:41:28    --------    d-----w-    c:\documents and settings\***current user***\application data\MatSpoon
2013-12-20 16:36:43    --------    d-----w-    c:\documents and settings\***current user***\application data\Epic
2013-12-20 16:35:46    --------    d-----w-    c:\documents and settings\***current user***\application data\Avant Profiles
2013-12-20 09:16:09    --------    d-----w-    c:\documents and settings\***current user***\local settings\application data\GHISLER
2013-12-20 08:59:13    17488    ----a-w-    c:\windows\gdrv.sys
2013-12-20 08:29:23    1493608    ----a-w-    c:\windows\RtlUpd.exe
2013-12-20 08:29:22    64104    ----a-w-    c:\windows\ALCMTR.EXE
2013-12-20 08:29:22    2815592    ----a-w-    c:\windows\ALCWZRD.EXE
2013-12-20 08:29:20    9721960    ----a-w-    c:\windows\RTLCPL.EXE
2013-12-20 08:29:20    84584    ----a-w-    c:\windows\SOUNDMAN.EXE
2013-12-20 08:29:19    359016    ----a-w-    c:\windows\vncutil.exe
2013-12-20 08:29:19    129640    ----a-w-    c:\windows\RtkAudioService.exe
2013-12-20 08:29:18    2180712    ----a-w-    c:\windows\MicCal.exe
2013-12-20 08:29:18    1833576    ----a-w-    c:\windows\SkyTel.exe
2013-12-20 08:29:14    20064872    ----a-w-    c:\windows\RTHDCPL.EXE
2013-12-20 08:10:51    17488    ----a-w-    c:\windows\etdrv.sys
2013-12-20 08:03:03    5632    ----a-w-    c:\program files\common files\installshield\professional\runtime\11\00\intel32\DotNetInstaller.exe
2013-12-20 07:53:42    --------    d-----w-    c:\program files\AMD
2013-12-20 07:19:06    --------    d-----w-    c:\documents and settings\***current user***\local settings\application data\ATI
2013-12-20 07:16:46    0    ----a-w-    c:\windows\ativpsrm.bin
2013-12-20 07:16:37    909312    ----a-w-    c:\windows\system32\ati2cqag.dll
2013-12-20 07:16:36    3586816    ----a-w-    c:\windows\system32\ativvaxx.dll
2013-12-20 07:16:35    306176    ----a-w-    c:\windows\system32\ati2dvag.dll
2013-12-20 07:16:35    192512    ----a-w-    c:\windows\system32\ati2evxx.dll
2013-12-20 07:16:34    634880    ----a-w-    c:\windows\system32\atiok3x2.dll
2013-12-20 07:16:33    5336480    ----a-w-    c:\windows\system32\ati3duag.dll
2013-12-20 07:16:33    233472    ----a-w-    c:\windows\system32\atiadlxx.dll
2013-12-20 07:16:32    835584    ----a-w-    c:\windows\system32\atikvmag.dll
2013-12-20 06:29:04    --------    d-----w-    c:\documents and settings\all users.windows\application data\9-lab
2013-12-20 03:36:01    89088    ----a-w-    c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2013-12-20 03:10:03    207400    ----a-r-    c:\windows\GSetup.exe
2013-12-19 23:42:08    --------    d-----w-    c:\documents and settings\all users.windows\application data\Malwarebytes
2013-12-19 23:41:49    --------    d-----w-    c:\documents and settings\all users.windows\application data\Malwarebytes' Anti-Malware (portable)
2013-12-19 13:22:50    --------    d-s---w-    c:\documents and settings\all users.windows\DRM
2013-12-19 13:21:48    6656    ----a-w-    c:\windows\system32\wuauserv.dll
2013-12-19 13:21:46    402432    ----a-w-    c:\program files\movie maker\WMM2FILT.dll
2013-12-19 13:21:23    16896    ----a-w-    c:\windows\system32\fltlib.dll
2013-12-19 13:21:22    73472    ----a-w-    c:\windows\system32\drivers\sr.sys
2013-12-19 13:21:22    171008    ----a-w-    c:\windows\system32\srsvc.dll
2013-12-19 13:21:19    274944    ----a-w-    c:\windows\system32\mstask.dll
2013-12-19 13:20:22    33792    ----a-w-    c:\program files\messenger\custsat.dll
2013-12-19 13:20:01    45568    ----a-w-    c:\windows\system32\wbem\xml\wmi2xml.dll
2013-12-19 12:15:19    --------    d-----w-    c:\windows\system32\wbem\repository\FS
2013-12-19 12:15:19    --------    d-----w-    c:\windows\system32\wbem\Repository
2013-12-19 05:26:10    --------    d-----w-    C:\I386
2013-12-14 09:25:29    --------    d-----w-    c:\windows\system32\drivers\disdn
2013-12-11 09:23:12    --------    d-----w-    c:\program files\ATI
2013-12-11 06:40:39    --------    d-----w-    c:\program files\WinPcap
2013-12-10 20:20:45    --------    d-----w-    C:\How to Backup the Services Configuration
2013-12-10 03:32:57    --------    d-----w-    c:\program files\Common-Use Signing Interface
2013-12-10 03:31:47    --------    d-----w-    c:\program files\ECIClientV6
2013-12-09 00:31:16    --------    d-----w-    c:\program files\Argente - Registry Cleaner
2013-12-08 02:52:02    --------    d-----w-    C:\Free IObit Malware Fighter 2 PRO
2013-12-06 04:36:40    --------    dc-h--w-    c:\windows\ie8
2013-12-06 04:20:29    --------    d-----w-    c:\program files\ATI Technologies
2013-12-04 12:07:18    --------    d-----w-    C:\Windows Script 5.7 for Windows XP
2013-12-01 18:33:20    --------    d-----w-    C:\Windows Recovery Console
2013-11-30 06:21:51    618605    ----a-w-    c:\program files\common files\microsoft shared\web server extensions\40\bin\fp4autl.dll
2013-11-28 11:16:27    --------    d-----w-    c:\program files\AdTrustMedia
2013-11-21 09:37:17    343760    ----a-w-    C:\ESETSirefefCleaner.exe

.
==================== Find6M  ====================
.
2013-11-26 02:25:54    230048    ------w-    c:\windows\system32\MpSigStub.exe
2013-11-16 12:02:57    381    ----a-w-    C:\HKEY_LOCAL_MACHINE SOFTWARE Microsoft Secuity Center IWbemServices.reg
2013-11-06 09:08:50    1904    ----a-w-    C:\HKEY_LOCAL_MACHINE SOFTWARE Microsoft Secuity Center.reg
2013-11-05 11:50:48    120600    ----a-w-    c:\windows\system32\drivers\avgdiskx.sys
2013-11-04 11:57:30    209176    ----a-w-    c:\windows\system32\drivers\avgidsdriverx.sys
2013-10-31 13:00:28    176952    ----a-w-    c:\windows\system32\drivers\avgldx86.sys
2013-10-31 12:30:08    222520    ----a-w-    c:\windows\system32\drivers\avglogx.sys
2013-10-24 12:28:32    147768    ----a-w-    c:\windows\system32\drivers\avgidshx.sys
2013-10-22 11:01:37    8642984    ----a-w-    C:\handy-start-menu-setup.exe
2013-09-29 20:52:40    4119392    ----a-w-    C:\tdsskiller.exe
2013-09-16 14:57:26    22840    ----a-w-    c:\windows\system32\drivers\avgidsshimx.sys
2013-09-09 14:43:20    27448    ----a-w-    c:\windows\system32\drivers\avgrkx86.sys
2013-08-03 04:18:38    1543680    ----a-w-    c:\windows\system32\wmvdecod.dll
2013-08-01 06:08:52    193848    ----a-w-    c:\windows\system32\drivers\avgtdix.sys
2003-09-23 13:47:42    403    ----a-w-    c:\program files\REGFIX.REG
.
============= FINISH:  3:13:33.03 ===============
 

 

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,731 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:40 PM

Posted 22 January 2014 - 01:05 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/521137 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,442 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:40 PM

Posted 30 January 2014 - 09:34 AM

Greetings plox and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far and I apologize for the extended delay. Please run this program for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,442 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:40 PM

Posted 02 February 2014 - 06:39 PM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,442 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:40 PM

Posted 04 February 2014 - 09:08 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users