Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

audio ads- found backdoor bot and pup.optional regclean pro


  • This topic is locked This topic is locked
44 replies to this topic

#1 hapybus

hapybus

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:08:15 PM

Posted 03 April 2014 - 04:32 PM

I am not being successful at eliminating the audio ads

Attached Files

  • Attached File  dds.txt   14.35KB   2 downloads


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:15 PM

Posted 03 April 2014 - 11:10 PM




Hello hapybus

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




Malwarebytes Anti-Rootkit

1.Download Malwarebytes Anti-Rootkit
2.Unzip the contents to a folder in a convenient location.
3.Open the folder where the contents were unzipped and run mbar.exe
4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.
6.Wait while the system shuts down and the cleanup process is performed.
7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
  • •Internet access
    •Windows Update
    •Windows Firewall
9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.
10.Verify that your system is now functioning normally.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 hapybus

hapybus
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:08:15 PM

Posted 04 April 2014 - 07:44 AM

Hello Gringo and Thank you.. I am in the midst of our first reboot after initial rootkit scan.  7 objects found most of which was backdoor orientated  will let you know as we proceed



#4 hapybus

hapybus
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:08:15 PM

Posted 04 April 2014 - 07:46 AM

it appears the system attempted to reboot, I witnessed the shut down and the windows logo appear, upon return to the unit it was shut down. 



#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:15 PM

Posted 04 April 2014 - 07:49 AM

will it start up?
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 hapybus

hapybus
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:08:15 PM

Posted 04 April 2014 - 08:54 AM

it has started we are running a new scan, however still have audio playing



#7 hapybus

hapybus
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:08:15 PM

Posted 04 April 2014 - 09:24 AM

new scan complete.  No issues found.  I do not see a "fixdamage" tool... we also continue to have the issue of audio playing



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:15 PM

Posted 04 April 2014 - 10:06 AM


Hello hapybus



Please download Farbar Recovery Scan Tool and save it to your desktop.


Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 hapybus

hapybus
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:08:15 PM

Posted 04 April 2014 - 10:31 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014&nbsp; 01
Ran by Mail Sort (administrator) on MAILSORT-PC on 04-04-2014 11:23:52
Running from C:\Users\Mail Sort\Desktop\GRINGO
Microsoft Windows 7 Professional&nbsp; (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\STacSV.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Validity Sensors, Inc.) C:\Windows\system32\vcsFPService.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpHostW.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\aestsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Threat Expert Ltd.) C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
(Broadcom Corporation.) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
() C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe
(pdfforge GbR) C:\Program Files\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files\PDF Architect\ConversionService.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(PC Tools) C:\Program Files\PC Tools Security\pctsAuxs.exe
(PC Tools) C:\Program Files\PC Tools Security\pctsSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(PC Tools) C:\Program Files\PC Tools Security\pctsGui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
() C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpAgent.exe
(Microsoft) C:\dell\DBRM\Reminder\DbrmTrayicon.exe
(Sanford, L.P.) C:\Program Files\DYMO\DYMO Label Software\DLSService.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(PC Tools) C:\Program Files\PC Tools Security\TFEngine\TFService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_77_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
(Intuit Inc.) C:\Program Files\Intuit\QuickBooks 2009\qbw32.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Intuit, Inc.) C:\Program Files\Intuit\QuickBooks 2009\QBDBMgr.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1602856 2010-01-07] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [495708 2010-04-06] (IDT, Inc.)
HKLM\...\Run: [FreeFallProtection] - C:\Program Files\STMicroelectronics\Accelerometer\FF_Protection.exe [2384896 2009-07-22] ()
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13838952 2010-05-07] (NVIDIA Corporation)
HKLM\...\Run: [DpAgent] - C:\Program Files\DigitalPersona\Bin\dpagent.exe [842816 2009-05-12] (DigitalPersona, Inc.)
HKLM\...\Run: [DBRMTray] - C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [203776 2009-11-11] (Microsoft)
HKLM\...\Run: [PCTools FGuard] - C:\Program Files\PC Tools Security\BDT\FGuard.exe
HKLM\...\Run: [DLSService] - C:\Program Files\DYMO\DYMO Label Software\DLSService.exe [55808 2009-10-28] (Sanford, L.P.)
HKLM\...\Run: [ISTray] - C:\Program Files\PC Tools Security\pctsGui.exe [2673624 2012-06-22] (PC Tools)
HKLM\...\Run: [StartNowToolbarHelper] - &quot;C:\Program Files\StartNow Toolbar\ToolbarHelper.exe&quot;
HKLM\...\Run: [] - [X]
HKLM\...\Run: [SearchSettings] - C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe [922976 2011-12-13] (Spigot, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====&gt; ZeroAccess?
HKU\S-1-5-19\...\Run: [{96CB71DC-0171-4998-BE59-ABCAA62598B9}] - rundll32 &quot;C:\Users\Mail Sort\AppData\Local\Deployment\{96CB71DC-0171-4998-BE59-ABCAA62598B9}\mzhbolx.dll&quot;,NVDisplayCoInstallW &lt;===== ATTENTION
HKU\S-1-5-21-391828723-2345064480-2788400274-1000\...\Run: [Facebook Update] - C:\Users\Mail Sort\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-09-04] (Facebook Inc.)
HKU\S-1-5-21-391828723-2345064480-2788400274-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-391828723-2345064480-2788400274-1000\...\MountPoints2: {05f9d802-a094-11df-840a-806e6f6e6963} - D:\RunEpson.exe
Lsa: [Notification Packages] scecli DPPWDFLT
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1
URLSearchHook: HKCU - (No Name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} -&nbsp; No File
URLSearchHook: HKCU - PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKCU - DefaultScope {5D92E0D1-D868-4698-8C8E-2BACAC5413BB} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&amp;ei=utf-8&amp;ilc=12&amp;type=827316&amp;p={searchTerms}
SearchScopes: HKCU - {5D92E0D1-D868-4698-8C8E-2BACAC5413BB} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&amp;ei=utf-8&amp;ilc=12&amp;type=827316&amp;p={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {91290A9B-1EF0-4EC2-933D-14D2265DE1CC} URL =
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: PC Tools Browser Guard BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
BHO: DigitalPersona Fingerprint Software Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO: StartNow Toolbar Helper - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll No File
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: No Name - {B922D405-6D13-4A2B-AE89-08A030DA4402} -&nbsp; No File
BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
Toolbar: HKLM - StartNow Toolbar - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll No File
Toolbar: HKLM - FromDocToPDF - {c66a678d-5e6c-4af9-8f57-c6192f42cf74} - C:\Program Files\FromDocToPDF_65\bar\1.bin\65bar.dll No File
Toolbar: HKLM - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -&nbsp; No File
Toolbar: HKCU - PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} https://pattcw.att.motive.com/wizlet/EmailConfig/static/installer/ATTEmailUpdater.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Winsock: Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: &quot;hxxp://www.google.com/&quot;
CHR Extension: (Docs) - C:\Users\Mail Sort\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-12]
CHR Extension: (Google Drive) - C:\Users\Mail Sort\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-12]
CHR Extension: (YouTube) - C:\Users\Mail Sort\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-12]
CHR Extension: (Google Search) - C:\Users\Mail Sort\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-12]
CHR Extension: (Google Wallet) - C:\Users\Mail Sort\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-12]
CHR Extension: (Gmail) - C:\Users\Mail Sort\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-12]
========================== Services (Whitelisted) =================
R2 Browser Defender Update Service; C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe [575448 2012-06-22] (Threat Expert Ltd.)
R2 InstallFilterService; C:\Program Files\STMicroelectronics\Accelerometer\InstallFilterService.exe [60928 2009-11-29] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [235696 2014-01-15] (McAfee, Inc.)
R2 MSSQL$ACT7; C:\Program Files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe [42884448 2010-05-05] (Microsoft Corporation)
R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)
R2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2011-06-30] (Intuit Inc.)
S2 Sage ACT! Scheduler; C:\Program Files\ACT\Act for Windows\Act.Scheduler.exe [81920 2010-11-11] (Sage Software, Inc.)
R2 sdAuxService; C:\Program Files\PC Tools Security\pctsAuxs.exe [402368 2012-06-22] (PC Tools)
R2 sdCoreService; C:\Program Files\PC Tools Security\pctsSvc.exe [1118680 2012-06-22] (PC Tools)
S4 SQLAgent$ACT7; C:\Program Files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE [367456 2010-05-05] (Microsoft Corporation)
S2 SupportSoft RemoteAssist; C:\Program Files\Common Files\supportsoft\bin\ssrc.exe [386424 2010-02-24] (SupportSoft, Inc.)
R3 ThreatFire; C:\Program Files\PC Tools Security\TFEngine\TFService.exe [71008 2012-06-22] (PC Tools)
R2 vcsFPService; C:\Windows\system32\vcsFPService.exe [1656112 2009-07-12] (Validity Sensors, Inc.)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [4539392 2010-08-05] (Dell Inc.)
==================== Drivers (Whitelisted) ====================
R3 Acceler; C:\Windows\System32\DRIVERS\Acceler.sys [41648 2009-12-02] (ST Microelectronics)
R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2010-08-05] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2010-06-23] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2010-06-23] (Printing Communications Assoc., Inc. (PCAUSA))
R3 PCTBD; C:\Windows\System32\Drivers\PCTBD.sys [70768 2012-06-22] (PC Tools)
R0 PCTCore; C:\Windows\System32\drivers\PCTCore.sys [383368 2012-04-23] (PC Tools)
R0 pctDS; C:\Windows\System32\drivers\pctDS.sys [342168 2012-02-28] (PC Tools)
R0 pctEFA; C:\Windows\System32\drivers\pctEFA.sys [909728 2012-02-28] (PC Tools)
R1 pctgntdi; C:\Windows\System32\drivers\pctgntdi.sys [254944 2012-06-22] (PC Tools)
R3 pctplsg; C:\Windows\System32\drivers\pctplsg.sys [70568 2012-06-22] (PC Tools)
R1 PCTSD; C:\Windows\System32\Drivers\PCTSD.sys [203120 2012-06-22] (PC Tools)
R2 risdpcie; C:\Windows\System32\DRIVERS\risdpe86.sys [49152 2009-06-30] (REDC)
R2 rixdpcie; C:\Windows\System32\DRIVERS\rixdpe86.sys [38400 2009-07-04] (REDC)
S4 RsFx0150; C:\Windows\System32\DRIVERS\RsFx0150.sys [240608 2010-04-03] (Microsoft Corporation)
R0 TfFsMon; C:\Windows\System32\drivers\TfFsMon.sys [54328 2012-06-22] (PC Tools)
R3 TfNetMon; C:\Windows\system32\drivers\TfNetMon.sys [35264 2012-06-22] (PC Tools)
R0 TfSysMon; C:\Windows\System32\drivers\TfSysMon.sys [574424 2012-06-22] (PC Tools)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [165376 2010-08-05] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [55040 2010-08-05] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-08-05] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [295128 2009-12-01] (Microsoft Corporation)
U3 .PCTSD; \? [X]
S3 Afc; system32\drivers\Afc.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========
2014-04-04 11:21 - 2014-04-04 11:23 - 00000000 ____D () C:\FRST
2014-04-04 09:47 - 2014-04-04 10:18 - 00000000 ____D () C:\Users\Mail Sort\Desktop\mbar
2014-04-04 08:04 - 2014-04-04 10:18 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-04-04 08:03 - 2014-04-04 10:20 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-04 08:01 - 2014-04-04 11:23 - 00000000 ____D () C:\Users\Mail Sort\Desktop\GRINGO
2014-04-03 17:26 - 2014-04-03 17:39 - 00017968 _____ () C:\Users\Mail Sort\Desktop\attach.txt
2014-04-03 17:26 - 2014-04-03 17:28 - 00014693 _____ () C:\Users\Mail Sort\Desktop\dds.txt
2014-04-03 17:23 - 2014-04-03 17:23 - 00688992 ____R (Swearware) C:\Users\Mail Sort\Desktop\dds.com
2014-04-03 08:24 - 2014-04-04 09:48 - 00107224 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-04-03 08:23 - 2014-04-03 08:23 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Mail Sort\Desktop\mb3-setup-1878.1878-3.5.1.2522.exe
2014-04-03 08:07 - 2014-04-03 08:07 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Mail Sort\Desktop\iExplore2.exe
2014-04-03 07:57 - 2014-04-03 08:11 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Mail Sort\Desktop\iexplore.exe
2014-04-02 21:49 - 2014-04-02 21:50 - 00018944 ___SH () C:\Users\Mail Sort\AppData\Roaming\Thumbs.db
2014-04-02 20:28 - 2014-04-02 20:28 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-04-02 19:56 - 2014-04-03 08:14 - 00003994 _____ () C:\Users\Mail Sort\Desktop\Rkill.txt
2014-04-02 19:38 - 2014-04-02 20:28 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-04-02 13:12 - 2014-04-02 13:12 - 01805736 _____ (Symantec Corporation) C:\Users\Mail Sort\Desktop\FixZeroAccess.exe
2014-04-02 10:04 - 2014-04-04 09:55 - 00000090 _____ () C:\Windows\system32\smdmg.cnp
2014-04-02 09:35 - 2014-04-02 09:35 - 00000064 _____ () C:\Windows\system32\hpdstkk.iyn
2014-04-02 09:35 - 2014-04-02 09:35 - 00000000 _____ () C:\Windows\system32\vjkldft.isr
2014-04-01 11:10 - 2014-04-01 11:10 - 00299344 ____S () C:\Windows\system32\qxucf.scp
2014-03-26 14:11 - 2014-03-26 14:11 - 00000000 ____D () C:\Users\Mail Sort\AppData\Local\{35917AC9-235E-4A0E-8F84-DE2BE71FF12D}
2014-03-13 09:53 - 2014-03-13 09:53 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-03-12 18:14 - 2014-03-25 10:58 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-03-12 18:14 - 2014-03-13 09:53 - 00001974 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-03-12 18:14 - 2014-03-12 18:14 - 00001951 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-03-12 18:14 - 2014-03-12 18:14 - 00000000 ____D () C:\ProgramData\McAfee
2014-03-12 18:09 - 2014-03-17 10:13 - 00002091 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
==================== One Month Modified Files and Folders =======
2014-04-04 11:23 - 2014-04-04 11:21 - 00000000 ____D () C:\FRST
2014-04-04 11:23 - 2014-04-04 08:01 - 00000000 ____D () C:\Users\Mail Sort\Desktop\GRINGO
2014-04-04 11:19 - 2009-07-14 00:55 - 01556298 _____ () C:\Windows\WindowsUpdate.log
2014-04-04 11:15 - 2011-05-02 10:52 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-04 10:48 - 2012-04-04 08:58 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-04 10:45 - 2011-01-10 11:44 - 00001786 ___SH () C:\ProgramData\KGyGaAvL.sys
2014-04-04 10:32 - 2013-09-04 13:27 - 00000944 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-391828723-2345064480-2788400274-1000UA.job
2014-04-04 10:20 - 2014-04-04 08:03 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-04 10:18 - 2014-04-04 09:47 - 00000000 ____D () C:\Users\Mail Sort\Desktop\mbar
2014-04-04 10:18 - 2014-04-04 08:04 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-04-04 10:15 - 2011-05-02 10:52 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-04 09:55 - 2014-04-02 10:04 - 00000090 _____ () C:\Windows\system32\smdmg.cnp
2014-04-04 09:53 - 2010-08-05 07:34 - 08405876 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-04 09:53 - 2009-07-14 00:34 - 00014256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-04 09:53 - 2009-07-14 00:34 - 00014256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-04 09:48 - 2014-04-03 08:24 - 00107224 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-04-04 09:47 - 2010-10-12 13:04 - 02214611 _____ () C:\Windows\system32\Drivers\Cat.DB
2014-04-04 09:47 - 2010-10-12 13:03 - 00000000 ____D () C:\Program Files\PC Tools Security
2014-04-04 09:46 - 2010-10-11 09:40 - 00113664 _____ () C:\Users\Mail Sort\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-04 09:45 - 2013-03-12 11:27 - 00019892 _____ () C:\Windows\setupact.log
2014-04-04 09:45 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-04 08:41 - 2010-08-05 09:19 - 00106544 _____ () C:\Windows\PFRO.log
2014-04-04 08:35 - 2009-07-13 22:37 - 00000000 _SHDC () C:\Windows\$NtUninstallKB33979$
2014-04-03 17:39 - 2014-04-03 17:26 - 00017968 _____ () C:\Users\Mail Sort\Desktop\attach.txt
2014-04-03 17:28 - 2014-04-03 17:26 - 00014693 _____ () C:\Users\Mail Sort\Desktop\dds.txt
2014-04-03 17:23 - 2014-04-03 17:23 - 00688992 ____R (Swearware) C:\Users\Mail Sort\Desktop\dds.com
2014-04-03 08:23 - 2014-04-03 08:23 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Mail Sort\Desktop\mb3-setup-1878.1878-3.5.1.2522.exe
2014-04-03 08:14 - 2014-04-02 19:56 - 00003994 _____ () C:\Users\Mail Sort\Desktop\Rkill.txt
2014-04-03 08:11 - 2014-04-03 07:57 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Mail Sort\Desktop\iexplore.exe
2014-04-03 08:07 - 2014-04-03 08:07 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Mail Sort\Desktop\iExplore2.exe
2014-04-02 21:50 - 2014-04-02 21:49 - 00018944 ___SH () C:\Users\Mail Sort\AppData\Roaming\Thumbs.db
2014-04-02 20:28 - 2014-04-02 20:28 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-04-02 20:28 - 2014-04-02 19:38 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-04-02 18:58 - 2011-08-31 15:22 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-04-02 13:32 - 2013-09-04 13:27 - 00000922 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-391828723-2345064480-2788400274-1000Core.job
2014-04-02 13:12 - 2014-04-02 13:12 - 01805736 _____ (Symantec Corporation) C:\Users\Mail Sort\Desktop\FixZeroAccess.exe
2014-04-02 09:35 - 2014-04-02 09:35 - 00000064 _____ () C:\Windows\system32\hpdstkk.iyn
2014-04-02 09:35 - 2014-04-02 09:35 - 00000000 _____ () C:\Windows\system32\vjkldft.isr
2014-04-01 11:10 - 2014-04-01 11:10 - 00299344 ____S () C:\Windows\system32\qxucf.scp
2014-03-27 13:26 - 2011-07-09 09:27 - 00001950 _____ () C:\Users\Mail
2014-03-27 13:26 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-26 14:11 - 2014-03-26 14:11 - 00000000 ____D () C:\Users\Mail Sort\AppData\Local\{35917AC9-235E-4A0E-8F84-DE2BE71FF12D}
2014-03-26 14:11 - 2010-10-28 08:58 - 00000000 ____D () C:\Users\Mail Sort\AppData\Local\Windows Live
2014-03-25 14:08 - 2013-08-04 15:44 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-25 14:04 - 2010-10-15 16:02 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-25 11:02 - 2010-10-08 16:04 - 00000000 ____D () C:\Users\Mail Sort
2014-03-25 10:59 - 2011-01-10 11:31 - 00000000 ____D () C:\Users\Administrator
2014-03-25 10:58 - 2014-03-12 18:14 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-03-25 10:58 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\registration
2014-03-25 10:58 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\AppCompat
2014-03-20 16:35 - 2010-10-22 16:29 - 00000000 ____D () C:\Users\Mail Sort\Documents\COPCC
2014-03-17 10:13 - 2014-03-12 18:09 - 00002091 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-13 09:53 - 2014-03-13 09:53 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-03-13 09:53 - 2014-03-12 18:14 - 00001974 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-03-13 09:29 - 2010-08-05 07:45 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-12 18:19 - 2010-10-11 19:36 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-12 18:14 - 2014-03-12 18:14 - 00001951 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-03-12 18:14 - 2014-03-12 18:14 - 00000000 ____D () C:\ProgramData\McAfee
2014-03-12 18:14 - 2011-07-05 07:04 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-03-12 18:14 - 2010-10-13 15:05 - 00000000 ____D () C:\ProgramData\Adobe
2014-03-12 18:14 - 2010-10-13 15:05 - 00000000 ____D () C:\Program Files\Adobe
2014-03-12 18:10 - 2010-10-13 15:04 - 00000000 ____D () C:\Users\Mail Sort\AppData\Local\Adobe
2014-03-12 18:09 - 2011-05-02 10:51 - 00000000 ____D () C:\Users\Mail Sort\AppData\Local\Google
2014-03-12 18:09 - 2011-05-02 10:51 - 00000000 ____D () C:\Program Files\Google
2014-03-11 14:48 - 2012-04-04 08:57 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-03-11 14:48 - 2011-07-05 07:02 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
Some content of TEMP:
====================
C:\Users\Mail Sort\AppData\Local\Temp\bttoi9xw.dll
C:\Users\Mail Sort\AppData\Local\Temp\ose00000.exe

==================== Bamital &amp; volsnap Check =================
C:\Windows\explorer.exe =&gt; MD5 is legit
C:\Windows\system32\winlogon.exe =&gt; MD5 is legit
C:\Windows\system32\wininit.exe =&gt; MD5 is legit
C:\Windows\system32\svchost.exe =&gt; MD5 is legit
C:\Windows\system32\services.exe =&gt; MD5 is legit
C:\Windows\system32\User32.dll =&gt; MD5 is legit
C:\Windows\system32\userinit.exe =&gt; MD5 is legit
C:\Windows\system32\rpcss.dll
[2009-07-13 19:45] - [2009-07-13 21:16] - 0377856 ____A (Microsoft Corporation) 830069C9C93B79361A3CE829872DD6A4
&nbsp;ATTENTION ======&gt; If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\system32\Drivers\volsnap.sys =&gt; MD5 is legit

LastRegBack: 2014-04-01 10:35
==================== End Of Log ============================

#10 hapybus

hapybus
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:08:15 PM

Posted 04 April 2014 - 11:27 AM

wow this strong... I disconnected from the internet, disabled wireless, and the audio continues.  Weird!!



#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:15 PM

Posted 05 April 2014 - 03:57 AM


Hello hapybus

Ok lets see if we can find a replacement for the infected file

run FRST like you did before

Type the following in the edit box after "Search:".

rpcss.dll

It then should look like:

Search: rpcss.dll

Click Search button and post the log (Search.txt) it makes to your reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 hapybus

hapybus
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:08:15 PM

Posted 05 April 2014 - 08:16 AM

Farbar Recovery Scan Tool (x86) Version: 13-03-2014  01
Ran by Mail Sort at 2014-04-05 09:11:49
Running from C:\Users\Mail Sort\Desktop\GRINGO
Boot Mode: Normal

================== Search: "rpcss.dll" ===================

C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_69a1321f9f3393ad\rpcss.dll
[2009-07-13 19:45] - [2009-07-13 21:16] - 0376320 ____A (Microsoft Corporation) B82CD39E336973359D7C9BF911E8E84F

C:\Windows\System32\rpcss.dll
[2009-07-13 19:45] - [2009-07-13 21:16] - 0377856 ____A (Microsoft Corporation) 830069C9C93B79361A3CE829872DD6A4

=== End Of Search ===



#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:15 PM

Posted 05 April 2014 - 12:23 PM

Hello hapybus



I need you to download this script I have made for you --> Attached File  fixlist.txt   773bytes   3 downloads

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

Run FRST again but this time press the Fix button just once and wait.


When finished, it will make a log (fixlog.txt) next to FRST. Please copy and paste the content of this file to your reply.


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 hapybus

hapybus
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:08:15 PM

Posted 05 April 2014 - 03:37 PM

well I made a mistake... I selected scan as opposed to fix... can I just run the fix?



#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:15 PM

Posted 05 April 2014 - 03:38 PM

yes just run the fix


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users