Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Log from combofix


  • Please log in to reply
3 replies to this topic

#1 oc.garcia

oc.garcia

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:31 PM

Posted 16 May 2014 - 06:31 PM

I ran combofix and this is the log: 

 

ComboFix 14-05-16.01 - Wellcom 16/05/2014  17:24:40.2.2 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.52.3082.18.3688.1909 [GMT -5:00]
Running from: D:\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-04-16 to 2014-05-16  )))))))))))))))))))))))))))))))
.
.
2014-05-16 22:42 . 2014-05-16 22:42 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2014-05-16 22:42 . 2014-05-16 22:42 -------- d-----w- c:\users\Wellcom1\AppData\Local\temp
2014-05-16 22:42 . 2014-05-16 22:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-16 22:42 . 2014-05-16 22:42 -------- d-----w- c:\users\Administrador\AppData\Local\temp
2014-05-16 22:04 . 2014-05-16 22:04 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B23155A1-1D4F-49AA-BEF1-89CA1E15485C}\offreg.dll
2014-05-16 22:04 . 2014-04-17 10:31 10651704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B23155A1-1D4F-49AA-BEF1-89CA1E15485C}\mpengine.dll
2014-05-15 15:50 . 2014-05-06 04:40 23544320 ----a-w- c:\windows\system32\mshtml.dll
2014-05-15 15:50 . 2014-05-06 03:00 84992 ----a-w- c:\windows\system32\mshtmled.dll
2014-05-15 15:50 . 2014-05-06 04:17 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-15 15:50 . 2014-05-06 03:07 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-05-14 22:05 . 2014-05-14 22:07 -------- d-----w- C:\inventory
2014-05-14 21:53 . 2014-03-04 09:44 86528 ----a-w- c:\windows\system32\TSpkg.dll
2014-05-07 22:01 . 2014-05-15 15:54 -------- d-s---w- c:\windows\system32\CompatTel
2014-05-07 21:44 . 2012-02-11 13:43 253016 ----a-w- c:\windows\system32\SQSRVRES.DLL
2014-05-02 17:52 . 2014-05-02 17:52 -------- d-----w- c:\users\Wellcom.Furier\AppData\Local\Microsoft_Corporation
2014-05-02 17:50 . 2014-05-02 17:50 -------- d-----w- c:\users\ReportServer$WELLDB
2014-05-02 17:48 . 2014-05-15 15:59 -------- d-----w- c:\users\MSSQLFDLauncher$WELLDB
2014-05-02 17:48 . 2014-05-15 15:31 -------- d-----w- c:\users\MSSQL$WELLDB
2014-05-02 17:44 . 2012-02-11 15:03 46168 ----a-w- c:\windows\SysWow64\perf-ReportServer$WELLDB-rsctr11.0.2100.60.dll
2014-05-02 17:44 . 2012-02-11 13:44 55384 ----a-w- c:\windows\system32\perf-ReportServer$WELLDB-rsctr11.0.2100.60.dll
2014-05-02 17:44 . 2012-02-11 15:02 45656 ----a-w- c:\windows\SysWow64\perf-MSSQL11.WELLDB-sqlagtctr.dll
2014-05-02 17:44 . 2012-02-11 13:44 54360 ----a-w- c:\windows\system32\perf-MSSQL11.WELLDB-sqlagtctr.dll
2014-05-02 17:43 . 2012-02-11 15:03 82520 ----a-w- c:\windows\SysWow64\perf-MSSQL$WELLDB-sqlctr11.0.2100.60.dll
2014-05-02 17:43 . 2012-02-11 13:44 95832 ----a-w- c:\windows\system32\perf-MSSQL$WELLDB-sqlctr11.0.2100.60.dll
2014-05-02 17:43 . 2012-02-11 13:46 82520 ----a-w- c:\windows\system32\fssres.dll
2014-05-02 17:43 . 2012-02-11 13:46 180312 ----a-w- c:\windows\system32\hadrres.dll
2014-05-02 17:29 . 2014-05-02 17:29 -------- d-----w- c:\windows\system32\RsFx
2014-05-02 16:47 . 2014-05-02 16:47 -------- d-----w- c:\program files\Microsoft Analysis Services
2014-05-02 16:45 . 2014-05-02 16:45 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2014-05-02 16:43 . 2014-05-02 16:43 -------- d-----w- c:\program files\Microsoft.NET
2014-05-02 16:38 . 2014-05-07 22:08 494784 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2014-05-02 16:34 . 2014-05-02 16:39 -------- d-----w- c:\windows\SysWow64\1033
2014-05-02 16:31 . 2014-05-02 17:20 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 10.0
2014-05-02 16:31 . 2014-05-02 16:31 -------- d-----w- c:\program files (x86)\Common Files\Merge Modules
2014-05-02 16:27 . 2014-05-02 16:27 -------- d-----w- c:\windows\symbols
2014-05-02 16:27 . 2014-05-02 16:39 -------- d-----w- c:\windows\system32\1033
2014-05-02 16:27 . 2014-05-02 16:27 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2014-05-02 16:27 . 2014-05-02 16:27 -------- d-----w- c:\program files\Microsoft Help Viewer
2014-05-02 16:27 . 2014-05-02 16:27 -------- d-----w- c:\program files (x86)\Microsoft SDKs
2014-05-02 16:13 . 2014-05-07 21:34 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2014-05-02 15:57 . 2014-05-07 21:34 -------- d-----w- c:\program files\Microsoft SQL Server
2014-05-01 00:16 . 2014-05-01 00:16 -------- d-----w- c:\program files (x86)\apache-maven-3.2.1
2014-04-29 21:29 . 2014-05-07 21:16 -------- d-----w- c:\users\Wellcom.Furier\AppData\Local\Spotify
2014-04-29 21:22 . 2014-05-16 22:09 -------- d-----w- c:\users\Wellcom.Furier\AppData\Roaming\Spotify
2014-04-25 16:12 . 2014-04-25 17:51 -------- d-----w- c:\program files (x86)\Fortinet
2014-04-25 16:00 . 2014-04-25 16:00 -------- d-----w- c:\programdata\Applications
2014-04-25 14:15 . 2014-04-25 14:15 119808 ----a-r- c:\users\Wellcom.Furier\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2014-04-25 14:15 . 2014-04-25 14:15 -------- d-----w- c:\users\Wellcom.Furier\AppData\Local\Apps
2014-04-24 00:42 . 2014-04-24 00:42 -------- d-sh--w- c:\users\Wellcom.Furier\AppData\Local\EmieUserList
2014-04-24 00:42 . 2014-04-24 00:42 -------- d-sh--w- c:\users\Wellcom.Furier\AppData\Local\EmieSiteList
2014-04-23 21:43 . 2014-03-06 06:00 359936 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2014-04-23 21:43 . 2014-03-06 05:50 257536 ----a-w- c:\program files (x86)\Internet Explorer\IEShims.dll
2014-04-23 21:43 . 2014-03-06 08:32 574976 ----a-w- c:\windows\system32\ieui.dll
2014-04-23 21:41 . 2014-03-06 08:28 752640 ----a-w- c:\windows\system32\jscript9diag.dll
2014-04-23 21:40 . 2014-03-06 08:11 5784064 ----a-w- c:\windows\system32\jscript9.dll
2014-04-23 21:40 . 2014-03-06 07:46 4254720 ----a-w- c:\windows\SysWow64\jscript9.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-15 15:43 . 2014-02-20 01:06 93223848 ----a-w- c:\windows\system32\MRT.exe
2014-04-01 03:46 . 2014-04-01 03:46 130712 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
2014-04-01 03:46 . 2014-04-01 03:46 1070232 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2014-03-31 14:35 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-03-15 00:21 . 2010-11-21 03:24 14848 ----a-w- c:\windows\system32\slwga.dll
2014-03-15 00:21 . 2010-11-21 03:24 419840 ----a-w- c:\windows\system32\systemcpl.dll
2014-03-15 00:21 . 2010-11-21 03:23 13824 ----a-w- c:\windows\SysWow64\slwga.dll
2014-03-15 00:21 . 2010-11-21 03:24 833024 ----a-w- c:\windows\SysWow64\user32.dll
2014-03-15 00:21 . 2010-11-21 03:24 1008640 ----a-w- c:\windows\system32\user32.dll
2014-03-14 23:59 . 2010-11-21 03:24 79872 ----a-w- c:\windows\SysWow64\winver.exe
2014-03-14 23:58 . 2014-03-14 23:58 410624 ----a-w- c:\windows\SysWow64\systemcpl.dll
2014-03-14 23:58 . 2014-03-14 23:58 193024 ----a-w- c:\windows\SysWow64\sppcomapi.dll
2014-03-13 22:45 . 2014-03-21 00:22 239392 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2014-03-13 22:44 . 2014-03-21 00:22 119072 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2014-03-13 22:44 . 2014-03-13 22:44 204064 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2014-03-13 22:44 . 2014-03-13 22:44 146720 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2014-03-13 22:44 . 2014-03-13 22:44 131872 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2014-03-13 22:44 . 2014-03-13 22:44 106272 ----a-w- c:\windows\system32\drivers\VBoxUSB.sys
2014-03-10 23:04 . 2014-03-10 23:04 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2014-03-10 23:04 . 2014-03-10 23:05 312744 ----a-w- c:\windows\system32\javaws.exe
2014-03-10 23:04 . 2014-03-10 23:04 189352 ----a-w- c:\windows\system32\javaw.exe
2014-03-10 23:04 . 2014-03-10 23:04 189352 ----a-w- c:\windows\system32\java.exe
2014-03-04 09:44 . 2014-04-09 17:49 362496 ----a-w- c:\windows\system32\wow64win.dll
2014-03-04 09:44 . 2014-04-09 17:49 243712 ----a-w- c:\windows\system32\wow64.dll
2014-03-04 09:44 . 2014-04-09 17:49 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2014-03-04 09:44 . 2014-04-09 17:49 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2014-03-04 09:44 . 2014-04-09 17:49 1163264 ----a-w- c:\windows\system32\kernel32.dll
2014-03-04 09:17 . 2014-04-09 17:49 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2014-03-04 09:17 . 2014-04-09 17:49 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-03-04 09:16 . 2014-04-09 17:49 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2014-03-04 09:16 . 2014-04-09 17:49 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2014-03-04 08:09 . 2014-04-09 17:49 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2014-03-04 08:09 . 2014-04-09 17:49 2048 ----a-w- c:\windows\SysWow64\user.exe
2014-02-21 23:01 . 2014-02-21 23:01 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2014-02-21 23:01 . 2014-02-21 23:01 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2014-02-21 23:01 . 2014-02-21 23:01 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2014-02-21 23:01 . 2014-02-21 23:01 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-02-21 23:01 . 2014-02-21 23:01 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2014-02-21 23:01 . 2014-02-21 23:01 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2014-02-21 23:01 . 2014-02-21 23:01 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-02-21 23:01 . 2014-02-21 23:01 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2014-02-21 23:01 . 2014-02-21 23:01 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2014-02-21 23:01 . 2014-02-21 23:01 337408 ----a-w- c:\windows\SysWow64\html.iec
2014-02-21 23:01 . 2014-02-21 23:01 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2014-02-21 23:01 . 2014-02-21 23:01 235008 ----a-w- c:\windows\system32\elshyph.dll
2014-02-21 23:01 . 2014-02-21 23:01 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2014-02-21 23:01 . 2014-02-21 23:01 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2014-02-21 23:01 . 2014-02-21 23:01 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2014-02-21 23:01 . 2014-02-21 23:01 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2014-02-21 23:01 . 2014-02-21 23:01 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2014-02-21 23:01 . 2014-02-21 23:01 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-02-21 23:01 . 2014-02-21 23:01 942592 ----a-w- c:\windows\system32\jsIntl.dll
2014-02-21 23:01 . 2014-02-21 23:01 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2014-02-21 23:01 . 2014-02-21 23:01 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-02-21 23:01 . 2014-02-21 23:01 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-02-21 23:01 . 2014-02-21 23:01 81408 ----a-w- c:\windows\system32\icardie.dll
2014-02-21 23:01 . 2014-02-21 23:01 774144 ----a-w- c:\windows\system32\jscript.dll
2014-02-21 23:01 . 2014-02-21 23:01 77312 ----a-w- c:\windows\system32\tdc.ocx
2014-02-21 23:01 . 2014-02-21 23:01 62464 ----a-w- c:\windows\system32\pngfilt.dll
2014-02-21 23:01 . 2014-02-21 23:01 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2014-02-21 23:01 . 2014-02-21 23:01 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2014-02-21 23:01 . 2014-02-21 23:01 48640 ----a-w- c:\windows\system32\mshtmler.dll
2014-02-21 23:01 . 2014-02-21 23:01 48128 ----a-w- c:\windows\system32\imgutil.dll
2014-02-21 23:01 . 2014-02-21 23:01 413696 ----a-w- c:\windows\system32\html.iec
2014-02-21 23:01 . 2014-02-21 23:01 30208 ----a-w- c:\windows\system32\licmgr10.dll
2014-02-21 23:01 . 2014-02-21 23:01 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2014-02-21 23:01 . 2014-02-21 23:01 247808 ----a-w- c:\windows\system32\msls31.dll
2014-02-21 23:01 . 2014-02-21 23:01 243200 ----a-w- c:\windows\system32\webcheck.dll
2014-02-21 23:01 . 2014-02-21 23:01 235520 ----a-w- c:\windows\system32\url.dll
2014-02-21 23:01 . 2014-02-21 23:01 167424 ----a-w- c:\windows\system32\iexpress.exe
2014-02-21 23:01 . 2014-02-21 23:01 147968 ----a-w- c:\windows\system32\occache.dll
2014-02-21 23:01 . 2014-02-21 23:01 143872 ----a-w- c:\windows\system32\wextract.exe
2014-02-21 23:01 . 2014-02-21 23:01 13824 ----a-w- c:\windows\system32\mshta.exe
2014-02-21 23:01 . 2014-02-21 23:01 135680 ----a-w- c:\windows\system32\iepeers.dll
2014-02-21 23:01 . 2014-02-21 23:01 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2014-02-21 23:01 . 2014-02-21 23:01 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2014-02-21 23:01 . 2014-02-21 23:01 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-02-21 23:01 . 2014-02-21 23:01 105984 ----a-w- c:\windows\system32\iesysprep.dll
2014-02-21 23:01 . 2014-02-21 23:01 101376 ----a-w- c:\windows\system32\inseng.dll
2014-02-19 23:18 . 2014-02-19 23:18 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-02-19 23:18 . 2014-02-19 23:18 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-02-19 23:18 . 2014-02-19 23:18 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2014-02-19 23:18 . 2014-02-19 23:18 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-02-19 23:18 . 2014-02-19 23:18 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-02-19 23:18 . 2014-02-19 23:18 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-02-19 23:18 . 2014-02-19 23:18 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-02-19 23:18 . 2014-02-19 23:18 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2014-02-19 23:18 . 2014-02-19 23:18 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-02-19 23:18 . 2014-02-19 23:18 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-02-19 23:18 . 2014-02-19 23:18 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2014-02-19 23:18 . 2014-02-19 23:18 363008 ----a-w- c:\windows\system32\dxgi.dll
2014-02-19 23:18 . 2014-02-19 23:18 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-02-19 23:18 . 2014-02-19 23:18 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-02-19 23:18 . 2014-02-19 23:18 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2014-02-19 23:18 . 2014-02-19 23:18 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2014-02-19 23:18 . 2014-02-19 23:18 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-02-19 23:18 . 2014-02-19 23:18 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-02-19 23:18 . 2014-02-19 23:18 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-02-19 23:18 . 2014-02-19 23:18 296960 ----a-w- c:\windows\system32\d3d10core.dll
2014-02-19 23:18 . 2014-02-19 23:18 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2014-03-15 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2014-03-15 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Unified Remote v2"="c:\program files (x86)\Unified Remote\RemoteServer.exe" [2014-02-24 332496]
"Spotify"="c:\users\Wellcom.Furier\AppData\Roaming\Spotify\Spotify.exe" [2014-04-30 6206520]
"Spotify Web Helper"="c:\users\Wellcom.Furier\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-04-30 1176632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BtTray"="c:\program files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe" [2012-09-03 364544]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-12-06 766208]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-04-09 3774312]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.141\SSScheduler.exe [2014-1-15 329944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0aswBoot.exe /M:89ad2b0c /wow /dir:C:\Program
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 OracleOraDb10g_home1TNSListener;OracleOraDb10g_home1TNSListener;d:\oracle\product\10.2.0\db_1\BIN\TNSLSNR ;d:\oracle\product\10.2.0\db_1\BIN\TNSLSNR  [x]
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe [x]
R3 mdareDriver_47;mdareDriver_47;c:\users\WELLCO~1.FUR\AppData\Local\Temp\FCPreScan\mdare64_47.sys;c:\users\WELLCO~1.FUR\AppData\Local\Temp\FCPreScan\mdare64_47.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys;c:\windows\SYSNATIVE\Drivers\VBoxUSB.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Servicio de tecnologías de activación de Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 OracleJobSchedulerWELLDB;OracleJobSchedulerWELLDB;d:\oracle\product\10.2.0\db_1\Bin\extjob.exe WELLDB;d:\oracle\product\10.2.0\db_1\Bin\extjob.exe WELLDB [x]
R4 RsFx0200;RsFx0200 Driver;c:\windows\system32\DRIVERS\RsFx0200.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0200.sys [x]
R4 SQLAgent$WELLDB;SQL Server Agent (WELLDB);c:\program files\Microsoft SQL Server\MSSQL11.WELLDB\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL11.WELLDB\MSSQL\Binn\SQLAGENT.EXE [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 MSSQL$WELLDB;SQL Server (WELLDB);c:\program files\Microsoft SQL Server\MSSQL11.WELLDB\MSSQL\Binn\sqlservr.exe;c:\program files\Microsoft SQL Server\MSSQL11.WELLDB\MSSQL\Binn\sqlservr.exe [x]
S2 OracleDBConsolewelldb;OracleDBConsolewelldb;d:\oracle\product\10.2.0\db_1\bin\nmesrvc.exe;d:\oracle\product\10.2.0\db_1\bin\nmesrvc.exe [x]
S2 OracleServiceWELLDB;OracleServiceWELLDB;d:\oracle\product\10.2.0\db_1\bin\ORACLE.EXE WELLDB;d:\oracle\product\10.2.0\db_1\bin\ORACLE.EXE WELLDB [x]
S2 ReportServer$WELLDB;SQL Server Reporting Services (WELLDB);c:\program files\Microsoft SQL Server\MSRS11.WELLDB\Reporting Services\ReportServer\bin\ReportingServicesService.exe;c:\program files\Microsoft SQL Server\MSRS11.WELLDB\Reporting Services\ReportServer\bin\ReportingServicesService.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 BtAudioBusSrv;Ralink Bluetooth Audio Bus Service;c:\windows\system32\Drivers\BtAudioBus.sys;c:\windows\SYSNATIVE\Drivers\BtAudioBus.sys [x]
S3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service;c:\windows\system32\Drivers\BtL2caScoIf.sys;c:\windows\SYSNATIVE\Drivers\BtL2caScoIf.sys [x]
S3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service;c:\windows\system32\Drivers\IvtUrbBtFlt.sys;c:\windows\SYSNATIVE\Drivers\IvtUrbBtFlt.sys [x]
S3 MSSQLFDLauncher$WELLDB;SQL Full-text Filter Daemon Launcher (WELLDB);c:\program files\Microsoft SQL Server\MSSQL11.WELLDB\MSSQL\Binn\fdlauncher.exe;c:\program files\Microsoft SQL Server\MSSQL11.WELLDB\MSSQL\Binn\fdlauncher.exe [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 rtbth;RTBTH Bluetooth Device Driver;c:\windows\system32\DRIVERS\rtbth.sys;c:\windows\SYSNATIVE\DRIVERS\rtbth.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-25 00:10 1078088 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-13 22:50]
.
2014-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-13 22:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-02-13 22:50 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-03-07 6469736]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportar a Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.100.1
FF - ProfilePath - c:\users\Wellcom.Furier\AppData\Roaming\Mozilla\Firefox\Profiles\jzoswypq.default\
.
.
------- File Associations -------
.
vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
jsefile\shell\open2\command=c:\windows\System32\CScript.exe "%1" %*
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\OracleOraDb10g_home1TNSListener]
"ImagePath"="d:\oracle\product\10.2.0\db_1\BIN\TNSLSNR "
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-05-16  17:49:57
ComboFix-quarantined-files.txt  2014-05-16 22:49
ComboFix2.txt  2014-05-15 17:26
.
Pre-Run: 58,876,227,584 bytes libres
Post-Run: 58,640,445,440 bytes libres
.
- - End Of File - - F7E4C4C1F7843781AA91C0CBE0824C75
8E734BD7AA1D4F7E9AF58DF495F6CF9E
 
Somebody could help me to know what I have to do with this?. Thanks in advance.


BC AdBot (Login to Remove)

 


m

#2 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:06:31 PM

Posted 21 May 2014 - 06:38 AM

Greetings oc.garcia and welcome to the forums,

 

Before we can render the best possible advice, please answer these two questions for us:

1) What issues were you having that prompted you to take upon yourself to run combofix

2) Can you post the log that combofix produced from the FIRST time you ran it? The log you posted above is from the SECOND time it was run at that system.

 

Thanks!


Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#3 oc.garcia

oc.garcia
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:31 PM

Posted 22 May 2014 - 05:00 PM

1. I am not able to enter to my C unit. The message "Access Denied" is shown. I can't run any program or console system. 

2. The first time I ran combofix my pc was ready to use so I though the problem was solved but it wasn't. When I restart my machine I had the same problem so I had to run combofix for second time. 

Thanks in advance .



#4 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:06:31 PM

Posted 24 May 2014 - 04:26 AM

1. I am not able to enter to my C unit. The message "Access Denied" is shown. I can't run any program or console system. 

2. The first time I ran combofix my pc was ready to use so I though the problem was solved but it wasn't. When I restart my machine I had the same problem so I had to run combofix for second time. 

Thanks in advance .

If you can't run any programs or enter your "C unit" then please explain how you were able to run combofix and post the log it produced.


Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users