Results 1 to 4 of 4

Thread: Rootkit.ZeroAccess windows pop up (TCP/IP)

  1. #1
    Junior Member
    Join Date
    Apr 2012
    Posts
    2

    Default Rootkit.ZeroAccess windows pop up (TCP/IP)

    Hello again.

    Following instructions here I post the files required for a problem with AVG Identity Protection. First of all I must indicate that I have used Combofix and got a message that says "the rootkit has inserted into the TCP/IP stack". Also used TDSSKiller, Yorkyt, RootKit Remover... and it seems that the other windows of Generic27 have disappeared, but now there is always a warning window from AVG IdP that if it is closed, another one takes its place, but refering to a different dll of System32.

    Thanks a lot in advance for your help and I am at your disposal to whatever you require.

    Best regards.


    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Rafa at 16:41:14 on 2012-04-17
    Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.3062.2503 [GMT 2:00]
    .
    .
    ============== Running Processes ===============
    .
    C:\ARCHIV~1\AVG\AVG2012\avgrsx.exe
    C:\Archivos de programa\AVG\AVG2012\avgcsrvx.exe
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Archivos de programa\AVG\AVG2012\avgwdsvc.exe
    C:\Archivos de programa\Java\jre6\bin\jqs.exe
    C:\Archivos de programa\AVG\AVG2012\avgnsx.exe
    C:\WINDOWS\system32\DRIVERS\o2flash.exe
    C:\WINDOWS\System32\PAStiSvc.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\Explorer.EXE
    C:\Archivos de programa\AVG\AVG2012\AVGIDSAgent.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Archivos de programa\DellTPad\Apoint.exe
    C:\Archivos de programa\Dell\QuickSet\quickset.exe
    C:\Archivos de programa\AVG\AVG2012\avgtray.exe
    C:\Archivos de programa\DellTPad\ApMsgFwd.exe
    C:\Archivos de programa\D-Link\DIR-457 USB Modem\DIR-457 Monitor.exe
    C:\Archivos de programa\Archivos comunes\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    C:\Archivos de programa\DellTPad\HidFind.exe
    C:\Archivos de programa\DellTPad\Apntex.exe
    C:\archivos de programa\real\realplayer\update\realsched.exe
    C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe
    C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\ISUSPM.exe
    C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Archivos de programa\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Archivos de programa\Adobe\Reader 10.0\Reader\Reader_sl.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.es/
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Connection Wizard,ShellNext = "c:\archivos de programa\outlook express\msimn.exe"
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\archivos de programa\archivos comunes\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\datos de programa\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\archivos de programa\avg\avg2012\avgssie.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\archivos de programa\java\jre6\bin\ssv.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\archivos de programa\google\google toolbar\GoogleToolbar_32.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\archivos de programa\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\archivos de programa\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\archivos de programa\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\archivos de programa\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\archivos de programa\google\google toolbar\GoogleToolbar_32.dll
    uRun: [ISUSPM] "c:\archivos de programa\archivos comunes\installshield\updateservice\ISUSPM.exe" -scheduler
    uRun: [swg] "c:\archivos de programa\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [MSMSGS] "c:\archivos de programa\messenger\msmsgs.exe" /background
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
    mRun: [Apoint] c:\archivos de programa\delltpad\Apoint.exe
    mRun: [Dell QuickSet] c:\archivos de programa\dell\quickset\quickset.exe
    mRun: [AVG_TRAY] "c:\archivos de programa\avg\avg2012\avgtray.exe"
    mRun: [DIR-457 Monitor] c:\archivos de programa\d-link\dir-457 usb modem\DIR-457 Monitor.exe start
    mRun: [RIMBBLaunchAgent.exe] c:\archivos de programa\archivos comunes\research in motion\usb drivers\RIMBBLaunchAgent.exe
    mRun: [Adobe ARM] "c:\archivos de programa\archivos comunes\adobe\arm\1.0\AdobeARM.exe"
    mRun: [TkBellExe] "c:\archivos de programa\real\realplayer\update\realsched.exe" -osboot
    mRun: [SunJavaUpdateSched] "c:\archivos de programa\archivos comunes\java\java update\jusched.exe"
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xportar a Microsoft Excel - c:\archiv~1\micros~2\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\archivos de programa\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\archivos de programa\messenger\msmsgs.exe
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\archivos de programa\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\archiv~1\micros~2\office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {B785FA3C-1DE9-4D20-8396-613C486FE95E} - hxxps://www2.agenciatributaria.gob.es/ES13/h/CACTIVEX.CAB
    DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: Interfaces\{BC06D450-6A67-4DBB-92D8-10009B450A44} : DhcpNameServer = 192.168.0.241 212.142.144.66 212.142.144.98
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\archivos de programa\avg\avg2012\avgpp.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\archivos de programa\skype\toolbars\internet explorer\skypeieplugin.dll
    Notify: igfxcui - igfxdev.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 23120]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 230608]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 40016]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 295248]
    R2 AVGIDSAgent;AVGIDSAgent;c:\archivos de programa\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
    R2 avgwd;WatchDog de AVG;c:\archivos de programa\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134608]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24272]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 16720]
    R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2010-1-13 51288]
    R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2010-1-13 43608]
    S0 cerc6;cerc6; [x]
    S2 AGV;HIDSwvd;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S2 antivirscheduler;Prohlp02;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S2 antivirservice;Mwsarcpkt;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S2 avfilter;Mwssched;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S2 avg7alrt;Epsonbidirectionalservice;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S2 avgcoresvc;Utscsi;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S2 avgems;Vmauthdservice;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S2 avgfwsrv;Vulfntrs;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S2 avgntflt;CTDevice_Srv;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S2 avhook;Raidmagt;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S2 aw_host;EU3_USB;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S2 awlegacy;TOSHIBASoftModem;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S2 BRGSp50;Slapd-data52;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S2 ca-messagequeuing;AsIO;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S2 caisafe;ProcObsrv;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S2 ccproxy;STEC3;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S2 ccsetmgr;Ehsched;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S2 clientservice;Rismxdp;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S2 cmdagent;Stylexphelper;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S2 CTMMOUNT;Ikhfile;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S2 CTMSHD;Datasvr;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S2 DirectUpdate;ASNDIS5;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S2 DivisCTS;Winachcf;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S2 ghostsec;AffinegyService;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S2 gupdate;Servicio Google Update (gupdate);c:\archivos de programa\google\update\GoogleUpdate.exe [2010-1-13 135664]
    S2 GV600_4;Susbser;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S2 ikfileflt;Aeclienthostservice;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S2 ikfilesec;Bh611;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S2 iksysflt;Rt2500;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S2 iksyssec;Kl1;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S2 kavsvc;WavxDMgr;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S2 LMIRfsDriver;NITaggerService;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S2 LRMINIPORT;AlteraByteBlaster;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S2 mcdetect.exe;TryAndDecideService;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S2 mcproxy;Udfreadr_xp;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S2 mctskshd.exe;Brmfrmps;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S2 mcusrmgr;Gameenum;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S2 mferkdk;Tosrfec;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S2 mksupdateint;Mcnasvc;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S2 mksvirmonsvc;Mpfirewl;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S2 navapel;Stltrk2k;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S2 navapsvc;Retrolauncher;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S2 naveng;{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S2 navex15;Si3132r5;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S2 ndasbus;Machnm32;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S2 ndasscsi;Sglfb;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S2 nod32krn;Wacomkey;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S2 ofcservice;StkAMini;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S2 pavagente;Gv3;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S2 pavprsrv;GTPTSER;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S2 pctavsvc;P17xfilt;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S2 pctfw1;TPM;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S2 pctoolsfirewallplus;Akshhl;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S2 RalinkRegistryWriter;Ati;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S2 regdefend;Rdpdd;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S2 S3GIGP;ICM10USB;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S2 savrt;Lpx;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S2 savrtpel;Nimcdlbk;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S2 savscan;AtiPcie;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S2 sbservice;Belgium_id_card_service;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S2 sdcoreservice;Cmigameport;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S2 vet-rec;AppnApi;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S2 veteboot;Mqdmbus;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S2 webrootcommagentservice;Cdrbsdrv;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S2 webrootenterpriseclientservice;SiS300i;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S2 webrootenterpriseupdateservice;CA561;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S2 webrootspysweeperservice;Hpzid412;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S2 ZDCNDIS5;Tsdhd;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-3 253600]
    S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2010-4-1 112640]
    S3 gupdatem;Servicio de Google Update (gupdatem);c:\archivos de programa\google\update\GoogleUpdate.exe [2010-1-13 135664]
    S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [2010-4-2 102656]
    S3 MFE_RR;MFE_RR;\??\c:\docume~1\rafa\config~1\temp\mfe_rr.sys --> c:\docume~1\rafa\config~1\temp\mfe_rr.sys [?]
    S3 PAC207;VideoCAM GF112;c:\windows\system32\drivers\pfc027.sys [2005-4-8 162176]
    S3 qdb3gmdm;D-Link USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qdb3gmdm.sys [2011-6-30 106240]
    .
    =============== Created Last 30 ================
    .
    2012-04-16 08:38:10 -------- d-----w- c:\windows\system32\DBBK
    2012-04-16 08:29:59 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-04-03 06:21:18 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-03-27 08:09:45 -------- d-----w- c:\documents and settings\rafa\.pdfsam
    2012-03-27 07:45:47 -------- d-----w- c:\archivos de programa\pdfsam
    .
    ==================== Find3M ====================
    .
    2012-04-16 08:31:17 138496 ----a-w- c:\windows\system32\drivers\afd.sys
    2012-04-03 06:21:18 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-03-01 10:59:03 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-03-01 10:59:02 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-03-01 10:59:02 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-02-29 14:09:53 177664 ----a-w- c:\windows\system32\wintrust.dll
    2012-02-29 14:09:53 148480 ----a-w- c:\windows\system32\imagehlp.dll
    2012-02-29 12:17:53 385024 ----a-w- c:\windows\system32\html.iec
    2012-02-07 09:02:40 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
    2012-02-03 09:57:03 1860224 ----a-w- c:\windows\system32\win32k.sys
    .
    ============= FINISH: 16:42:07,09 ===============
    Attached Files Attached Files

  2. #2
    Emeritus- Malware Team
    Join Date
    Aug 2011
    Posts
    157

    Default

    Hi sabinoing,

    Firstly, welcome to the Safer-Networking Malware Removal Forum.
    My name is Scolabar, and I'll be helping you with your malware problems.
    Logs can take a while to research, so please be patient.
    If you no longer require help I would be grateful if you would let me know.

    Please note the following important guidelines before proceeding:
    1. The instructions that will be provided are for YOUR computer and system only!
      Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable
      !
    2. If you have any questions or do not understand something, please do not hesitate to ask, don't guess or assume.
    3. Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
    4. Only reply to this thread, do not start another. Please, continue responding, until I give you the All Clean.
      Absence of symptoms does not necessarily mean that everything is clear.
    5. DO NOT run any other fix or removal tools unless instructed to do so!
    6. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
    7. Print each set of instructions, if possible. Your Internet connection will not be available during some fix processes.
    8. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    9. Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

    Please Note: If you haven't done so already, please read this topic "BEFORE You POST"(Please read this Procedure Before Requesting Assistance) where the conditions for receiving help here are explained.

    Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
    In light of this, it would be advisable for you to back up any important files and folders that you don't want to lose before we start.


    If you follow these guidelines, things should proceed smoothly.
    I am currently reviewing your log and will return, as soon as possible, with additional instructions.

    Thank you for your patience.

    In the meantime please provide the feedback below:

    Please read these instructions carefully before executing and perform the steps, in the order given.
    lf you have any questions about or problems with, executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

    Before we proceed please make sure any open programs are closed.

    Step 1:
    Business Use Computer?

    Entries in your HijackThis log lead me to believe that this computer may be being used for business purposes.
    Please could you confirm if this is the case? If the computer is not used for business purposes please proceed with Step 2.

    Step 2:
    Logs Required for Review

    I notice you have already run a significant number of tools including ComboFix and TDSSKiller which should never be run other than under instruction from a malware expert.

    ComboFix Log

    Please post the entire contents of the combofix.txt log file (- it is normally to be found in the C:\qoobox\ directory) into your next reply.

    TDSSKiller Log

    Please post the entire contents of the most recent TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt log file. The file is normally saved to the root directory - usually C: drive.
    Step 3:
    Include in Next Post

    1. Did you have any problems carrying out the instructions?
    2. Is this computer used for business purposes? If not, please clarify for what purposes the computer is used.
    3. ComboFix.txt.
    4. TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt.
    5. Do you have the original Windows installation media for your PC?


    Scolabar
    --------------------------------------------------------------------------
    No Reply Within 3 Days Will Result In Your Topic Being Closed
    Malware Removal University - You too could train to help others

  3. #3
    Emeritus- Malware Team
    Join Date
    Aug 2011
    Posts
    157

    Default

    Hi sabinoing,

    It has been over 48 hours since my last post.

    1. Do you still need help?
    2. Do you need more time?
    3. Are you having problems following my instructions?
    4. In line with Safer-Networking's Forum Guidelines, topics will be closed after 3 days without a response.
    5. If you do not reply within the next 24 hours, this topic will be closed.


    Scolabar
    --------------------------------------------------------------------------
    No Reply Within 3 Days Will Result In Your Topic Being Closed
    Malware Removal University - You too could train to help others

  4. #4
    Security Expert Jack&Jill's Avatar
    Join Date
    Aug 2008
    Location
    South East Asia
    Posts
    725

    Default

    Due to lack of response, this topic is now closed.

    If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. How to post a DDS log.

    If it has been less than three days since your last response and you need the thread re-opened, please send a private message (pm) to me or a MOD. A valid, working link to the closed topic is required. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

    Everyone else please begin a New Topic.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •