PDA

View Full Version : File unable to be cleaned



techinstructor
2014-02-11, 22:52
I previously posted this in the Spybot forum, http://forums.spybot.info/showthread.php?70167-File-unable-to-be-cleaned and Zenobia recommended that I move it over here since I had another issue with a trojan on the same machine last November https://forum.eset.com/topic/1365-win32kryptikbojt-trojan-variant-found/.

My current DDS and aswMBR logs will be posted in post #2.


*********************
My original post from the other thread is here:

I'm running Windows 7 Home Premium (64 bit) and ESET Smart Security 5 Version 5.2.9.1. Upon startup I had a red flag in my Windows Action Center that informed me that I needed to start the Windows Security Center. I attempted to do this, but was not able to.

Microsoft support led me to the Security Center Properties and told me to choose "Log On" and click "Browse" to enter the name of my computer (which is an Asus K52JC notebook, if that matters). When I enter my computer name I get an error message, "An object (User or Built-in security principal) withe the following name cannot be found: "timobile". Check the selected object types and locations for accuracy (they look correct to me) and ensure that you have typed the object name correctly, (it is correct) or remove this object from the selection. Windows support suggested the possibility of malware if the service would not start after this step.

When I try to start the service, I get this message: "Windows could not start the Security Center service on Local Computer. Error 1068: The dependency service or group failed to start."

So after checking the ESET logs and seeing that all was well and up to date - no evidence of any recent activity in the logs, I ran Malwarebytes (nothing found) and then Spybot Search and Destroy which found some registry issues, all of which it was able to fix except for 1 (HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSD\General\ -- I didn't understand what the threat was, only that it was unable to clean it. Interestingly, when I looked this up in the registry, one of the items in the General folder was ComputerName.

techinstructor
2014-02-11, 22:59
DDS Log:

11215

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514
Run by techinstructor at 14:57:29 on 2014-02-11
.
============== Running Processes ================
.
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
D:\Program Files\Steam\Steam.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\NetWorx\networx.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Free Download Manager\fdm.exe
C:\Windows\sysWow64\SearchProtocolHost.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://asus.msn.com
uDefault_Page_URL = hxxp://asus.msn.com
mWinlogon: Userinit = userinit.exe
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO: Free Download Manager: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Steam] "D:\Program Files\Steam\steam.exe" -silent
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [NetWorx] "C:\Program Files (x86)\NetWorx\networx.exe" /auto
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
uPolicies-Explorer: NoDriveAutoRun = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{3676D7C3-B53E-46ED-9379-9CF2373D0F54} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{3676D7C3-B53E-46ED-9379-9CF2373D0F54}\65562796A7F6E6D2239313C46575D223135343 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{6147847E-3C7D-42F8-971D-2C06514DFBA3} : DHCPNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\techinstructor\AppData\Roaming\Mozilla\Firefox\Profiles\kgy8d41p.default\
FF - prefs.js: browser.startup.homepage - hxxp://techinstructor.home.mindspring.com/squirrelsnest.htm
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2010-09-23 15:12; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? cvhsvc;Client Virtualization Handler
R? fssfltr;fssfltr
R? fsssvc;Windows Live Family Safety
R? MBAMService;MBAMService
R? NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN)
R? NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN)
R? NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN)
R? SDScannerService;Spybot-S&D 2 Scanner Service
R? SDUpdateService;Spybot-S&D 2 Updating Service
R? SDWSCService;Spybot-S&D 2 Security Center Service
R? sftlist;Application Virtualization Client
R? SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver
R? TsUsbFlt;TsUsbFlt
R? TurboBoost;TurboBoost
R? USBAAPL64;Apple Mobile USB Driver
R? WDC_SAM;WD SCSI Pass Thru driver
R? WDDMService;WDDMService
R? WDDriveService;WD Drive Manager
R? WDFMEService;WDFME
R? WDRulesService;WDRules
S? !SASCORE;SAS Core Service
S? AFBAgent;AFBAgent
S? ASMMAP64;ASMMAP64
S? eamonm;eamonm
S? ekrn;ESET Service
S? EpfwLWF;Epfw NDIS LightWeight Filter
S? epfwwfp;epfwwfp
S? HECIx64;Intel(R) Management Engine Interface
S? Impcd;Impcd
S? IntcDAud;Intel(R) Display Audio
S? IntuitUpdateServiceV4;Intuit Update Service v4
S? JMCR;JMCR
S? JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits)
S? lullaby;lullaby
S? MBAMProtector;MBAMProtector
S? MBAMScheduler;MBAMScheduler
S? nvpciflt;nvpciflt
S? NvtlService;NovaCore SDK Service
S? NWVZHelper;Novatel Wireless Verizon Device Helper
S? PSSDK42;PSSDK42
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
S? Sftfs;Sftfs
S? Sftplay;Sftplay
S? Sftredir;Sftredir
S? Sftvol;Sftvol
S? sftvsa;Application Virtualization Service Agent
S? TurboB;Turbo Boost UI Monitor driver
S? UNS;Intel(R) Management & Security Application User Notification Service
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2014-02-04 23:43:06 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-04 23:43:06 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-01-28 16:08:30 45056 ----a-w- C:\Windows\System32\acovcnt.exe
2009-04-08 17:31:56 106496 ----a-w- C:\Program Files (x86)\Common Files\CPInstallAction.dll
2008-08-12 04:45:20 155648 ----a-w- C:\Program Files (x86)\Common Files\MSIactionall.dll
.
============= FINISH: 15:00:22.78 ===============

ASWMBR log

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-02-11 15:39:31
-----------------------------
15:39:31.963 OS Version: Windows x64 6.1.7601 Service Pack 1
15:39:31.963 Number of processors: 4 586 0x2505
15:39:31.963 ComputerName: TIMOBILE UserName:
15:39:32.712 Initialize success
15:39:57.532 AVAST engine defs: 14021100
15:39:59.638 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:39:59.638 Disk 0 Vendor: ST950032 0003 Size: 476940MB BusType: 3
15:39:59.809 Disk 0 MBR read successfully
15:39:59.809 Disk 0 MBR scan
15:39:59.825 Disk 0 Windows 7 default MBR code
15:39:59.825 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 20002 MB offset 63
15:39:59.825 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 119232 MB offset 40965750
15:39:59.841 Disk 0 Partition - 00 0F Extended LBA 337704 MB offset 285153280
15:39:59.856 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 337703 MB offset 285155328
15:39:59.903 Disk 0 scanning C:\Windows\system32\drivers
15:40:12.679 Service scanning
15:40:38.856 Modules scanning
15:40:38.856 Disk 0 trace - called modules:
15:40:39.527 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
15:40:39.527 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006cf3060]
15:40:39.527 3 CLASSPNP.SYS[fffff880011a443f] -> nt!IofCallDriver -> [0xfffffa8004cf3e40]
15:40:39.527 5 ACPI.sys[fffff88000f707a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004cf6050]
15:40:40.401 AVAST engine scan C:\Windows
15:40:42.616 AVAST engine scan C:\Windows\system32
15:44:11.470 AVAST engine scan C:\Windows\system32\drivers
15:44:26.914 AVAST engine scan C:\Users\techinstructor
15:44:35.338 Disk 0 MBR has been saved successfully to "C:\Users\techinstructor\Desktop\MBR.dat"
15:44:35.338 The log file has been saved successfully to "C:\Users\techinstructor\Desktop\aswMBR.txt"

Dakeyras
2014-02-12, 13:40
Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.
Hi and welcome to Safer Networking. :)

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:


I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for this issue on this machine!
The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Refrain from running self fixes as this will hinder the malware removal process.
It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

P2P Advice:

I would like for you to read this forum topic please:-

File Sharing, otherwise known as Peer To Peer. (P2P) (http://forums.spybot.info/showthread.php?t=282)

My only condition before I continue assisting you is that you please uninstall uTorrent.

To do so, click on Start(Windows 7 Orb) >> Control Panel >> Uninstall a program or Programs and Features and remove the following (if present):

uTorrent

To do so click once on the above to highlight, then click on Uninstall/Change and follow the prompts.

Next:

I have read all prior posts and topics and before I advise anything further proactive please carry the below for myself so I am better able to ascertain the overall situation, thank you.

Scan with Farbar Recovery Scan Tool:

Please download and save Farbar Recovery Scan Tool 64-Bit (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/) to to your desktop.


Right-click on FRST.exe and select Run as Administrator to start FRST >> >> follow the prompt/click on Yes
Under Optional Scan ensure both Drivers MD5 and Addition.txt are selected.
Now click on the Scan button/radio tab >> at the Scan completed prompt click on OK
At the next prompt denoting Addition.txt is saved in the same location FRST tool is run >> click on OK
There will now be two logs on your desktop, Addition.txt and FRST.txt. Post the contents of both in your next reply.

Scan with FSS:

Please download Farbar Service Scanner (http://download.bleepingcomputer.com/farbar/FSS.exe) and save to your desktop.


Right-click FSS.exe and select Run as Administrator to start the program.
Select all available options
Then click on the Scan tab.
When the scan is complete, it will produce a log named FSS.txt.
Post the contents in your next reply.

Scan with TDSSKiller:

Please download TDSSKiller (http://www.bleepingcomputer.com/download/tdsskiller/) to the desktop.

Alternate download is here (http://media.kaspersky.com/utilities/VirusUtilities/EN/tdsskiller.exe).


Right-click on TDSSKiller.exe and select Run as Administrator to start the program and follow the prompts.
When the main GUI(graphical user interface) window opens, click on Change Parameters
Under Additional options, select both Verify driver digital signatures & Detect TDLFS File System >> OK
Click on Start Scan, the scan will run.
When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
A Report will have been created by TDSSKiller in your root directory C:\
To find the log go to Start(Windows 7 Orb) > Computer > C: >> TDSSKiller.V.V.V.VV_DD.DD.YYYY_TT.TT.TT_log <-- The letters denote the version and date & time etc.
Post the contents of that log in your next reply please.

Note: Do not have TDSSKiller remove anything if found at this point in time!

Next:

When completed the above, please post back the following in the order asked for:


How is your computer performing now, any further symptoms and or problems encountered ?
Both FRST logs. <-- Post them individually please, IE: one Log per post/reply.
Farbar Service Scanner Log.
TDSSKiller Log.

Dakeyras
2014-02-17, 00:17
Due to the lack of feedback this Topic is closed.

If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh set of DDS logs and a link to your previous thread.

If it has been less than three days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.