Jump to content

Recommended Posts

I have run the mbam client and combofix serveral times and the same two files keep coming back. I can't seem to get rid of them. Below is the latest combofix txt file:

ComboFix 12-03-01.02 - Administrator 03/01/2012 13:37:41.5.8 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8116.6567 [GMT -10:00]

Running from: c:\users\Administrator.MYAGODICH\Desktop\ComboFix.exe

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\svchost.exe

c:\windows\system32\wbem\Performance\WmiApRpl_new.ini

.

.

((((((((((((((((((((((((( Files Created from 2012-02-01 to 2012-03-01 )))))))))))))))))))))))))))))))

.

.

2012-03-01 23:41 . 2012-03-01 23:41 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-03-01 23:41 . 2012-03-01 23:41 -------- d-----w- c:\users\Public\AppData\Local\temp

2012-03-01 23:41 . 2012-03-01 23:41 -------- d-----w- c:\users\MobiUser\AppData\Local\temp

2012-03-01 23:41 . 2012-03-01 23:41 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-03-01 23:41 . 2012-03-01 23:41 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2012-03-01 22:10 . 2012-03-01 22:11 -------- d-----w- c:\users\Administrator.MYAGODICH\AppData\Roaming\.clamwin

2012-03-01 22:10 . 2012-03-01 22:10 -------- d-----w- c:\programdata\.clamwin

2012-03-01 22:10 . 2012-03-01 22:10 -------- d-----w- c:\program files (x86)\ClamWin

2012-03-01 22:09 . 2012-02-20 11:05 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{41BA3EF1-D4AE-4FF2-BC44-AA2B8C693A1B}\mpengine.dll

2012-03-01 22:06 . 2012-03-01 22:06 -------- d-----w- c:\users\Administrator.MYAGODICH\AppData\Local\Mozilla

2012-03-01 21:55 . 2012-03-01 21:55 -------- d-----w- c:\users\Administrator.MYAGODICH\AppData\Roaming\Malwarebytes

2012-02-15 19:26 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll

2012-02-15 19:26 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll

2012-02-15 19:26 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl

2012-02-15 19:26 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl

2012-02-15 19:26 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-02-15 19:26 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys

2012-02-15 19:25 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll

2012-02-15 19:25 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-22 23:37 . 2011-06-08 20:39 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-01-29 15:10 . 2010-03-09 20:56 279656 ------w- c:\windows\system32\MpSigStub.exe

2011-12-11 01:24 . 2010-09-03 22:36 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

((((((((((((((((((((((((((((( SnapShot_2012-03-01_23.13.49 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-03-09 20:31 . 2012-03-01 23:36 44128 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-03-01 23:36 35862 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-03-09 18:06 . 2012-03-01 23:38 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-03-09 18:06 . 2012-03-01 22:08 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-03-09 18:06 . 2012-03-01 22:08 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-03-09 18:06 . 2012-03-01 23:38 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-03-01 22:08 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-03-01 23:38 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-05-12 21:12 . 2012-03-01 23:15 1720 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4065068618-2937187887-2301936484-500_UserData.bin

+ 2012-03-01 23:42 . 2012-03-01 23:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-03-01 23:13 . 2012-03-01 23:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2010-08-14 19:47 . 2012-03-01 23:36 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

- 2010-08-14 19:47 . 2012-03-01 22:45 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

- 2009-07-14 04:54 . 2012-03-01 22:45 245760 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-03-01 23:36 245760 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2012-01-17 19:09 . 2012-03-01 22:02 262144 c:\windows\SysWOW64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat

+ 2012-01-17 19:09 . 2012-03-01 23:34 262144 c:\windows\SysWOW64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat

+ 2009-07-14 02:36 . 2012-03-01 23:40 624918 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-03-01 23:40 107050 c:\windows\system32\perfc009.dat

+ 2010-03-09 20:10 . 2012-03-01 23:29 262144 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

- 2010-03-09 20:10 . 2012-03-01 22:57 262144 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2010-03-09 20:10 . 2012-03-01 23:29 147456 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-03-09 20:10 . 2012-03-01 22:57 147456 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 05:01 . 2012-03-01 22:11 445600 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-03-01 23:41 445600 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 04:54 . 2012-03-01 22:45 3489792 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-03-01 23:36 3489792 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2010-03-09 20:10 . 2012-03-01 22:57 4161536 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-03-09 20:10 . 2012-03-01 23:29 4161536 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2010-03-09 20:10 . 2012-03-01 22:57 3981312 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-03-09 20:10 . 2012-03-01 23:29 3981312 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-03-01 23:36 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2012-03-01 22:45 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Mobile Connectivity Suite"="c:\program files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-05-28 598016]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-06 421888]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-25 460872]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"ClamWin"="c:\program files (x86)\ClamWin\bin\ClamTray.exe" [2011-10-23 86016]

.

c:\users\Makia.Yagodich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Administrator.MYAGODICH\AppData\Roaming\Dropbox\bin\Dropbox.exe [N/A]

OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-430603267-1734416022-1497730634-1716\Scripts\Logon\0\0]

"Script"=changeprintsrv.bat

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-430603267-1734416022-1497730634-500\Scripts\Logon\0\0]

"Script"=changeprintsrv.bat

.

R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_f7375244d0579de7\AESTSr64.exe [2009-03-02 89600]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-19 138576]

R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2009-06-26 1040232]

R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2009-06-26 31080]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-12 136176]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-25 652872]

R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2010-04-30 6237800]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-05-22 1612392]

R3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [x]

R3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [x]

R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]

R3 DwMirror;DwMirror;c:\windows\system32\DRIVERS\DamewareMini.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-12 136176]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys [x]

R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S1 dwvkbd;DameWare Virtual Keyboard 64 bit Driver;c:\windows\system32\DRIVERS\dwvkbd64.sys [x]

S1 nltdi;nltdi;c:\program files\NetLimiter 3\nltdi.sys [2010-05-26 88200]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]

S3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-12 22:03]

.

2012-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-12 22:03]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-08-05 450048]

"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [bU]

"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2010-05-22 276584]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-04-14 1860496]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-02 2417032]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 10.0.1.11 10.0.9.150

TCP: Interfaces\{B0F4331D-0F74-4D44-8802-72AD1B4D01E1}\2456C6B696E6020562C4: NameServer = 192.168.2.1

TCP: Interfaces\{B0F4331D-0F74-4D44-8802-72AD1B4D01E1}\2456C6B696E60562C4: NameServer = 192.168.2.1

TCP: Interfaces\{B0F4331D-0F74-4D44-8802-72AD1B4D01E1}\2456C6B696E6F5562303937383: NameServer = 192.168.2.1

FF - ProfilePath - c:\users\Administrator.MYAGODICH\AppData\Roaming\Mozilla\Firefox\Profiles\hm5vulri.default\

.

- - - - ORPHANS REMOVED - - - -

.

ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-4065068618-2937187887-2301936484-500\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (Administrator)

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,12,cd,

07,9f,bb,ea,07,bf,9c,b0,17,8e,64,fb,d8

"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,3b,1b,ab,8d,06,

69,c2,85,45,03,ac,e1,9e,9a,f3,93,6b,58

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1a,da,

c4,77,f7,32,06,a6,7e,d6,65,c3,8f,ce,b2

"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,3b,1b,21,84,17,

e0,68,9f,47,0b,a5,31,dc,a9,2b,9c,13,18

"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,3b,1b,6f,c4,f8,

a2,57,91,b9,54,a6,e7,4a,e0,cb,40,f3,14

.

[HKEY_USERS\S-1-5-21-4065068618-2937187887-2301936484-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (Administrator)

"Timestamp"=hex:da,12,db,c5,fe,f7,cc,01

.

[HKEY_USERS\S-1-5-21-4065068618-2937187887-2301936484-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6b,5a,31,9f,31,a9,da,4f,9a,2e,a2,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6b,5a,31,9f,31,a9,da,4f,9a,2e,a2,\

.

[HKEY_USERS\S-1-5-21-4065068618-2937187887-2301936484-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]

@Denied: (2) (Administrator)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\S-1-5-21-4065068618-2937187887-2301936484-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]

@Denied: (2) (Administrator)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\S-1-5-21-4065068618-2937187887-2301936484-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]

@Denied: (2) (Administrator)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\S-1-5-21-4065068618-2937187887-2301936484-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]

@Denied: (2) (Administrator)

"Progid"="FirefoxHTML"

.

[HKEY_USERS\S-1-5-21-4065068618-2937187887-2301936484-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]

@Denied: (2) (Administrator)

"Progid"="FirefoxHTML"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\\.\globalroot\systemroot\svchost.exe

c:\\.\globalroot\systemroot\svchost.exe

.

**************************************************************************

.

Completion time: 2012-03-01 13:43:25 - machine was rebooted

ComboFix-quarantined-files.txt 2012-03-01 23:43

ComboFix2.txt 2012-03-01 23:36

ComboFix3.txt 2012-03-01 23:15

ComboFix4.txt 2012-01-28 07:34

ComboFix5.txt 2012-03-01 23:36

.

Pre-Run: 199,613,165,568 bytes free

Post-Run: 199,585,648,640 bytes free

.

- - End Of File - - 3594F09C6FFE43BD7DA9544D5F093A1C

Any assistance would be greatly appreciated.

Mahalo

Link to post
Share on other sites

Hello Mahalo and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictlya and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Do not run so powerful tools such as ComboFix without supervision from trained helper. Please read this article: ComboFix usage, Questions, Help?

Step 1

Uninstall ComboFix on this way:

http://www.bleepingc...bofix#uninstall

Step 2

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.