Jump to content

Infected with (possible) Smart HDD; can't run MBAM


suchek
 Share

Recommended Posts

Hello. I believe I've been hit with the Smart HDD virus or something similar. I can't run MBAM, so I don't know for sure. But I'm getting similar critical hard-drive error messages to those that have been reported with Smart HDD.

I've tried to start up in Safe Mode. I get a Windows Error Recovery message that allows me to choose only between "Launch Startup Repair" and "Start Windows Normally." I didn't want to run Startup Repair until I'd consulted this forum.

I'm running Win7, 64-bit, on a Dell Inspiron laptop. Any help that you can provide would be very much appreciated.

I'm sorry I don't have the DDS scan yet, since my computer shut down after infection. But here's the chain of events:

• Using Firefox, I ran a Google search and clicked on a link in the Google search results to go to a recognized website.

• As soon as I clicked over to the website, a PDF began downloading. I hadn't clicked on anything within the site itself that should have prompted a PDF download. I tried to cancel the download in my FF downloads window, but the download had already completed. My open Adobe Acrobat windows immediately closed.

• Since an auto-PDF download was how I picked up a Trojan.Dropper.BCMiner infection a couple months ago, I immediately started a MBAM scan. I was able to update MBAM and initiate the scan.

• While MBAM was running, I tried to also initiate a Windows Defender scan. I couldn't launch Windows Defender at all; I couldn't even get to the Windows Defender launch interface.

• While MBAM was running, my open Firefox windows suddenly closed, and then my open IE window. I was able to re-open FF, but I couldn't connect to any websites — my wireless connection had been disconnected. My network was still online, so I tried to reconnect. I got a seeming Windows message prompting me to connect an Ethernet cable to my laptop. I ignored the error and connected to my wireless network.

• Then my FF shut down again. Concerned that I might be open to remote-control of my laptop, I disconnected from my wireless network to take my computer offline.

• Then I got a seeming Windows message popup, with an exclamation mark in a yellow triangle, telling me that Windows had encountered an error during an IO something-or-other and that it was recommended that I do a HDD "Scan and Repair" to prevent possible data loss. There were a couple grammar errors in the message, so I ignored it.

• Next, the MBAM scan suddenly aborted mid-scan, and MBAM shut down.

• Then I got a string of 10 or so popup error dialogs, also marked with an exclamation mark in a yellow triangle, that said, "System message - Write Fault Error. A write command during the test has failed to complete. This may be due to a media or read/write error. The system generates an exception reference to an invalid system memory address." The three button options were "Cancel," "Try Again," and "Continue."

• I ignored these pop-ups as well, and then I started getting error mesages from the system tray/notifications section of my toolbar. The messages popped up one at a time. When I didn't click on an error message, a new error notification would pop up after a few minutes. The notifications cycled repeatedly through 5 different messages: "Device initialization failed" (marked with a white X in a red circle). "Critical Error. Drive sector not found error" (exclamation mark in a yellow triangle). "Critical error. Hard drive controller failure" (excla. mark in a yellow triangle). "Data Error Reading Drive C:\" (X in red circle). And one more error message about insufficient system resources.

• While I was writing down the errors, all the icons in my Quick Launch toolbar disappeared.

• Then I got another string of those popup "Write Fault Error" dialogs, and then another string after several minutes.

• I didn't click on anything. After about 15–20 minutes, my computer, of its own accord, cleared all the pop-up dialogs that were on the desktop, as well as the IO/HDD "Scan and Repair" window; then it logged itself off and shut itself down and began to restart Windows. At that point, I force-shut it down before it could restart Windows.

• When I attempted to boot up in Safe Mode, I got this message: "Windows Error Recovery. Windows failed to start. A recent hardware or software change might be the cause. If Windows files have been damaged or configured incorrectly, Startup Repair can hel pdiagnose and fixe the problem. If power was interrupted during startup, choose Start Windows Normally. (Use the arrow keys to highlight your choice.)" And then my two options are "Launch Startup Repair (recommended)" and "Start Windows Normally." I didn't want to launch Startup Repair unless instructed.

If I should run the Startup Repair in order to be able to boot up in Safe Mode and run MBAM, please let me know. Whatever it is I picked up went after my desktop fairly aggressively, and I'm just not sure what I should do next.

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Have you tried running MBAM via Chameleon? If not, see here and give it a try:

http://helpdesk.malwarebytes.org/entries/20872371-use-chameleon-to-run-malwarebytes-anti-malware-on-infected-systems

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Link to post
Share on other sites

I was able to boot up in Safe Mode. All files (C-drive, Start Menu, documents, everything) are hidden and inaccessible due to the infection. I ran MBAM.exe using the Run command. A full scan found two PUM.Hijack.StartMenu items, but nothing else.

DDS.txt log below. I have the Attach.txt and MBAM logs as well; if you need me to post them, just let me know.

Thank you very much for your help.

--------------------------------------------------------------------------------

.

DDS (Ver_2011-08-26.01) - NTFSAMD64 MINIMAL

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.7.2

Run by v at 11:15:58 on 2012-09-15

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6007.4713 [GMT -7:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\Explorer.EXE

C:\Windows\system32\ctfmon.exe

C:\Windows\system32\taskmgr.exe

C:\Program Files (x86)\Malwarebytes\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.nytimes.com/

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\Daemon Tools\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [Google Update] "C:\Users\v\AppData\Local\Google\Update\GoogleUpdate.exe" /c

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [RMgOYWJNIRmTJbK.exe] C:\ProgramData\RMgOYWJNIRmTJbK.exe

mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe

mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\OFFICE11\REFIEBAR.DLL

Trusted Zone: alohaenterprise.com\nextstudent

Trusted Zone: nextstudent.com\exchange

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{60DC434B-7369-4C0B-AA1A-DBA2FA0F87E9} : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{60DC434B-7369-4C0B-AA1A-DBA2FA0F87E9}\140707C65602E4564777F627B602564693632693 : DhcpNameServer = 10.0.1.1

TCP: Interfaces\{60DC434B-7369-4C0B-AA1A-DBA2FA0F87E9}\14E64627F696461405 : DhcpNameServer = 192.168.43.1

Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

BHO-X64: Search Helper - No File

BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [RMgOYWJNIRmTJbK.exe] C:\ProgramData\RMgOYWJNIRmTJbK.exe

mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe

mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\v\AppData\Roaming\Mozilla\Firefox\Profiles\g457744h.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.nytimes.com/

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npatgpc.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\v\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

S2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2010-12-29 89600]

S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-12-29 13336]

S2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-12-29 689472]

S2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]

S2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-29 2320920]

S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

S3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\system32\DRIVERS\bcmvwl64.sys --> C:\Windows\system32\DRIVERS\bcmvwl64.sys [?]

S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]

S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-5 114144]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

.

=============== Created Last 30 ================

.

2012-09-10 23:12:52 379904 ---ha-w- C:\ProgramData\RMgOYWJNIRmTJbK.exe

2012-09-10 18:30:18 69000 ---ha-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F8A52000-996B-41D1-B1F7-728EC38EA79B}\offreg.dll

2012-09-08 17:20:51 9310152 ---ha-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F8A52000-996B-41D1-B1F7-728EC38EA79B}\mpengine.dll

2012-09-05 23:12:55 95208 ---ha-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2012-08-31 04:40:47 73696 ---ha-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll

2012-08-25 02:48:21 -------- d--h--w- C:\Program Files (x86)\Amazon

2012-08-25 02:47:33 -------- d--h--w- C:\Program Files\Amazon

.

==================== Find3M ====================

.

2012-09-05 23:12:51 746984 ---ha-w- C:\Windows\SysWow64\deployJava1.dll

2012-09-05 23:09:16 73416 ---ha-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-09-05 23:09:16 696520 ---ha-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-07-18 17:31:12 3146752 ----a-w- C:\Windows\System32\win32k.sys

2012-07-04 22:01:38 58880 ----a-w- C:\Windows\System32\browcli.dll

2012-07-04 22:01:38 136704 ----a-w- C:\Windows\System32\browser.dll

2012-07-04 21:23:55 41472 ----a-w- C:\Windows\SysWow64\browcli.dll

2012-06-27 07:03:25 1197568 ----a-w- C:\Windows\System32\wininet.dll

2012-06-27 06:59:12 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2012-06-27 06:03:21 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-27 06:01:19 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2012-06-27 05:41:43 482816 ----a-w- C:\Windows\System32\html.iec

2012-06-27 04:58:58 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-27 04:53:25 386048 ----a-w- C:\Windows\SysWow64\html.iec

2012-06-27 04:19:51 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-19 15:53:55 129024 ---ha-w- C:\Windows\RegBootClean64.exe

2012-06-19 15:53:41 21520 ---ha-w- C:\Windows\DCEBoot64.exe

.

============= FINISH: 11:23:53.71 ===============

Link to post
Share on other sites

  • Staff

Hi,

My apologies for the extended delay.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

If after ComboFix reboots you get a message about an "Invalid Option Registry Key Marked for Deletion," please reboot again and the error will go away.

-screen317

Link to post
Share on other sites

  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.