Jump to content

Recommended Posts

I am having trouble getting rid of a trojan/virus that keeps opening DLLHost.exe Com Surrogate and using all of the RAM.

I have ran MWB, TDSSKiller, MSE, Hitman Pro, ADWCleaner, CCleaner, and probably a few others I can not remember off the top of my head. Below I pasted the results of a Farbar Recovery Scan Tool

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-10-2014 02
Ran by pain1 (administrator) on A90980101MOSS49 on 16-10-2014 15:51:17
Running from C:\Users\administrator\Downloads
Loaded Profiles: pain1 & Administrator & LogMeInRemoteUser & PAIN1 (Available profiles: pain1 & Administrator & LogMeInRemoteUser & PAIN1)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\System Center Operations Manager 2007\HealthService.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
(Microsoft Corporation) C:\Program Files\System Center Operations Manager 2007\MonitoringHost.exe
(Microsoft Corporation) C:\Program Files\System Center Operations Manager 2007\MonitoringHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(Medtronic Inc) C:\Program Files\Medtronic\Report Link\Medtronic N'Vision® Report Link.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Panasonic System Networks Co., Ltd.) C:\Program Files\Panasonic\UserUtility\ScannerIndicator.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Panasonic System Networks Co., Ltd.) C:\Program Files\Panasonic\UserUtility\ScannerIndicator.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(SurfRight B.V.) C:\Users\administrator\Downloads\HitmanPro.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9841256 2010-11-10] (Realtek Semiconductor)
HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM\...\Run: [iMSS] => C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [112152 2011-02-01] (Intel Corporation)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2010-09-17] (LogMeIn, Inc.)
HKLM\...\Run: [ConnectionCenter] => C:\Program Files\Citrix\ICA Client\concentr.exe [103768 2009-09-13] (Citrix Systems, Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Report Link] => C:\Program Files\Medtronic\Report Link\Medtronic N'Vision® Report Link.exe [1980416 2011-08-24] (Medtronic Inc)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKU\S-1-5-21-139714211-4139598270-557219390-1301\...\Run: [updateMgr] => C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe [307200 2004-11-22] (Adobe Systems Incorporated)
HKU\S-1-5-21-139714211-4139598270-557219390-1301\...\Run: [Entab] => C:\Users\PAIN1\AppData\Roaming\Abpypyva\notad.exe
HKU\S-1-5-21-139714211-4139598270-557219390-1301\...\Run: [.tluafed** <*>] => C:\Users\PAIN1\Application Data\{00003A82-563F-41E9-BA8E-2B38D1781C98}.ex <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-139714211-4139598270-557219390-1301\...\Policies\system: [DisableChangePassword] 1
HKU\S-1-5-21-139714211-4139598270-557219390-1301\...\Policies\system: [setVisualStyle]
HKU\S-1-5-21-139714211-4139598270-557219390-1301\...\Policies\Explorer: [NoDeletePrinter] 1
HKU\S-1-5-21-139714211-4139598270-557219390-1301\...\Policies\Explorer: [RestrictCpl] 1
HKU\S-1-5-21-139714211-4139598270-557219390-1301\...\Policies\Explorer: [DisablePersonalDirChange] 1
HKU\S-1-5-21-139714211-4139598270-557219390-1301\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-139714211-4139598270-557219390-1301\...\Policies\Explorer: [NoRecentDocsNetHood] 1
HKU\S-1-5-21-139714211-4139598270-557219390-1301\...\Policies\Explorer: [NoCloseDragDropBands] 1
HKU\S-1-5-21-139714211-4139598270-557219390-1301\...\Policies\Explorer: [intellimenus] 1
HKU\S-1-5-21-139714211-4139598270-557219390-1301\...\Policies\Explorer: [LockTaskbar] 1
HKU\S-1-5-21-139714211-4139598270-557219390-1301\...\Policies\Explorer: [NoSMBalloonTip] 1
HKU\S-1-5-21-139714211-4139598270-557219390-1301\...\Policies\Explorer: [NoStartMenuMorePrograms] 0
HKU\S-1-5-21-139714211-4139598270-557219390-1301\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-21-139714211-4139598270-557219390-1301\...\Policies\Explorer: [NoStartMenuMyMusic] 1
HKU\S-1-5-21-139714211-4139598270-557219390-1301\...\Policies\Explorer: [NoSMMyPictures] 1
HKU\S-1-5-21-139714211-4139598270-557219390-1301\...\Policies\Explorer: [NoSearchInternetInStartMenu] 1
HKU\S-1-5-21-139714211-4139598270-557219390-1301\...\Policies\Explorer: [NoSetTaskbar] 1
HKU\S-1-5-21-139714211-4139598270-557219390-1301\...\Policies\Explorer: [QuickLaunchEnabled] 1
HKU\S-1-5-21-139714211-4139598270-557219390-1301\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-139714211-4139598270-557219390-1301\...\Policies\Explorer: [TaskbarLockAll] 1
HKU\S-1-5-21-139714211-4139598270-557219390-1301\...\Policies\Explorer: [TaskbarNoAddRemoveToolbar] 1
HKU\S-1-5-21-139714211-4139598270-557219390-1301\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\S-1-5-21-139714211-4139598270-557219390-1301\...\Policies\Explorer: [TaskbarNoRedock] 1
HKU\S-1-5-21-139714211-4139598270-557219390-1301\...\Policies\Explorer: [TaskbarNoResize] 1
HKU\S-1-5-21-139714211-4139598270-557219390-1301\...\Policies\Explorer: [NoStartMenuMFUprogramsList] 1
HKU\S-1-5-21-139714211-4139598270-557219390-1301\...\Policies\Explorer: [NoNetworkConnections] 1
HKU\S-1-5-21-139714211-4139598270-557219390-1301\...\Policies\Explorer: [ForceRunOnStartMenu] 1
HKU\S-1-5-21-139714211-4139598270-557219390-1301\...\Policies\Explorer: [NoMovingBands] 1
HKU\S-1-5-21-139714211-4139598270-557219390-1301\...\Policies\Explorer: [NoAutoTrayNotify] 1
HKU\S-1-5-21-139714211-4139598270-557219390-1301\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume3\Users\PAIN1\AppData\Local\Temp\seaqpxt\sfinnov\wow.dll ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-139714211-4139598270-557219390-1301\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
HKU\S-1-5-21-139714211-4139598270-557219390-500\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4811032 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-2858324393-2018379828-265839860-1000\...\Run: [Global Registration] => "C:\Program Files\Acer\Registration\GREG.exe" /boot
HKU\S-1-5-21-2858324393-2018379828-265839860-1000\...\MountPoints2: {b95d8cc1-c8f1-11e0-aa25-c89cdc29aa96} - "D:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-2858324393-2018379828-265839860-1003\...\RunOnce: [scrSav] => C:\Program Files\Acer\Screensaver\run_Acer.exe /default                                            
IFEO\ehshell.exe: [Debugger] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" -MceShellRedirect
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScannerIndicator.lnk
ShortcutTarget: ScannerIndicator.lnk -> C:\Program Files\Panasonic\UserUtility\ScannerIndicator.exe (Panasonic System Networks Co., Ltd.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xEA7EB00C0574CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: AcroIEToolbarHelper Class -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
Hosts: 172.20.1.221 MOSS-TS.MOSS-DOM.local
Tcpip\Parameters: [DhcpNameServer] 192.168.249.1 162.82.116.10 162.82.171.26

FireFox:
========
FF ProfilePath: C:\Users\PAIN1\AppData\Roaming\Mozilla\Firefox\Profiles\u20pfzu9.default
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\PAIN1\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)

Chrome:
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 AdtAgent; C:\Windows\system32\AdtAgent.exe [269696 2009-05-08] (Microsoft Corporation)
R2 HealthService; C:\Program Files\System Center Operations Manager 2007\HealthService.exe [27008 2009-05-08] (Microsoft Corporation)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106248 2014-10-16] (SurfRight B.V.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45568 2011-04-13] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2011-04-13] (Hewlett-Packard) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 e1cexpress; C:\Windows\System32\DRIVERS\e1c6232.sys [282792 2012-01-11] (Intel Corporation)
R3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [30976 2014-10-16] ()
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-10-16] (Malwarebytes Corporation)
R3 MEI; C:\Windows\system32\drivers\HECI.sys [41088 2010-10-19] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R1 MpKslc27d0c71; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5186F687-5C0B-4C15-AA1C-F93144C2ECA8}\MpKslc27d0c71.sys [39464 2014-10-16] (Microsoft Corporation)
R3 staccel; C:\Windows\System32\DRIVERS\staccel.sys [32864 2013-03-08] (ShoreTel, Inc)
R3 vpcbus; C:\Windows\system32\drivers\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
S4 LMIRfsClientNP; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-16 15:38 - 2014-10-16 15:38 - 00030976 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-10-16 15:38 - 2014-10-16 15:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-10-16 15:38 - 2014-10-16 15:38 - 00000000 ____D () C:\Program Files\HitmanPro
2014-10-16 15:37 - 2014-10-16 15:38 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-10-16 15:31 - 2014-10-16 15:32 - 10280824 _____ (SurfRight B.V.) C:\Users\administrator\Downloads\HitmanPro.exe
2014-10-16 13:29 - 2014-10-16 13:29 - 00000000 ____D () C:\Windows\ERUNT
2014-10-16 13:25 - 2014-10-16 13:25 - 15725144 _____ () C:\Users\administrator\Downloads\RogueKiller.exe
2014-10-16 13:25 - 2014-10-16 13:25 - 01705698 _____ (Thisisu) C:\Users\administrator\Downloads\JRT.exe
2014-10-16 13:25 - 2014-10-16 13:25 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-10-16 13:25 - 2014-10-16 13:25 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-10-16 13:08 - 2014-10-16 13:08 - 00000037 _____ () C:\Users\PAIN1\AppData\Roaming\SAS7_000.DAT
2014-10-16 13:07 - 2014-10-16 13:07 - 00000552 _____ () C:\Windows\PFRO.log
2014-10-16 12:02 - 2014-10-16 12:46 - 00000000 ___SD () C:\ComboFix
2014-10-16 12:02 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-16 12:02 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-16 12:02 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-16 12:02 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-16 12:02 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-16 12:02 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-16 12:02 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-16 12:02 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-16 12:00 - 2014-10-16 12:02 - 00000000 ___SD () C:\32788R22FWJFW
2014-10-16 12:00 - 2014-10-16 12:02 - 00000000 ____D () C:\Qoobox
2014-10-16 12:00 - 2014-10-16 12:00 - 00000000 ____D () C:\Windows\erdnt
2014-10-16 11:51 - 2014-10-16 11:51 - 05583559 _____ (Swearware) C:\Users\administrator\Downloads\ComboFix.exe
2014-10-16 11:50 - 2014-10-16 11:51 - 00000000 ____D () C:\cecresources
2014-10-16 11:50 - 2014-10-16 11:50 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\administrator\Downloads\rkill (1).exe
2014-10-16 11:10 - 2014-10-16 15:51 - 00016930 _____ () C:\Users\administrator\Downloads\FRST.txt
2014-10-16 11:10 - 2014-10-16 11:11 - 00034356 _____ () C:\Users\administrator\Downloads\Addition.txt
2014-10-16 11:09 - 2014-10-16 15:51 - 00000000 ____D () C:\FRST
2014-10-16 11:09 - 2014-10-16 11:09 - 01102848 _____ (Farbar) C:\Users\administrator\Downloads\FRST.exe
2014-10-16 10:45 - 2014-09-11 08:57 - 00593080 _____ (Sysinternals - www.sysinternals.com) C:\autoruns.exe
2014-10-16 10:30 - 2014-10-16 14:55 - 00000392 _____ () C:\Windows\setupact.log
2014-10-16 10:30 - 2014-10-16 10:30 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-16 09:30 - 2014-10-16 09:31 - 04965896 _____ (Piriform Ltd) C:\Users\administrator\Downloads\ccsetup418.exe
2014-10-16 08:54 - 2014-10-16 08:54 - 01976320 _____ () C:\Users\administrator\Downloads\AdwCleaner (1).exe
2014-10-15 15:51 - 2014-10-09 21:44 - 00396288 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 15:51 - 2014-10-09 21:44 - 00230912 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 15:51 - 2014-10-09 21:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 15:50 - 2014-09-28 20:41 - 02379264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 15:47 - 2014-09-19 18:53 - 12364288 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 15:47 - 2014-09-19 18:44 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 15:47 - 2014-09-19 18:41 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 15:47 - 2014-09-19 18:39 - 01138688 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 15:47 - 2014-09-19 18:38 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 15:47 - 2014-09-19 18:37 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 15:47 - 2014-09-19 18:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-10-15 15:47 - 2014-09-19 18:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 15:47 - 2014-09-19 18:36 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 15:47 - 2014-09-19 18:35 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 15:47 - 2014-09-19 18:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-15 15:47 - 2014-09-19 18:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 15:47 - 2014-09-19 18:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 15:47 - 2014-09-19 18:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-10-15 15:47 - 2014-09-19 18:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 15:47 - 2014-09-19 18:34 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 15:47 - 2014-09-19 18:34 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 15:47 - 2014-09-19 18:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 15:47 - 2014-09-19 18:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-10-15 15:47 - 2014-09-19 18:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-10-15 15:47 - 2014-09-19 18:33 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 15:47 - 2014-09-04 01:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 15:43 - 2014-09-04 21:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 15:43 - 2014-08-28 21:44 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-15 15:43 - 2014-06-18 18:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 15:43 - 2014-06-18 18:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 15:43 - 2014-06-18 18:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 15:42 - 2014-09-17 21:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 15:42 - 2014-09-12 21:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 15:42 - 2014-07-16 21:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 15:42 - 2014-07-16 21:39 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 15:42 - 2014-07-16 21:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 15:42 - 2014-07-16 21:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 15:42 - 2014-07-16 21:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 15:42 - 2014-07-16 21:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 15:42 - 2014-07-16 21:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 15:42 - 2014-07-16 21:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 15:41 - 2014-08-18 22:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 15:41 - 2014-08-18 22:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 15:41 - 2014-08-18 22:41 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 15:41 - 2014-08-18 22:40 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 15:41 - 2014-08-18 22:40 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 15:41 - 2014-08-18 21:48 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 15:41 - 2014-07-06 21:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 15:41 - 2014-07-06 21:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 15:41 - 2014-07-06 21:40 - 02135040 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-10-15 15:41 - 2014-07-06 21:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 15:41 - 2014-07-06 21:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 15:41 - 2014-07-06 21:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 15:41 - 2014-07-06 21:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 15:41 - 2014-07-06 21:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 15:41 - 2014-07-06 21:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 15:41 - 2014-07-06 21:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 15:41 - 2014-07-06 21:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 15:41 - 2014-07-06 21:40 - 00473600 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 15:41 - 2014-07-06 21:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 15:41 - 2014-07-06 21:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 15:41 - 2014-07-06 21:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 15:41 - 2014-07-06 21:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 15:41 - 2014-07-06 21:40 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 15:41 - 2014-07-06 21:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 15:41 - 2014-07-06 21:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 15:41 - 2014-07-06 21:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 15:41 - 2014-07-06 21:40 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 15:41 - 2014-07-06 21:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 15:41 - 2014-07-06 21:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 15:41 - 2014-07-06 21:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 15:41 - 2014-07-06 21:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 15:41 - 2014-07-06 21:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 15:41 - 2014-07-06 21:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 15:41 - 2014-07-06 21:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 15:41 - 2014-07-06 21:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-10-15 15:41 - 2014-07-06 21:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 15:41 - 2014-07-06 21:39 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 15:41 - 2014-07-06 21:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 15:41 - 2014-07-06 21:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 15:41 - 2014-07-06 21:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 15:41 - 2014-07-06 21:28 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 15:41 - 2014-06-27 20:21 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 15:41 - 2014-06-27 20:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 15:41 - 2014-06-27 20:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-15 07:31 - 2014-10-15 07:31 - 00001714 _____ () C:\Users\administrator\AppData\Roaming\SAS7_000.DAT
2014-10-13 07:52 - 2014-10-13 07:52 - 00006640 ____N () C:\bootsqm.dat
2014-10-13 07:49 - 2014-10-13 07:49 - 00000000 __SHD () C:\found.001
2014-10-01 15:07 - 2014-09-24 21:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-30 12:41 - 2014-10-10 11:19 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-09-26 14:29 - 2014-09-26 14:30 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-24 08:26 - 2014-09-09 17:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-16 15:30 - 2012-07-10 11:19 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-16 15:30 - 2012-02-16 12:28 - 00000128 _____ () C:\Windows\system32\config\netlogon.ftl
2014-10-16 15:24 - 2012-02-13 18:47 - 01304163 _____ () C:\Windows\WindowsUpdate.log
2014-10-16 15:21 - 2014-01-28 08:28 - 00000974 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2014-10-16 15:21 - 2014-01-28 08:28 - 00000958 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2014-10-16 15:12 - 2012-08-06 14:39 - 00000940 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-139714211-4139598270-557219390-500UA.job
2014-10-16 15:02 - 2009-07-14 00:34 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-16 15:02 - 2009-07-14 00:34 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-16 14:55 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-16 14:15 - 2009-07-14 00:53 - 00032554 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-16 14:08 - 2014-09-11 12:27 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-16 13:33 - 2012-02-16 13:55 - 00011240 __RSH () C:\Users\PAIN1\ntuser.pol
2014-10-16 13:33 - 2012-02-16 13:43 - 00000000 ____D () C:\Users\PAIN1
2014-10-16 12:13 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-16 09:33 - 2012-02-13 18:52 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-10-16 09:33 - 2007-07-11 21:49 - 00000000 ____D () C:\Windows\Panther
2014-10-16 09:31 - 2014-01-20 09:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-10-16 09:31 - 2014-01-20 09:08 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-16 08:56 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\Web
2014-10-16 08:54 - 2014-09-11 12:16 - 00000000 ____D () C:\AdwCleaner
2014-10-16 08:30 - 2009-07-14 00:46 - 00001515 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-10-16 08:12 - 2012-08-06 14:39 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-139714211-4139598270-557219390-500Core.job
2014-10-16 07:33 - 2011-01-26 19:18 - 00746622 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-16 07:23 - 2009-07-14 00:33 - 00409392 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 07:21 - 2014-08-26 07:03 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-15 15:50 - 2012-02-13 18:06 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-13 15:17 - 2013-05-16 22:00 - 00000000 ____D () C:\Users\administrator\AppData\Roaming\ShoreWare Client
2014-10-13 13:48 - 2012-11-28 16:18 - 00000000 ____D () C:\Users\PAIN1\AppData\Local\AOL
2014-10-10 11:36 - 2014-05-12 08:27 - 00000000 ____D () C:\Users\PAIN1\AppData\Roaming\Mozilla
2014-10-10 11:36 - 2012-03-26 08:50 - 00000000 ____D () C:\Users\PAIN1\AppData\Roaming\Nuance
2014-10-10 11:36 - 2012-02-27 17:55 - 00000000 ____D () C:\Users\PAIN1\AppData\Roaming\ShoreWare Client
2014-10-10 11:35 - 2012-04-03 13:19 - 00000000 ____D () C:\Users\PAIN1\AppData\Roaming\Juniper Networks
2014-10-10 11:35 - 2012-02-17 14:01 - 00000000 ____D () C:\Users\PAIN1\AppData\Roaming\Adobe
2014-10-10 11:32 - 2012-02-29 16:32 - 00000000 ____D () C:\ProgramData\Nuance
2014-10-10 11:32 - 2012-02-16 13:43 - 00000000 ____D () C:\Users\PAIN1\AppData\Local\Citrix
2014-09-30 07:24 - 2014-05-12 08:27 - 00000000 ____D () C:\Users\PAIN1\AppData\Local\Mozilla
2014-09-30 07:24 - 2014-05-12 08:24 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-24 20:12 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\rescache
2014-09-22 02:41 - 2011-08-17 11:25 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Alureon:
C:\Users\PAIN1\AppData\Local\Temp\seaqpxt\sfinnov\wow.dll

Some content of TEMP:
====================
C:\Users\administrator\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-16 15:21

==================== End Of Log ============================

 

Link to post
Share on other sites

Hello,
    
 
They call me TwinHeadedEagle around here, and I'll be working with you.
 
     
    
Before we start please read and note the following:

  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • Stay with me to the end, the absence of symptoms doesn't mean that your machine is fully operational.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

:excl: I can't foresee everything, so if anything unexpected happens, please stop and inform me!
:excl: There are no silly questions. Never be afraid to ask if in doubt!
 
 
 
  warning.gif Rules and policies
 
We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!
 
Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.
 
 
 
 

51a5bf3d99e8a-ComboFixlogo16.png Scan with ComboFix
 
This is a very powerful tool that should be used only if advised by Malware Analyst.
Do not run ComboFix on your own!

 
Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on 51a5bf3d99e8a-ComboFixlogo16.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the disclaimer and agree if prompted to install Recovery Console.
  • Do not take any actions while ComboFix goes through your System - it may cause it to stall!
  • This scan may take some time!
  • When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).
  • Include that log in your next reply.
    icon_idea.gif If you'll encounter any issues with internet connection after running ComboFix, please visit this link.
    icon_idea.gif If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.
Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.