TechSpot

Worst Virus problem I've ever had

Inactive-A
By NeilCourticeONT
May 9, 2014
  1. Virus: Win32/Rovnix.gen!C
    Virus: DOS/Rovnix.gen!A

    Both of these showed up on my computer today (or activated today at least).

    With my internet connection active, Internet Explorer starts to open multiple times in the background.
    (without me launching IE at all - I use Chrome for everything)
    It chokes my CPU resources almost immediately ( 100% CPU use )

    I have gone through steps 1 and 2 as per the instructions. Attached is my Scan Log from MBAM, as I move on to DDS.

    ***********************************
     

    Attached Files:

  2. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==================================

    Please observe forum rules.
    All logs have to be pasted not attached.
     
  3. NeilCourticeONT

    NeilCourticeONT TS Rookie Topic Starter

    Oops - sorry.
    Here's the text from the log :

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 09/05/2014
    Scan Time: 11:23:16 PM
    Logfile:
    Administrator: Yes

    Version: 2.00.1.1004
    Malware Database: v2014.05.10.01
    Rootkit Database: v2014.03.27.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Chameleon: Disabled

    OS: Windows Vista Service Pack 2
    CPU: x86
    File System: NTFS
    User: Default

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 290533
    Time Elapsed: 26 min, 27 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Shuriken: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 29
    PUP.Optional.MediaBuzz.A, HKLM\SOFTWARE\CLASSES\CLSID\{6e5fc976-41f5-4a38-8b32-d50e5b211a55}, Quarantined, [a41559f6f586c0760ed33f2d0bf9e818],
    PUP.Optional.MediaBuzz.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{cb66ca12-a3d1-4cc4-8309-1d45ccf2ad44}, Quarantined, [a41559f6f586c0760ed33f2d0bf9e818],
    PUP.Optional.MediaBuzz.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C2DA4F9D-8922-4C55-A10B-9AD784A87E25}, Quarantined, [a41559f6f586c0760ed33f2d0bf9e818],
    PUP.Optional.MediaBuzz.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{6E5FC976-41F5-4A38-8B32-D50E5B211A55}, Quarantined, [a41559f6f586c0760ed33f2d0bf9e818],
    PUP.Optional.MediaBuzz.A, HKU\S-1-5-21-3167029622-1747883471-2824578182-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{6E5FC976-41F5-4A38-8B32-D50E5B211A55}, Quarantined, [a41559f6f586c0760ed33f2d0bf9e818],
    PUP.Optional.MediaBuzz.A, HKU\S-1-5-21-3167029622-1747883471-2824578182-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{6E5FC976-41F5-4A38-8B32-D50E5B211A55}, Quarantined, [a41559f6f586c0760ed33f2d0bf9e818],
    PUP.Optional.MediaBuzz.A, HKLM\SOFTWARE\CLASSES\CLSID\{6E5FC976-41F5-4A38-8B32-D50E5B211A55}\INPROCSERVER32, Quarantined, [a41559f6f586c0760ed33f2d0bf9e818],
    PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\CLASSES\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}, Quarantined, [813878d70576b87e1dcfc8639171f808],
    PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\CLASSES\TYPELIB\{A0EE0278-2986-4E5A-884E-A3BF0357E476}, Quarantined, [813878d70576b87e1dcfc8639171f808],
    PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\CLASSES\INTERFACE\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}, Quarantined, [813878d70576b87e1dcfc8639171f808],
    PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}, Quarantined, [813878d70576b87e1dcfc8639171f808],
    PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\CLASSES\Updater.AmiUpd.1, Quarantined, [813878d70576b87e1dcfc8639171f808],
    PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\CLASSES\Updater.AmiUpd, Quarantined, [813878d70576b87e1dcfc8639171f808],
    Trojan.Vundo, HKU\S-1-5-21-3167029622-1747883471-2824578182-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{56256A51-B582-467e-B8D4-7786EDA79AE0}, Quarantined, [4178ec63017ab18576066ee454ae916f],
    Trojan.Vundo, HKU\S-1-5-21-3167029622-1747883471-2824578182-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{56256A51-B582-467E-B8D4-7786EDA79AE0}, Quarantined, [4178ec63017ab18576066ee454ae916f],
    Trojan.Vundo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{56256A51-B582-467E-B8D4-7786EDA79AE0}, Quarantined, [4178ec63017ab18576066ee454ae916f],
    PUP.Optional.FunWebProducts.A, HKU\S-1-5-21-3167029622-1747883471-2824578182-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}, Quarantined, [fabff45b087368ce4745095106fc2dd3],
    PUP.Optional.FunWebProducts.A, HKLM\SOFTWARE\MICROSOFT\CODE STORE DATABASE\DISTRIBUTION UNITS\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}, Quarantined, [fabff45b087368ce4745095106fc2dd3],
    PUP.Optional.DomaIQ.A, HKLM\SOFTWARE\DomaIQ, Quarantined, [9b1e014e64170630b46a6f2818ea12ee],
    PUP.Optional.MediaBuzz.A, HKLM\SOFTWARE\MediaBuzzV1, Quarantined, [2099450a89f277bf2bf486f9d72b8080],
    PUP.Optional.MediaBuzz.A, HKLM\SOFTWARE\MediaBuzzV1mode7984, Quarantined, [19a0c48b3744ee4821fe384720e2cc34],
    PUP.Optional.FunWebProducts.A, HKLM\SOFTWARE\FUNWEBPRODUCTS\Installer, Quarantined, [6950450a205b93a35f4e4a66649f38c8],
    PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\dedmngkbaffkenlfdcbganndoghblmap, Quarantined, [a019262987f482b4dfab1d5ee0229967],
    PUP.Optional.Gophoto.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pfmopbbadnfoelckkcmjjeaaegjpjjbk, Quarantined, [6c4deb64b5c66ccab949812e7b88cc34],
    PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\poheodfamflhhhdcmjfeggbgigeefaco, Quarantined, [f9c0ba95a1dadf570cdc8ef9d23060a0],
    PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-3167029622-1747883471-2824578182-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\1ClickDownload, Quarantined, [f8c170dfdd9e53e3b3ec4f5c3cc7c739],
    PUP.Optional.PriceGong.A, HKU\S-1-5-21-3167029622-1747883471-2824578182-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, Quarantined, [942580cfed8e85b1ed7948460ef4c53b],
    PUP.Optional.HDVidCodec.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\1ClickDownload, Quarantined, [bbfe97b80e6df442168c7feec939817f],
    PUP.Optional.MediaBuzz.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MediaBuzzV1mode7984, Quarantined, [2a8fada2cab1e5514e1ca9d09d65c23e],

    Registry Values: 5
    PUP.Optional.MindSpark.A, HKU\S-1-5-21-3167029622-1747883471-2824578182-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{00A6FAF6-072E-44cf-8957-5838F569A31D}, Quarantined, [c4f5fd523c3f87af73a270ec4eb405fb],
    PUP.Optional.MindSpark.A, HKU\S-1-5-21-3167029622-1747883471-2824578182-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{00A6FAF6-072E-44CF-8957-5838F569A31D}, Quarantined, [c4f5fd523c3f87af73a270ec4eb405fb],
    PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|ext@bettersurfplus.com, C:\Program Files\BetterSurf\BetterSurfPlus\ff, Quarantined, [4475ed62abd052e43f121c7013ef38c8]
    PUP.Optional.MediaBuzz.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|ext@MediaBuzzV1mode7984.net, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode7984\ff, Quarantined, [02b7113ee19ad4620d13ceb123df7c84]
    PUP.Optional.ConduitSearchProtect, HKU\S-1-5-21-3167029622-1747883471-2824578182-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|SearchProtect, C:\Users\Guest\AppData\Roaming\SearchProtect\bin\cltmng.exe, Quarantined, [308981ce3d3e05318fb44d5a679cce32]

    Registry Data: 0
    (No malicious items detected)

    Folders: 19
    PUP.Optional.HDVidCodec.A, C:\Users\Default.Default-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hdvidcodec.com, Quarantined, [26931b341c5fe74f1e0fddcefe05ba46],
    PUP.Optional.Gophoto.A, C:\Program Files\Gophoto.it, Quarantined, [2594f15ec1ba39fd4cb5bbf4ba498779],
    PUP.Optional.OpenCandy, C:\Users\Default.Default-PC\AppData\Roaming\OpenCandy, Quarantined, [eccddb74e79468ce200ebab2d52d12ee],
    PUP.Optional.OpenCandy, C:\Users\Default.Default-PC\AppData\Roaming\OpenCandy\OpenCandy_C3096C6E8EE7413B99CDD45A9BF442CE, Quarantined, [eccddb74e79468ce200ebab2d52d12ee],
    PUP.Optional.HDVidCodec.A, C:\Program Files\hdvidcodec.com, Quarantined, [bbfe97b80e6df442168c7feec939817f],
    PUP.Optional.Webexp, C:\Program Files\WebexpEnhancedV1, Quarantined, [c3f685cadaa184b28b970e6014ee7987],
    PUP.Optional.CrossRider.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpkbnefaikfaeadgidhpoanckoiaheli, Quarantined, [baff2a256813d56180b65b1630d2cc34],
    PUP.Optional.CrossRider.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpkbnefaikfaeadgidhpoanckoiaheli\2.1_0, Quarantined, [baff2a256813d56180b65b1630d2cc34],
    PUP.Optional.CrossRider.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpkbnefaikfaeadgidhpoanckoiaheli\2.1_0\html, Quarantined, [baff2a256813d56180b65b1630d2cc34],
    PUP.Optional.CrossRider.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpkbnefaikfaeadgidhpoanckoiaheli\2.1_0\images, Quarantined, [baff2a256813d56180b65b1630d2cc34],
    PUP.Optional.CrossRider.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpkbnefaikfaeadgidhpoanckoiaheli\2.1_0\js, Quarantined, [baff2a256813d56180b65b1630d2cc34],
    PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode7984, Quarantined, [2a8fada2cab1e5514e1ca9d09d65c23e],
    PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode7984\ch, Quarantined, [2a8fada2cab1e5514e1ca9d09d65c23e],
    PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode7984\ff, Quarantined, [2a8fada2cab1e5514e1ca9d09d65c23e],
    PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode7984\ff\chrome, Quarantined, [2a8fada2cab1e5514e1ca9d09d65c23e],
    PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode7984\ff\chrome\content, Quarantined, [2a8fada2cab1e5514e1ca9d09d65c23e],
    PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode7984\ff\chrome\content\icons, Quarantined, [2a8fada2cab1e5514e1ca9d09d65c23e],
    PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode7984\ff\chrome\content\icons\default, Quarantined, [2a8fada2cab1e5514e1ca9d09d65c23e],
    PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode7984\ie, Quarantined, [2a8fada2cab1e5514e1ca9d09d65c23e],

    Files: 40
    PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode7984\ie\MediaBuzzV1mode7984.dll, Quarantined, [a41559f6f586c0760ed33f2d0bf9e818],
    PUP.Optional.SoftwareUpdater, C:\Users\Default.Default-PC\AppData\Local\SwvUpdater\Updater.exe, Quarantined, [813878d70576b87e1dcfc8639171f808],
    PUP.FakeFlash.Domaiq, C:\Users\Default.Default-PC\Documents\Downloads\FlashPlayer_V.137018230c.exe, Quarantined, [cfea212e62193402534902e3b44ca45c],
    PUP.Optional.Bandoo, C:\Users\Default.Default-PC\Documents\Downloads\iLividSetup-r989-n-bc.exe, Quarantined, [6950292688f392a4df56d236bd448779],
    PUP.Optional.iBryte, C:\Users\Default.Default-PC\Documents\Downloads\Express_Installer.exe, Quarantined, [7445430c5e1d0b2b01960cf9e819df21],
    PUP.FakeFlash.Domaiq, C:\Users\Default.Default-PC\Documents\Downloads\FlashPlayer_V.129023709c.exe, Quarantined, [cced3d1289f277bf049811d454ac15eb],
    PUP.FakeFlash.Domaiq, C:\Users\Default.Default-PC\Documents\Downloads\FlashPlayer_V.130330288c.exe, Quarantined, [2b8ecd827902d264ccd02cb989779769],
    PUP.Optional.MediaBuzz.A, C:\Users\Default.Default-PC\AppData\Local\Temp\appinstal1.exe, Quarantined, [b3065df249324aece8f9214b877dba46],
    Trojan.Inject.ED, C:\Users\Default.Default-PC\AppData\Local\Temp\UpdateFlashPlayer_7d8f91ca.exe, Quarantined, [9d1caea13f3c13230882b3ab06fb2cd4],
    Spyware.Zbot.VXGen, C:\Users\Default.Default-PC\AppData\Local\Temp\1syasdsgscsafgrwonf.exe, Quarantined, [79406be41b60f93d8783e484f40dcc34],
    PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Temp\cltmng.exe, Quarantined, [e5d406496f0c6ccac50c5bc13cc5a25e],
    PUP.Software.Updater, C:\Windows\Tasks\AmiUpdXp.job, Quarantined, [8930fa5597e48fa7fcc04c4f5fa3649c],
    PUP.Optional.HDVidCodec.A, C:\Users\Default.Default-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hdvidcodec.com\HDVidCodec.lnk, Quarantined, [26931b341c5fe74f1e0fddcefe05ba46],
    PUP.Optional.HDVidCodec.A, C:\Users\Default.Default-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hdvidcodec.com\Uninstall.lnk, Quarantined, [26931b341c5fe74f1e0fddcefe05ba46],
    PUP.Optional.Gophoto.A, C:\Program Files\Gophoto.it\gophotoit14.crx, Quarantined, [2594f15ec1ba39fd4cb5bbf4ba498779],
    PUP.Optional.OpenCandy, C:\Users\Default.Default-PC\AppData\Roaming\OpenCandy\OpenCandy_C3096C6E8EE7413B99CDD45A9BF442CE\DLMgr_3_1.6.44.exe, Quarantined, [eccddb74e79468ce200ebab2d52d12ee],
    PUP.Optional.HDVidCodec.A, C:\Program Files\hdvidcodec.com\b.bmp, Quarantined, [bbfe97b80e6df442168c7feec939817f],
    PUP.Optional.HDVidCodec.A, C:\Program Files\hdvidcodec.com\finish.bmp, Quarantined, [bbfe97b80e6df442168c7feec939817f],
    PUP.Optional.HDVidCodec.A, C:\Program Files\hdvidcodec.com\FinishHDVID.exe, Quarantined, [bbfe97b80e6df442168c7feec939817f],
    PUP.Optional.HDVidCodec.A, C:\Program Files\hdvidcodec.com\HDVidCodec.exe, Quarantined, [bbfe97b80e6df442168c7feec939817f],
    PUP.Optional.HDVidCodec.A, C:\Program Files\hdvidcodec.com\HDvidCodec10.crx, Quarantined, [bbfe97b80e6df442168c7feec939817f],
    PUP.Optional.HDVidCodec.A, C:\Program Files\hdvidcodec.com\hdvidextsetup.exe, Quarantined, [bbfe97b80e6df442168c7feec939817f],
    PUP.Optional.HDVidCodec.A, C:\Program Files\hdvidcodec.com\hdvid_temp.bmp, Quarantined, [bbfe97b80e6df442168c7feec939817f],
    PUP.Optional.HDVidCodec.A, C:\Program Files\hdvidcodec.com\uninst.exe, Quarantined, [bbfe97b80e6df442168c7feec939817f],
    PUP.Optional.CrossRider.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpkbnefaikfaeadgidhpoanckoiaheli\2.1_0\manifest.json, Quarantined, [baff2a256813d56180b65b1630d2cc34],
    PUP.Optional.CrossRider.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpkbnefaikfaeadgidhpoanckoiaheli\2.1_0\html\background.html, Quarantined, [baff2a256813d56180b65b1630d2cc34],
    PUP.Optional.CrossRider.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpkbnefaikfaeadgidhpoanckoiaheli\2.1_0\images\icon.128.png, Quarantined, [baff2a256813d56180b65b1630d2cc34],
    PUP.Optional.CrossRider.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpkbnefaikfaeadgidhpoanckoiaheli\2.1_0\images\icon.16.png, Quarantined, [baff2a256813d56180b65b1630d2cc34],
    PUP.Optional.CrossRider.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpkbnefaikfaeadgidhpoanckoiaheli\2.1_0\images\icon.48.png, Quarantined, [baff2a256813d56180b65b1630d2cc34],
    PUP.Optional.CrossRider.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpkbnefaikfaeadgidhpoanckoiaheli\2.1_0\js\background.js, Quarantined, [baff2a256813d56180b65b1630d2cc34],
    PUP.Optional.CrossRider.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpkbnefaikfaeadgidhpoanckoiaheli\2.1_0\js\ex.js, Quarantined, [baff2a256813d56180b65b1630d2cc34],
    PUP.Optional.CrossRider.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpkbnefaikfaeadgidhpoanckoiaheli\2.1_0\js\jquery.js, Quarantined, [baff2a256813d56180b65b1630d2cc34],
    PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode7984\uninstall.exe, Quarantined, [2a8fada2cab1e5514e1ca9d09d65c23e],
    PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode7984\ch\MediaBuzzV1mode7984.crx, Quarantined, [2a8fada2cab1e5514e1ca9d09d65c23e],
    PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode7984\ff\chrome.manifest, Quarantined, [2a8fada2cab1e5514e1ca9d09d65c23e],
    PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode7984\ff\install.rdf, Quarantined, [2a8fada2cab1e5514e1ca9d09d65c23e],
    PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode7984\ff\chrome\content\ffMediaBuzzV1mode7984.js, Quarantined, [2a8fada2cab1e5514e1ca9d09d65c23e],
    PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode7984\ff\chrome\content\overlay.xul, Quarantined, [2a8fada2cab1e5514e1ca9d09d65c23e],
    PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode7984\ff\chrome\content\icons\Thumbs.db, Quarantined, [2a8fada2cab1e5514e1ca9d09d65c23e],
    PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode7984\ff\chrome\content\icons\default\MediaBuzzV1mode7984_32.png, Quarantined, [2a8fada2cab1e5514e1ca9d09d65c23e],

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  4. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    DDS logs?
     
  5. NeilCourticeONT

    NeilCourticeONT TS Rookie Topic Starter

    Running DDS now.
    sorry - you're too efficient :)
     
  6. NeilCourticeONT

    NeilCourticeONT TS Rookie Topic Starter

    DDS notepad message :

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 01/07/2008 4:08:42 AM
    System Uptime: 09/05/2014 11:34:33 PM (1 hours ago)
    .
    Motherboard: TOSHIBA | | ISRAA
    Processor: Intel(R) Core(TM)2 Duo CPU T5450 @ 1.66GHz | U2E1 | 1667/mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 174 GiB total, 96.767 GiB free.
    D: is FIXED (NTFS) - 6 GiB total, 5.792 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    .
    ==== Image File Execution Options =============
    .
    .
    ==== Installed Programs ======================
    .
    .
    ==== End Of File ===========================
     
  7. NeilCourticeONT

    NeilCourticeONT TS Rookie Topic Starter

    Above post was the attach.txt info - I don't see any DDS.txt file since running that scan.
    Is that unusual ?
    Not sure if I should run the DDS application again.
     
  8. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  9. NeilCourticeONT

    NeilCourticeONT TS Rookie Topic Starter

    Reboot was required after TDSSKiller ran.

    This is what was in the report window from the software after the reboot (could not find the text file otherwise - but I will look again) :


    18:26:19.0065 0x05bc TDSS rootkit removing tool 3.0.0.34 Apr 29 2014 18:20:10
    18:26:19.0568 0x05bc ============================================================
    18:26:19.0569 0x05bc Current date / time: 2014/05/11 18:26:19.0568
    18:26:19.0569 0x05bc SystemInfo:
    18:26:19.0569 0x05bc
    18:26:19.0569 0x05bc OS Version: 6.0.6002 ServicePack: 2.0
    18:26:19.0569 0x05bc Product type: Workstation
    18:26:19.0569 0x05bc ComputerName: NEILTOSHIBAVIST
    18:26:19.0569 0x05bc UserName: Default
    18:26:19.0569 0x05bc Windows directory: C:\Windows
    18:26:19.0569 0x05bc System windows directory: C:\Windows
    18:26:19.0569 0x05bc Processor architecture: Intel x86
    18:26:19.0569 0x05bc Number of processors: 2
    18:26:19.0569 0x05bc Page size: 0x1000
    18:26:19.0569 0x05bc Boot type: Normal boot
    18:26:19.0569 0x05bc ============================================================
    18:26:19.0574 0x05bc BG loaded
    18:26:20.0831 0x05bc System UUID: {6F3A93E9-BD11-D367-9995-227AD560FDD4}
    18:26:23.0951 0x05bc Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    18:26:23.0982 0x05bc ============================================================
    18:26:23.0982 0x05bc \Device\Harddisk0\DR0:
    18:26:23.0982 0x05bc MBR partitions:
    18:26:23.0982 0x05bc \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x15B3F000
    18:26:23.0982 0x05bc \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x15E2D800, BlocksNum 0xBC3800
    18:26:23.0982 0x05bc ============================================================
    18:26:24.0013 0x05bc C: <-> \Device\Harddisk0\DR0\Partition1
    18:26:24.0060 0x05bc D: <-> \Device\Harddisk0\DR0\Partition2
    18:26:24.0060 0x05bc ============================================================
    18:26:24.0060 0x05bc Initialize success
    18:26:24.0060 0x05bc ============================================================
     
  10. NeilCourticeONT

    NeilCourticeONT TS Rookie Topic Starter

    Besides that - the system has corrected enough that I no longer see Internet Explorer randomly loading anymore in Task Manager - so that's a good thing. (haven't seen that since I ran the DDS software, before I ran TDSSKiller).

    CPU running at a baseline 4% to 10 % again, which was pretty much normal before.

    Physical memory is way up though - close to 1.6 GB, and it was usually at or below 1 GB before.

    Another good sign is that Micrsoft Security Essentials went green again after the TDSSKiller was run. That alone puts my mind at ease a bit - it was stuck when the 2 viruses were found, and couldn't remove them itself. Running another full scan on it now.

    At what point do I remove the other 3 tools ?
    (MBAM , DDS , TDSSKiller )

    I get the sense that I am in the home stretch at least.
     
  11. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    TDSSKIller log looks incomplete but from what you're saying it fixed quite a bit so I won't worry about it.

    [​IMG] Re-run DDS and see if it'll give you both logs this time around.

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
     
     
  12. NeilCourticeONT

    NeilCourticeONT TS Rookie Topic Starter

    Interesting - I did get both this time.

    DDS.txt here :

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 9.0.8112.16545 BrowserJavaVersion: 10.21.2
    Run by Default at 20:50:22 on 2014-05-11
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2038.768 [GMT -4:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\WLANExt.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\system32\agrsmsvc.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
    C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
    C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Rogers\Update Manager\RogersUpdateManager.exe
    C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
    C:\Windows\system32\TODDSrv.exe
    C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Google\Update\1.3.24.7\GoogleCrashHandler.exe
    c:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    C:\Windows\WindowsMobile\wmdcBase.exe
    C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Real\RealPlayer\Update\realsched.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Users\Default.Default-PC\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
    C:\Program Files\Synaptics\SynTP\SynToshiba.exe
    C:\Users\Default.Default-PC\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\svchost.exe -k WindowsMobile
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxps://www.google.ca/
    uProxyOverride = <-loopback>;<local>
    BHO: Yahoo! Toolbar Helper: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
    uRun: [Akamai NetSession Interface] "c:\users\default.default-pc\appdata\local\akamai\netsession_win.exe"
    uRun: [Google Update] "c:\users\default.default-pc\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [iLivid] "c:\users\default.default-pc\appdata\local\ilivid\iLivid.exe" -autorun
    mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [NDSTray.exe] NDSTray.exe
    mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
    mRun: [HWSetup] \HWSetup.exe hwSetUP
    mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe"
    mRun: [TPwrMain] c:\program files\toshiba\power saver\TPwrMain.EXE
    mRun: [HSON] c:\program files\toshiba\tbs\HSON.exe
    mRun: [SmoothView] c:\program files\toshiba\smoothview\SmoothView.exe
    mRun: [00TCrdMain] c:\program files\toshiba\flashcards\TCrdMain.exe
    mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
    mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
    mRun: [Skytel] Skytel.exe
    mRun: [Windows Mobile-based device management] c:\windows\windowsmobile\wmdcBase.exe
    mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
    mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
    mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    dRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
    StartupFolder: c:\users\defaul~1.def\appdata\roaming\micros~1\windows\startm~1\programs\startup\zooskm~1.lnk - c:\program files\zooskmessenger\ZooskMessenger.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    LSP: c:\windows\system32\wpclsp.dll
    DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: NameServer = 192.168.0.1
    TCP: Interfaces\{040130EB-6108-4208-BFF3-9C74CE9DD47A} : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{C5102A62-2BB8-4CC3-BB61-A4F5A28FFDDB} : DHCPNameServer = 192.168.0.1
    Handler: intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} -
    Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - c:\program files\turbotax 2011\ic2011pp.dll
    Handler: intu-tt2012 - {02F985EF-502B-4597-993F-6BF9E004C138} - c:\program files\turbotax 2012\ic2012pp.dll
    Handler: intu-tt2013 - {9FF5EC07-1645-43BF-828F-C73CFA7BC1AF} - c:\program files\turbotax 2013\ic2013pp.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    Notify: igfxcui - igfxdev.dll
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\34.0.1847.131\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2014-1-25 231960]
    R1 FreeOTFE;FreeOTFE;c:\windows\system32\FreeOTFE.sys [2012-10-12 31856]
    R1 FreeOTFECypherAES_ltc;FreeOTFECypherAES_ltc;c:\windows\system32\FreeOTFECypherAES_ltc.sys [2012-10-12 47216]
    R1 FreeOTFEHashRIPEMD;FreeOTFEHashRIPEMD;c:\windows\system32\FreeOTFEHashRIPEMD.sys [2012-10-12 32624]
    R1 MpKsl7033c795;MpKsl7033c795;c:\programdata\microsoft\microsoft antimalware\definition updates\{a608da40-0bb9-4db7-81d5-9ff5d55d8ae1}\MpKsl7033c795.sys [2014-5-11 39464]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-12-6 21504]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-5-9 1809720]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-5-9 857912]
    R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-8-30 104264]
    R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-3-6 39056]
    R2 RogersUpdateManager;Rogers Update Manager;c:\program files\rogers\update manager\RogersUpdateManager.exe [2009-11-9 169936]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-5-9 23256]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-5-9 107736]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-5-9 51416]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2014-3-11 279776]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
    S3 ivm;ivm;c:\windows\system32\drivers\ivm.sys [2011-8-14 502112]
    S3 vDeskNetProt;RingCube vDeskNet Protocol Driver;c:\windows\system32\drivers\vDeskNetProt.sys [2011-8-14 42848]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]
    .
    =============== File Associations ===============
    .
    ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~2\office\FRONTPG.EXE
    .
    =============== Created Last 30 ================
    .
    2014-05-11 22:57:40 62576 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{a608da40-0bb9-4db7-81d5-9ff5d55d8ae1}\offreg.dll
    2014-05-11 22:57:40 39464 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{a608da40-0bb9-4db7-81d5-9ff5d55d8ae1}\MpKsl7033c795.sys
    2014-05-11 22:40:16 8050496 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{a608da40-0bb9-4db7-81d5-9ff5d55d8ae1}\mpengine.dll
    2014-05-11 22:15:08 -------- d-----w- C:\TDSSKiller_Quarantine
    2014-05-10 02:54:39 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-05-10 02:53:26 73432 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-05-10 02:53:26 51416 ----a-w- c:\windows\system32\drivers\mwac.sys
    2014-05-10 02:53:26 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-05-10 02:53:25 -------- d-----w- c:\programdata\Malwarebytes
    2014-05-10 02:53:25 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
    2014-05-09 22:30:32 8050496 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2014-05-09 14:14:19 765968 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{a9a2af2c-488a-4058-b926-7e41d2fc5236}\gapaengine.dll
    2014-05-02 21:18:32 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2014-04-28 03:59:21 -------- d-----w- c:\windows\Migration
    2014-04-27 04:14:33 -------- d-----w- c:\windows\system32\MRT
    2014-04-27 04:10:04 9728 ----a-w- c:\windows\system32\Wdfres.dll
    2014-04-27 04:10:00 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
    2014-04-27 04:10:00 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
    2014-04-27 04:09:59 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
    2014-04-27 04:09:59 16896 ----a-w- c:\windows\system32\winusb.dll
    2014-04-27 04:09:58 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
    2014-04-27 04:09:57 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
    2014-04-27 04:09:54 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
    2014-04-27 04:09:54 196608 ----a-w- c:\windows\system32\WUDFHost.exe
    2014-04-27 04:09:53 613888 ----a-w- c:\windows\system32\WUDFx.dll
    2014-04-26 12:45:33 1400832 ----a-w- c:\windows\system32\msxml6.dll
    2014-04-26 12:45:27 34304 ----a-w- c:\windows\system32\atmlib.dll
    2014-04-26 12:45:27 293376 ----a-w- c:\windows\system32\atmfd.dll
    2014-04-26 12:45:26 376320 ----a-w- c:\windows\system32\winsrv.dll
    2014-04-26 12:44:32 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2014-04-26 12:44:30 443904 ----a-w- c:\windows\system32\win32spl.dll
    2014-04-26 12:44:30 37376 ----a-w- c:\windows\system32\printcom.dll
    2014-04-26 12:25:31 -------- d-----w- c:\program files\MediaBuzzV1
    2014-04-25 23:26:48 812544 ----a-w- c:\windows\system32\certutil.exe
    2014-04-25 23:26:47 41984 ----a-w- c:\windows\system32\certenc.dll
    2014-04-25 23:25:58 993792 ----a-w- c:\windows\system32\crypt32.dll
    2014-04-25 23:25:36 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
    2014-04-25 23:25:16 486400 ----a-w- c:\windows\system32\d3d10level9.dll
    2014-04-25 23:25:16 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
    2014-04-25 23:25:15 683008 ----a-w- c:\windows\system32\d2d1.dll
    2014-04-25 23:25:15 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
    2014-04-25 23:25:15 189952 ----a-w- c:\windows\system32\d3d10core.dll
    2014-04-25 23:25:15 160768 ----a-w- c:\windows\system32\d3d10_1.dll
    2014-04-25 23:25:15 1029120 ----a-w- c:\windows\system32\d3d10.dll
    2014-04-25 23:25:14 798208 ----a-w- c:\windows\system32\FntCache.dll
    2014-04-25 23:25:14 1069056 ----a-w- c:\windows\system32\DWrite.dll
    2014-04-25 23:24:13 638400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2014-04-25 23:24:13 37376 ----a-w- c:\windows\system32\cdd.dll
    2014-04-25 23:24:10 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2014-04-25 23:24:09 64000 ----a-w- c:\windows\system32\smss.exe
    2014-04-25 23:24:09 49152 ----a-w- c:\windows\system32\csrsrv.dll
    2014-04-25 23:24:09 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe
    2014-04-25 23:24:09 1205168 ----a-w- c:\windows\system32\ntdll.dll
    2014-04-25 23:23:45 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
    2014-04-25 23:23:38 24576 ----a-w- c:\windows\system32\cryptdlg.dll
    2014-04-25 23:23:11 623616 ----a-w- c:\windows\system32\localspl.dll
    2014-04-25 23:21:59 36864 ----a-w- c:\windows\system32\wshcon.dll
    2014-04-25 23:20:23 172544 ----a-w- c:\windows\system32\wintrust.dll
    2014-04-25 23:20:22 98304 ----a-w- c:\windows\system32\cryptnet.dll
    2014-04-25 23:20:22 133120 ----a-w- c:\windows\system32\cryptsvc.dll
    2014-04-25 23:12:15 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
    2014-04-25 23:12:14 983552 ----a-w- c:\program files\windows journal\JNTFiltr.dll
    2014-04-25 23:12:14 964608 ----a-w- c:\program files\windows journal\JNWDRV.dll
    2014-04-25 23:12:14 1218048 ----a-w- c:\program files\windows journal\NBDoc.DLL
    2014-04-25 23:02:40 2048 ----a-w- c:\windows\system32\tzres.dll
    2014-04-25 23:02:08 876032 ----a-w- c:\windows\system32\wer.dll
    .
    ==================== Find3M ====================
    .
    2014-04-29 02:25:01 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2014-04-29 02:25:01 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2014-03-11 13:52:30 104264 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
    2014-03-07 23:12:00 1806848 ----a-w- c:\windows\system32\jscript9.dll
    2014-03-07 23:02:19 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2014-03-07 23:02:07 1129472 ----a-w- c:\windows\system32\wininet.dll
    2014-03-07 22:57:17 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2014-03-07 22:56:03 421376 ----a-w- c:\windows\system32\vbscript.dll
    .
    ============= FINISH: 20:52:00.06 ===============


    And Attach.txt here :

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 01/07/2008 4:08:42 AM
    System Uptime: 11/05/2014 6:22:23 PM (2 hours ago)
    .
    Motherboard: TOSHIBA | | ISRAA
    Processor: Intel(R) Core(TM)2 Duo CPU T5450 @ 1.66GHz | U2E1 | 1667/mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 174 GiB total, 96.171 GiB free.
    D: is FIXED (NTFS) - 6 GiB total, 5.792 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Community Help
    Adobe Flash Player 13 ActiveX
    Adobe Flash Player 13 Plugin
    Adobe Media Player
    Adobe Reader X (10.1.9)
    Adobe Shockwave Player 11.5
    Akamai NetSession Interface
    AnswerWorks 5.0 English Runtime
    Apple Application Support
    Apple Software Update
    Camera Assistant Software for Toshiba
    Canon MP Navigator EX 2.0
    Canon Utilities Solution Menu
    CanoScan LiDE 200 Scanner Driver
    CD/DVD Drive Acoustic Silencer
    Connect
    Coupon Printer for Windows
    DVD MovieFactory for TOSHIBA
    Emicsoft MTS Converter
    Facebook Video Calling 1.2.0.159
    ffdshow v1.2.4422 [2012-04-09]
    Google Chrome
    Google Earth
    Google Talk Plugin
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Deskjet 1000 J110 series Basic Device Software
    HP Deskjet 1000 J110 series Help
    HP Deskjet 1000 J110 series Product Improvement Study
    HP Photo Creations
    HP Product Detection
    HP Update
    Intel Matrix Storage Manager
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PROSet/Wireless Software
    Java 7 Update 21
    Java Auto Updater
    Java(TM) 6 Update 32
    Java(TM) SE Runtime Environment 6
    JavaFX 2.1.1
    Malwarebytes Anti-Malware version 2.0.1.1004
    mCore
    mHelp
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4.5.1
    Microsoft Office 2000 Premium
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Word Supplemental Templates and Wizards
    Microsoft XML Parser
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    mMHouse
    mPfMgr
    MS Extra links
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Octoshape add-in for Adobe Flash Player
    OnlinePlay 1.0
    Quicken 2009
    QuickTime
    RealDownloader
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealNetworks - Microsoft Visual C++ 2010 Runtime
    RealPlayer
    Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
    Realtek High Definition Audio Driver
    RealUpgrade 1.1
    reminder
    Rogers Update Manager
    Rogers Yahoo! Applications
    Roxio Media Manager
    RPS CRT
    RSH Home Networking Wizard
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
    Security Update for Windows Media Encoder (KB2447961)
    Security Update for Windows Media Encoder (KB954156)
    Security Update for Windows Media Encoder (KB979332)
    Skype™ 6.14
    Staples Copy & Print Online
    Synaptics Pointing Device Driver
    Texas Instruments PCIxx21/x515/xx12 drivers.
    TIPCI
    TOSHIBA Assist
    TOSHIBA ConfigFree
    TOSHIBA Disc Creator
    TOSHIBA DVD PLAYER
    TOSHIBA Extended Tiles for Windows Mobility Center
    TOSHIBA Flash Cards Support Utility
    TOSHIBA Hardware Setup
    TOSHIBA Recovery Disc Creator
    Toshiba Registration
    TOSHIBA SD Memory Utilities
    TOSHIBA Software Modem
    TOSHIBA Speech System Applications
    TOSHIBA Speech System SR Engine(U.S.) Version1.0
    TOSHIBA Speech System TTS Engine(U.S.) Version1.0
    TOSHIBA Supervisor Password
    TOSHIBA Value Added Package
    TurboTax 2011
    TurboTax 2012
    TurboTax 2013
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Utility Common Driver
    Windows Media Encoder 9 Series
    Yahoo! Toolbar
    .
    ==== End Of File ===========================


    Working on RogueKiller next.
     
  13. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    Very good :)
     
  14. NeilCourticeONT

    NeilCourticeONT TS Rookie Topic Starter

    Rogue Killer Report :

    RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
    Started in : Normal mode
    User : Default [Admin rights]
    Mode : Remove -- Date : 05/11/2014 21:23:07
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 6 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : iLivid ("C:\Users\Default.Default-PC\AppData\Local\iLivid\iLivid.exe" -autorun [x]) -> DELETED
    [RUN][SUSP PATH] HKLM\[...]\Run : Skytel (Skytel.exe [7]) -> DELETED
    [RUN][SUSP PATH] HKUS\S-1-5-21-3167029622-1747883471-2824578182-1000\[...]\Run : iLivid ("C:\Users\Default.Default-PC\AppData\Local\iLivid\iLivid.exe" -autorun [x]) -> [0x2] The system cannot find the file specified.
    [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowRun (0) -> REPLACED (1)
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Scheduled tasks : 0 ¤¤¤

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Browser Addons : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts


    127.0.0.1 localhost
    ::1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MK2046GSX +++++
    --- User ---
    [MBR] e390ef7599d11c13e1c234bb0309624c
    [BSP] 87042bb57fab562d2f4fd0a527263a3f : Windows Vista MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 177790 MB
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 367187968 | Size: 6023 MB
    3 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 379523072 | Size: 5468 MB
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[0]_D_05112014_212307.txt >>
    RKreport[0]_S_05112014_211925.txt
     
  15. NeilCourticeONT

    NeilCourticeONT TS Rookie Topic Starter

    MBAR started up fine.
    It updated itself, and I started the scan.

    The scan failed during the first part of the scan.

    Not sure where to go from here.
     
  16. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  17. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    Still with me?
     
  18. Broni

    Broni Malware Annihilator Posts: 47,022   +255

    This topic is marked as abandoned and closed due to inactivity.

    This member will NOT be eligible to receive any more help in malware removal forum.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.