Author Topic: Virus or worm has disabled internet, hidden program and other files (Read 43766 times)

padraig · « **Reply #15 on:** August 26, 2012, 06:49:03 PM »

tried to "reconfigure" the order in which it is booted....now able to get my desktop back; however how and/or where do I get "Now, please enter System Recovery Options then select Command Prompt.
"??

is this a new program that I have to download? can you tell me where I can find it?

padraig · « **Reply #16 on:** August 26, 2012, 06:57:34 PM »

sorry, tried everything including a Windows search for this System Recovery Options on my PC and it is not present.

I am out of town for five days that starts with my 9PM (EST) departure in which I will not have access to the infected PC.

sorry to leave you hanging on this one, but I will be offline until Friday PM. if this thread is closed then I will have to try it again or something else.

SuperDave · « **Reply #17 on:** August 27, 2012, 04:22:15 PM »

No problem. This is a new infection and I really want to put a licking on it. See you on Friday.

padraig · « **Reply #18 on:** September 02, 2012, 12:27:00 PM »

how and/or where do I get "Now, please enter System Recovery Options then select Command Prompt.
"??

SuperDave · « **Reply #19 on:** September 02, 2012, 04:40:20 PM »

Ok. Let's try to fix that problem. Please make sure that you install the Recovery Console when you run ComboFix below.

Download Combofix from any of the links below, and save it to your DESKTOP.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

Close any open windows and double click ComboFix.exe to run it.

You will see the following image:

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

padraig · « **Reply #20 on:** September 02, 2012, 04:57:53 PM »

combofix ran through it's routine and then nothing, no prompts, no scan, nothing

now what do i do???

padraig · « **Reply #21 on:** September 02, 2012, 05:01:21 PM »

sorry, i guess that it is still running but about 10 minutes after i ran ComboFix I keep getting this error message :

"AVG Anti-Virus Free Edition 2012 is running"

I do not have this software on this PC!!!!!

SuperDave · « **Reply #22 on:** September 02, 2012, 05:15:09 PM »

Please us the AVG Removal tool below then try CF again.

AVG Antivirus - AVG Antivirus Remover utility

padraig · « **Reply #23 on:** September 02, 2012, 06:08:00 PM »

reboot after combofix results in BSOD

SuperDave · « **Reply #24 on:** September 02, 2012, 07:39:34 PM »

Please try running CF in Safe mode.

padraig · « **Reply #25 on:** September 02, 2012, 07:54:01 PM »

ran AVG removal again (third time for this)

RUNDLL error message still present on reboot

Changed local time to GMT -3, instead of EDT (GMT -4); bloody *censored*

reran CF

CF error message: "ComboFix has detected AVG AntiVirus Free Edition 2012"

here is the log:

ComboFix 12-09-01.01 - Patrick 09/02/2012 21:30:23.10.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.567 [GMT -4:00]
Running from: c:\documents and settings\Patrick\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: PC Tools Firewall Plus *Enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Installer\{21AFBFB6-53EF-36C2-120C-7E9BF1C4C429}\syshost.exe
.
---- Previous Run -------
.
c:\documents and settings\Patrick\govkhca.exe
c:\documents and settings\Patrick\Local Settings\Application Data\{9cf427f7-c6f7-dc16-f24c-8f732255a696}\@
c:\documents and settings\Patrick\Local Settings\Application Data\{9cf427f7-c6f7-dc16-f24c-8f732255a696}\n
c:\windows\assembly\GAC\Desktop.ini
c:\windows\Installer\{9cf427f7-c6f7-dc16-f24c-8f732255a696}\@
c:\windows\Installer\{9cf427f7-c6f7-dc16-f24c-8f732255a696}\L\00000004.@
c:\windows\Installer\{9cf427f7-c6f7-dc16-f24c-8f732255a696}\n
c:\windows\Installer\{9cf427f7-c6f7-dc16-f24c-8f732255a696}\U\00000004.@
c:\windows\Installer\{9cf427f7-c6f7-dc16-f24c-8f732255a696}\U\00000008.@
c:\windows\Installer\{9cf427f7-c6f7-dc16-f24c-8f732255a696}\U\000000cb.@
c:\windows\Installer\{9cf427f7-c6f7-dc16-f24c-8f732255a696}\U\80000000.@
c:\windows\Installer\{9cf427f7-c6f7-dc16-f24c-8f732255a696}\U\80000032.@
c:\windows\system32\6to4ex.dll
c:\windows\system32\drivers\9445fee0eea6d169.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_6TO4
-------\Legacy_SYSHOST32
-------\Service_6to4
-------\Service_syshost32
-------\Legacy_9445fee0eea6d169
-------\Service_9445fee0eea6d169
.
.
((((((((((((((((((((((((( Files Created from 2012-08-03 to 2012-09-03 )))))))))))))))))))))))))))))))
.
.
2012-09-03 01:04 . 2012-09-03 01:15   --------   d---a-w-   c:\documents and settings\All Users\Application Data\TEMP
2012-08-26 21:44 . 2012-08-26 21:44   --------   d-----w-   C:\FRST
2012-08-19 22:50 . 2012-09-03 01:08   --------   d-----w-   c:\windows\system32\CatRoot2
2012-08-12 22:30 . 2012-08-12 22:30   --------   d-----w-   c:\documents and settings\LocalService\Application Data\iolo
2012-08-12 22:30 . 2012-08-02 15:21   511328   ----a-w-   c:\program files\Common Files\Microsoft Shared\CAPICOM\CAPICOM.DLL
2012-08-12 22:30 . 2012-08-02 15:27   2096360   ----a-w-   c:\windows\system32\Incinerator32.dll
2012-08-12 22:30 . 2012-08-02 16:45   40504   ----a-w-   c:\windows\system32\iolobtdfg.exe
2012-08-12 22:30 . 2012-08-02 16:45   22456   ----a-w-   c:\windows\system32\smrgdf.exe
2012-08-12 22:30 . 2012-08-02 15:21   68464   ----a-w-   c:\windows\system32\drivers\PDFsFilter.sys
2012-08-12 22:30 . 2012-08-02 15:21   56200   ----a-w-   c:\windows\system32\offreg.dll
2012-08-12 22:26 . 2012-08-13 01:31   --------   d-----w-   c:\documents and settings\All Users\Application Data\iolo
2012-08-12 22:26 . 2012-08-12 22:36   --------   d-----w-   c:\documents and settings\Patrick\Application Data\iolo
2012-08-12 22:26 . 2012-08-12 22:26   74703   ----a-w-   c:\windows\system32\mfc45.dat
2012-08-12 22:17 . 2012-08-12 22:17   --------   dc----w-   c:\windows\ie8
2012-08-10 23:43 . 2012-08-11 01:18   --------   d-----w-   C:\PCHelpForum
2012-08-10 22:54 . 2012-08-11 21:50   --------   d-----w-   c:\documents and settings\Patrick\Application Data\PCToolsFirewallPlus
2012-08-10 22:52 . 2011-03-02 16:40   160576   ----a-w-   c:\windows\system32\drivers\PCTAppEvent.sys
2012-08-10 22:52 . 2010-03-29 15:06   218592   ----a-w-   c:\windows\system32\drivers\PCTCore.sys
2012-08-10 22:52 . 2011-01-17 13:10   251560   ----a-w-   c:\windows\system32\drivers\pctgntdi.sys
2012-08-10 22:52 . 2012-08-10 22:52   --------   d-----w-   c:\program files\Common Files\PC Tools
2012-08-10 22:52 . 2011-01-12 14:36   89472   ----a-w-   c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2012-08-10 22:52 . 2010-07-08 12:49   57536   ----a-w-   c:\windows\system32\drivers\pctNdis.sys
2012-08-10 22:52 . 2010-02-05 12:26   32808   ----a-w-   c:\windows\system32\drivers\pctNdis-DNS.sys
2012-08-10 22:51 . 2011-01-17 12:11   125248   ----a-w-   c:\windows\system32\drivers\pctplfw.sys
2012-08-10 22:51 . 2012-08-13 04:24   --------   d-----w-   c:\program files\PC Tools Firewall Plus
2012-08-10 22:47 . 2012-08-10 22:47   205072   ----a-w-   c:\windows\system32\drivers\tmcomm.sys
2012-08-10 21:10 . 2012-08-10 22:52   --------   d-----w-   c:\documents and settings\Administrator\Application Data\PCToolsFirewallPlus
2012-08-10 17:49 . 2012-08-10 17:49   --------   d-----w-   c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2012-08-10 17:30 . 2012-08-10 17:30   --------   d-----w-   c:\documents and settings\Administrator\Application Data\Windows Search
2012-08-10 14:50 . 2012-08-10 14:50   --------   d-sh--w-   c:\documents and settings\Administrator\PrivacIE
2012-08-10 14:50 . 2012-08-10 14:50   --------   d-sh--w-   c:\documents and settings\Administrator\IETldCache
2012-08-05 15:49 . 2012-08-05 15:49   --------   d-----w-   c:\program files\DVD Decrypter
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-10 21:43 . 2004-08-11 23:00   14336   ----a-w-   c:\windows\system32\svchost.exe
2012-08-05 15:39 . 2012-04-17 00:04   426184   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2012-08-05 15:39 . 2011-05-14 20:03   70344   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-13 13:19 . 2004-08-11 23:00   1866112   ----a-w-   c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-08-17 18:02   1372672   ----a-w-   c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-08-11 23:00   1172480   ----a-w-   c:\windows\system32\msxml3.dll
2012-07-29 13:39 . 2012-02-12 23:34   136672   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
1997-06-23 17:06   287504   --sha-w-   c:\windows\system32\Msxbse35.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-27 4777856]
"Autodesk"="c:\documents and settings\Patrick\Local Settings\Application Data\Collectorz.com\Autodesk\kzaayba.dll" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-26 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-17 767312]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2011-04-07 2672600]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Autodesk"="c:\documents and settings\Patrick\Local Settings\Application Data\Collectorz.com\Autodesk\kzaayba.dll" [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-05 113024]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2010-04-03 22:43   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti-phishing Domain Advisor]
2011-07-29 20:45   217256   ----a-w-   c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2006-10-23 12:50   71216   ----a-w-   c:\program files\Common Files\AOL\ACS\AOLDial.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDFab Passkey]
2012-06-28 18:51   1389088   ----a-w-   c:\program files\DVDFab Passkey\DVDFabPasskey.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 17:39   1289000   ----a-w-   c:\program files\Microsoft ActiveSync\wcescomm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2006-09-26 00:52   50736   ----a-w-   c:\program files\Common Files\AOL\1172251831\ee\aolsoftware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [8/10/2012 6:52 PM 251560]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [11/17/2008 3:11 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/17/2008 3:11 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [7/11/2010 7:03 PM 116608]
R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [7/14/2006 3:01 AM 13824]
R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [4/7/2012 6:27 PM 821592]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 5:53 PM 13672]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [8/12/2012 6:30 PM 1027792]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [8/10/2012 6:52 PM 160576]
R2 PDFsFilter;PDFsFilter;c:\windows\system32\drivers\PDFsFilter.sys [8/12/2012 6:30 PM 68464]
R2 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [7/14/2006 3:02 AM 13696]
R3 dvdfab;dvdfab;c:\windows\system32\drivers\dvdfab.sys [7/5/2012 1:44 PM 54144]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [8/15/2010 8:55 AM 47360]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [8/10/2012 6:52 PM 89472]
R3 pctNDIS;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\drivers\pctNdis.sys [8/10/2012 6:52 PM 57536]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [8/10/2012 6:51 PM 125248]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 4:06 PM 11520]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys --> c:\windows\system32\DRIVERS\avgidshx.sys [?]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys --> c:\windows\system32\DRIVERS\avgidsshimx.sys [?]
S3 CFcatchme;CFcatchme;\??\c:\combofix\CFcatchme.sys --> c:\combofix\CFcatchme.sys [?]
S3 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [4/7/2012 6:27 PM 246816]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/5/2012 5:37 AM 113120]
S3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [4/7/2012 6:27 PM 30368]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/17/2008 3:11 PM 12872]
S3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [4/7/2012 6:27 PM 16208]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/31/2008 8:57 PM 715248]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
Trusted Zone: intuit.com\ttlc
FF - ProfilePath - c:\documents and settings\Patrick\Application Data\Mozilla\Firefox\Profiles\khir2fy2.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
Toolbar-{ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
WebBrowser-{ECDEE021-0D17-467F-A1FF-C7A115230949} - (no file)
HKCU-Run-govShell - c:\documents and settings\Patrick\govkhca.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-02 22:08
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1396)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2012-09-02 22:31:15
ComboFix-quarantined-files.txt 2012-09-03 02:30
ComboFix2.txt 2012-08-11 23:46
ComboFix3.txt 2012-08-11 01:17
ComboFix4.txt 2010-04-25 02:03
.
Pre-Run: 119,937,191,936 bytes free
Post-Run: 119,915,249,664 bytes free
.
- - End Of File - - 0BE5D27752058E14782DE24AC8EA5851

padraig · « **Reply #26 on:** September 03, 2012, 06:44:22 AM »

thanks for sticking with e through this mess

loggen in as Administrator in Safe Mode

ran AVG removal again

reran CF

CF error message: "ComboFix has detected AVG AntiVirus Free Edition 2012"

here is the log:

ComboFix 12-09-01.01 - Administrator 09/02/2012 23:13:04.11.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.725 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: PC Tools Firewall Plus *Enabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
.
.
((((((((((((((((((((((((( Files Created from 2012-08-03 to 2012-09-03 )))))))))))))))))))))))))))))))
.
.
2012-09-03 03:20 . 2012-09-03 03:20   --------   d-----w-   c:\documents and settings\Administrator\Application Data\iolo
2012-09-03 02:55 . 2012-09-03 02:55   --------   d-----w-   c:\documents and settings\NetworkService\Application Data\iolo
2012-08-26 21:44 . 2012-08-26 21:44   --------   d-----w-   C:\FRST
2012-08-19 22:50 . 2012-09-03 03:08   --------   d-----w-   c:\windows\system32\CatRoot2
2012-08-12 22:30 . 2012-08-02 15:21   511328   ----a-w-   c:\program files\Common Files\Microsoft Shared\CAPICOM\CAPICOM.DLL
2012-08-12 22:30 . 2012-08-02 15:27   2096360   ----a-w-   c:\windows\system32\Incinerator32.dll
2012-08-12 22:30 . 2012-08-02 16:45   40504   ----a-w-   c:\windows\system32\iolobtdfg.exe
2012-08-12 22:30 . 2012-08-02 16:45   22456   ----a-w-   c:\windows\system32\smrgdf.exe
2012-08-12 22:30 . 2012-08-02 15:21   68464   ----a-w-   c:\windows\system32\drivers\PDFsFilter.sys
2012-08-12 22:30 . 2012-08-02 15:21   56200   ----a-w-   c:\windows\system32\offreg.dll
2012-08-12 22:26 . 2012-08-13 01:31   --------   d-----w-   c:\documents and settings\All Users\Application Data\iolo
2012-08-12 22:26 . 2012-08-12 22:36   --------   d-----w-   c:\documents and settings\Patrick\Application Data\iolo
2012-08-12 22:26 . 2012-08-12 22:26   74703   ----a-w-   c:\windows\system32\mfc45.dat
2012-08-12 22:17 . 2012-08-12 22:17   --------   dc----w-   c:\windows\ie8
2012-08-10 23:43 . 2012-08-11 01:18   --------   d-----w-   C:\PCHelpForum
2012-08-10 22:54 . 2012-08-11 21:50   --------   d-----w-   c:\documents and settings\Patrick\Application Data\PCToolsFirewallPlus
2012-08-10 22:52 . 2011-03-02 16:40   160576   ----a-w-   c:\windows\system32\drivers\PCTAppEvent.sys
2012-08-10 22:52 . 2010-03-29 15:06   218592   ----a-w-   c:\windows\system32\drivers\PCTCore.sys
2012-08-10 22:52 . 2011-01-17 13:10   251560   ----a-w-   c:\windows\system32\drivers\pctgntdi.sys
2012-08-10 22:52 . 2012-08-10 22:52   --------   d-----w-   c:\program files\Common Files\PC Tools
2012-08-10 22:52 . 2011-01-12 14:36   89472   ----a-w-   c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2012-08-10 22:52 . 2010-07-08 12:49   57536   ----a-w-   c:\windows\system32\drivers\pctNdis.sys
2012-08-10 22:52 . 2010-02-05 12:26   32808   ----a-w-   c:\windows\system32\drivers\pctNdis-DNS.sys
2012-08-10 22:51 . 2011-01-17 12:11   125248   ----a-w-   c:\windows\system32\drivers\pctplfw.sys
2012-08-10 22:51 . 2012-08-13 04:24   --------   d-----w-   c:\program files\PC Tools Firewall Plus
2012-08-10 22:47 . 2012-08-10 22:47   205072   ----a-w-   c:\windows\system32\drivers\tmcomm.sys
2012-08-10 21:10 . 2012-08-10 22:52   --------   d-----w-   c:\documents and settings\Administrator\Application Data\PCToolsFirewallPlus
2012-08-10 17:49 . 2012-08-10 17:49   --------   d-----w-   c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2012-08-10 17:30 . 2012-08-10 17:30   --------   d-----w-   c:\documents and settings\Administrator\Application Data\Windows Search
2012-08-10 14:50 . 2012-08-10 14:50   --------   d-sh--w-   c:\documents and settings\Administrator\PrivacIE
2012-08-10 14:50 . 2012-08-10 14:50   --------   d-sh--w-   c:\documents and settings\Administrator\IETldCache
2012-08-05 15:49 . 2012-08-05 15:49   --------   d-----w-   c:\program files\DVD Decrypter
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-10 21:43 . 2004-08-11 23:00   14336   ----a-w-   c:\windows\system32\svchost.exe
2012-08-05 15:39 . 2012-04-17 00:04   426184   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2012-08-05 15:39 . 2011-05-14 20:03   70344   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-13 13:19 . 2004-08-11 23:00   1866112   ----a-w-   c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-08-17 18:02   1372672   ----a-w-   c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-08-11 23:00   1172480   ----a-w-   c:\windows\system32\msxml3.dll
2012-07-29 13:39 . 2012-02-12 23:34   136672   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
1997-06-23 17:06   287504   --sha-w-   c:\windows\system32\Msxbse35.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE_OEM"="c:\program files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [2005-08-15 20553]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-26 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-17 767312]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2011-04-07 2672600]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Autodesk"="c:\documents and settings\Patrick\Local Settings\Application Data\Collectorz.com\Autodesk\kzaayba.dll" [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-05 113024]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2010-04-03 22:43   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti-phishing Domain Advisor]
2011-07-29 20:45   217256   ----a-w-   c:\documents and settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2006-10-23 12:50   71216   ----a-w-   c:\program files\Common Files\AOL\ACS\AOLDial.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDFab Passkey]
2012-06-28 18:51   1389088   ----a-w-   c:\program files\DVDFab Passkey\DVDFabPasskey.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 17:39   1289000   ----a-w-   c:\program files\Microsoft ActiveSync\wcescomm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2006-09-26 00:52   50736   ----a-w-   c:\program files\Common Files\AOL\1172251831\ee\aolsoftware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [7/11/2010 7:03 PM 116608]
R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [4/7/2012 6:27 PM 821592]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [8/12/2012 6:30 PM 1027792]
R3 dvdfab;dvdfab;c:\windows\system32\drivers\dvdfab.sys [7/5/2012 1:44 PM 54144]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys --> c:\windows\system32\DRIVERS\avgidshx.sys [?]
S1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [8/10/2012 6:52 PM 251560]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [11/17/2008 3:11 PM 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/17/2008 3:11 PM 67664]
S2 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [7/14/2006 3:01 AM 13824]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 5:53 PM 13672]
S2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [8/10/2012 6:52 PM 160576]
S2 PDFsFilter;PDFsFilter;c:\windows\system32\drivers\PDFsFilter.sys [8/12/2012 6:30 PM 68464]
S2 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [7/14/2006 3:02 AM 13696]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys --> c:\windows\system32\DRIVERS\avgidsshimx.sys [?]
S3 CFcatchme;CFcatchme;\??\c:\combofix\CFcatchme.sys --> c:\combofix\CFcatchme.sys [?]
S3 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [4/7/2012 6:27 PM 246816]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/5/2012 5:37 AM 113120]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [8/15/2010 8:55 AM 47360]
S3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [8/10/2012 6:52 PM 89472]
S3 pctNDIS;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\drivers\pctNdis.sys [8/10/2012 6:52 PM 57536]
S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [8/10/2012 6:51 PM 125248]
S3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [4/7/2012 6:27 PM 30368]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/17/2008 3:11 PM 12872]
S3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [4/7/2012 6:27 PM 16208]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 4:06 PM 11520]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/31/2008 8:57 PM 715248]
.
.
------- Supplementary Scan -------
.
uStart Page = www.msn.com
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tfpwaynx.default\
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-02 23:44
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2796421550-788906634-1267632633-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5 977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,39,92,62,f9,83,a0,c5,46,a8,5a,a9,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839 E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,39,92,62,f9,83,a0,c5,46,a8,5a,a9,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(304)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\l3codeca.acm
.
- - - - - - - > 'explorer.exe'(1244)
c:\windows\system32\WININET.dll
c:\windows\system32\AcSignIcon.dll
.
Completion time: 2012-09-03 00:02:20
ComboFix-quarantined-files.txt 2012-09-03 04:01
ComboFix2.txt 2012-09-03 02:31
ComboFix3.txt 2012-08-11 23:46
ComboFix4.txt 2012-08-11 01:17
ComboFix5.txt 2012-09-03 03:04
.
Pre-Run: 121,009,709,056 bytes free
Post-Run: 120,988,876,800 bytes free
.
- - End Of File - - 1D82410EDBB2FBBC05A11D08574283C1

SuperDave · « **Reply #27 on:** September 03, 2012, 04:20:21 PM »

According to the CF log, AVG is the only AV you have on your computer. Do you want to get rid of it?

Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
*****************************************************
SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

Double click Sysprot.exe to start the program.
Click on the Log tab.
In the Write to log box select the following items.

Process << Selected
Kernel Modules << Selected
SSDT << Selected
Kernel Hooks << Selected
IRP Hooks << NOT Selected
Ports << NOT Selected
Hidden Files << Selected

At the bottom of the page

Hidden Objects Only << Selected

Click on the Create Log button on the bottom right.
After a few seconds a new window should appear.
Select Scan Root Drive. Click on the Start button.
When it is complete a new window will appear to indicate that the scan is finished.
The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

padraig · « **Reply #28 on:** September 03, 2012, 05:01:37 PM »

FYI: USB flashdrive still cannot be ejected "safely"

FYI: the security check file saved as exe extension and would not run on the desktop. I renamed it to *.bat to enable it

No checkup.txt created on PC

Antirootkit log pasted below:

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_iaStor.sys
Service Name: ---
Module Base: EBD57000
Module End: EBE0E000
Hidden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwTerminateProcess
Address: EDFEF640
Driver Base: EDFE5000
Driver End: EE007000
Driver Name: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\3baa40c85193c289d25516fa\1025\eula.rtf
Status: Access denied

Object: C:\3baa40c85193c289d25516fa\1025\HotFixInstallerUI.dll
Status: Access denied

Object: C:\3baa40c85193c289d25516fa\1028\eula.rtf
Status: Access denied

Object: C:\3baa40c85193c289d25516fa\1028\HotFixInstallerUI.dll
Status: Access denied

Object: C:\3baa40c85193c289d25516fa\1029\eula.rtf
Status: Access denied

Object: C:\3baa40c85193c289d25516fa\1029\HotFixInstallerUI.dll
Status: Access denied

Object: C:\3baa40c85193c289d25516fa\1030\eula.rtf
Status: Access denied

Object: C:\3baa40c85193c289d25516fa\1030\HotFixInstallerUI.dll
Status: Access denied

Object: C:\3baa40c85193c289d25516fa\1031\eula.rtf
Status: Access denied

Object: C:\3baa40c85193c289d25516fa\1031\HotFixInstallerUI.dll
Status: Access denied

Object: C:\3baa40c85193c289d25516fa\1032\eula.rtf
Status: Access denied

Object: C:\3baa40c85193c289d25516fa\1032\HotFixInstallerUI.dll
Status: Access denied

Object: C:\3baa40c85193c289d25516fa\1033\eula.rtf
Status: Access denied

Object: C:\3baa40c85193c289d25516fa\1033\HotFixInstallerUI.dll
Status: Access denied

Object: C:\3baa40c85193c289d25516fa\1035\eula.rtf
Status: Access denied

Object: C:\3baa40c85193c289d25516fa\1035\HotFixInstallerUI.dll
Status: Access denied

Object: C:\3baa40c85193c289d25516fa\1036\eula.rtf
Status: Access denied

Object: C:\3baa40c85193c289d25516fa\1036\HotFixInstallerUI.dll
Status: Access denied

Object: C:\3baa40c85193c289d25516fa\1037\eula.rtf
Status: Access denied

Object: C:\3baa40c85193c289d25516fa\1037\HotFixInstallerUI.dll
Status: Access denied

Object: C:\3baa40c85193c289d25516fa\1038\eula.rtf
Status: Access denied

Object: C:\3baa40c85193c289d25516fa\1038\HotFixInstallerUI.dll
Status: Access denied

Object: C:\3baa40c85193c289d25516fa\1040\eula.rtf
Status: Access denied

Object: C:\3baa40c85193c289d25516fa\1040\HotFixInstallerUI.dll
Status: Access denied

Object: C:\3baa40c85193c289d25516fa\1041\eula.rtf
Status: Access denied

Object: C:\3baa40c85193c289d25516fa\1041\HotFixInstallerUI.dll
Status: Access denied

Object: C:\3baa40c85193c289d25516fa\1042\eula.rtf
Status: Access denied

Object: C:\3baa40c85193c289d25516fa\1042\HotFixInstallerUI.dll
Status: Access denied

Object: C:\3baa40c85193c289d25516fa\1043\eula.rtf
Status: Access denied

Object: C:\3baa40c85193c289d25516fa\1043\HotFixInstallerUI.dll
Status: Access denied

Object: C:\3baa40c85193c289d25516fa\1044\eula.rtf
Status: Access denied

Object: C:\3baa40c85193c289d25516fa\1044\HotFixInstallerUI.dll
Status: Access denied

Object: C:\3baa40c85193c289d25516fa\1045\eula.rtf
Status: Access denied

Object: C:\3baa40c85193c289d25516fa\1045\HotFixInstallerUI.dll
Status: Access denied

Object: C:\3baa40c85193c289d25516fa\1046\eula.rtf
Status: Access denied

Object: C:\3baa40c85193c289d25516fa\1046\HotFixInstallerUI.dll
Status: Access denied

Object: C:\3baa40c85193c289d25516fa\1049\eula.rtf
Status: Access denied

Object: C:\3baa40c85193c289d25516fa\1049\HotFixInstallerUI.dll
Status: Access denied

Object: C:\3baa40c85193c289d25516fa\1053\eula.rtf
Status: Access denied

Object: C:\3baa40c85193c289d25516fa\1053\HotFixInstallerUI.dll
Status: Access denied

Object: C:\3baa40c85193c289d25516fa\1055\eula.rtf
Status: Access denied

Object: C:\3baa40c85193c289d25516fa\1055\HotFixInstallerUI.dll
Status: Access denied

Object: C:\3baa40c85193c289d25516fa\2052\eula.rtf
Status: Access denied

Object: C:\3baa40c85193c289d25516fa\2052\HotFixInstallerUI.dll
Status: Access denied

Object: C:\3baa40c85193c289d25516fa\2070\eula.rtf
Status: Access denied

Object: C:\3baa40c85193c289d25516fa\2070\HotFixInstallerUI.dll
Status: Access denied

Object: C:\3baa40c85193c289d25516fa\3076\eula.rtf
Status: Access denied

Object: C:\3baa40c85193c289d25516fa\3076\HotFixInstallerUI.dll
Status: Access denied

Object: C:\3baa40c85193c289d25516fa\3082\eula.rtf
Status: Access denied

Object: C:\3baa40c85193c289d25516fa\3082\HotFixInstallerUI.dll
Status: Access denied

Object: C:\ad55f1e90f161b8a6b9f9d3b96cf\1025\eula.rtf
Status: Access denied

Object: C:\ad55f1e90f161b8a6b9f9d3b96cf\1025\HotFixInstallerUI.dll
Status: Access denied

Object: C:\ad55f1e90f161b8a6b9f9d3b96cf\1028\eula.rtf
Status: Access denied

Object: C:\ad55f1e90f161b8a6b9f9d3b96cf\1028\HotFixInstallerUI.dll
Status: Access denied

Object: C:\ad55f1e90f161b8a6b9f9d3b96cf\1029\eula.rtf
Status: Access denied

Object: C:\ad55f1e90f161b8a6b9f9d3b96cf\1029\HotFixInstallerUI.dll
Status: Access denied

Object: C:\ad55f1e90f161b8a6b9f9d3b96cf\1030\eula.rtf
Status: Access denied

Object: C:\ad55f1e90f161b8a6b9f9d3b96cf\1030\HotFixInstallerUI.dll
Status: Access denied

Object: C:\ad55f1e90f161b8a6b9f9d3b96cf\1031\eula.rtf
Status: Access denied

Object: C:\ad55f1e90f161b8a6b9f9d3b96cf\1031\HotFixInstallerUI.dll
Status: Access denied

Object: C:\ad55f1e90f161b8a6b9f9d3b96cf\1032\eula.rtf
Status: Access denied

Object: C:\ad55f1e90f161b8a6b9f9d3b96cf\1032\HotFixInstallerUI.dll
Status: Access denied

Object: C:\ad55f1e90f161b8a6b9f9d3b96cf\1033\eula.rtf
Status: Access denied

Object: C:\ad55f1e90f161b8a6b9f9d3b96cf\1033\HotFixInstallerUI.dll
Status: Access denied

Object: C:\ad55f1e90f161b8a6b9f9d3b96cf\1035\eula.rtf
Status: Access denied

Object: C:\ad55f1e90f161b8a6b9f9d3b96cf\1035\HotFixInstallerUI.dll
Status: Access denied

Object: C:\ad55f1e90f161b8a6b9f9d3b96cf\1036\eula.rtf
Status: Access denied

Object: C:\ad55f1e90f161b8a6b9f9d3b96cf\1036\HotFixInstallerUI.dll
Status: Access denied

Object: C:\ad55f1e90f161b8a6b9f9d3b96cf\1037\eula.rtf
Status: Access denied

Object: C:\ad55f1e90f161b8a6b9f9d3b96cf\1037\HotFixInstallerUI.dll
Status: Access denied

Object: C:\ad55f1e90f161b8a6b9f9d3b96cf\1038\eula.rtf
Status: Access denied

Object: C:\ad55f1e90f161b8a6b9f9d3b96cf\1038\HotFixInstallerUI.dll
Status: Access denied

Object: C:\ad55f1e90f161b8a6b9f9d3b96cf\1040\eula.rtf
Status: Access denied

Object: C:\ad55f1e90f161b8a6b9f9d3b96cf\1040\HotFixInstallerUI.dll
Status: Access denied

Object: C:\ad55f1e90f161b8a6b9f9d3b96cf\1041\eula.rtf
Status: Access denied

Object: C:\ad55f1e90f161b8a6b9f9d3b96cf\1041\HotFixInstallerUI.dll
Status: Access denied

Object: C:\ad55f1e90f161b8a6b9f9d3b96cf\1042\eula.rtf
Status: Access denied

Object: C:\ad55f1e90f161b8a6b9f9d3b96cf\1042\HotFixInstallerUI.dll
Status: Access denied

Object: C:\ad55f1e90f161b8a6b9f9d3b96cf\1043\eula.rtf
Status: Access denied

Object: C:\ad55f1e90f161b8a6b9f9d3b96cf\1043\HotFixInstallerUI.dll
Status: Access denied

Object: C:\ad55f1e90f161b8a6b9f9d3b96cf\1044\eula.rtf
Status: Access denied

Object: C:\ad55f1e90f161b8a6b9f9d3b96cf\1044\HotFixInstallerUI.dll
Status: Access denied

Object: C:\ad55f1e90f161b8a6b9f9d3b96cf\1045\eula.rtf
Status: Access denied

Object: C:\ad55f1e90f161b8a6b9f9d3b96cf\1045\HotFixInstallerUI.dll
Status: Access denied

Object: C:\ad55f1e90f161b8a6b9f9d3b96cf\1046\eula.rtf
Status: Access denied

Object: C:\ad55f1e90f161b8a6b9f9d3b96cf\1046\HotFixInstallerUI.dll
Status: Access denied

Object: C:\ad55f1e90f161b8a6b9f9d3b96cf\1049\eula.rtf
Status: Access denied

Object: C:\ad55f1e90f161b8a6b9f9d3b96cf\1049\HotFixInstallerUI.dll
Status: Access denied

Object: C:\ad55f1e90f161b8a6b9f9d3b96cf\1053\eula.rtf
Status: Access denied

Object: C:\ad55f1e90f161b8a6b9f9d3b96cf\1053\HotFixInstallerUI.dll
Status: Access denied

Object: C:\ad55f1e90f161b8a6b9f9d3b96cf\1055\eula.rtf
Status: Access denied

Object: C:\ad55f1e90f161b8a6b9f9d3b96cf\1055\HotFixInstallerUI.dll
Status: Access denied

Object: C:\ad55f1e90f161b8a6b9f9d3b96cf\2052\eula.rtf
Status: Access denied

Object: C:\ad55f1e90f161b8a6b9f9d3b96cf\2052\HotFixInstallerUI.dll
Status: Access denied

Object: C:\ad55f1e90f161b8a6b9f9d3b96cf\2070\eula.rtf
Status: Access denied

Object: C:\ad55f1e90f161b8a6b9f9d3b96cf\2070\HotFixInstallerUI.dll
Status: Access denied

Object: C:\ad55f1e90f161b8a6b9f9d3b96cf\3076\eula.rtf
Status: Access denied

Object: C:\ad55f1e90f161b8a6b9f9d3b96cf\3076\HotFixInstallerUI.dll
Status: Access denied

Object: C:\ad55f1e90f161b8a6b9f9d3b96cf\3082\eula.rtf
Status: Access denied

Object: C:\ad55f1e90f161b8a6b9f9d3b96cf\3082\HotFixInstallerUI.dll
Status: Access denied

Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied

SuperDave · « **Reply #29 on:** September 03, 2012, 05:32:57 PM »

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the

button.
•Accept any security warnings from your browser.
•Check

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the

button.
•Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Computer Hope Forum

News:

Author Topic: Virus or worm has disabled internet, hidden program and other files (Read 43766 times)

padraig

Re: Virus or worm has disabled internet, hidden program and other files

padraig

Re: Virus or worm has disabled internet, hidden program and other files

SuperDave

Re: Virus or worm has disabled internet, hidden program and other files

padraig

Re: Virus or worm has disabled internet, hidden program and other files

SuperDave

Re: Virus or worm has disabled internet, hidden program and other files

padraig

Re: Virus or worm has disabled internet, hidden program and other files

padraig

Re: Virus or worm has disabled internet, hidden program and other files

SuperDave

Re: Virus or worm has disabled internet, hidden program and other files

padraig

Re: Virus or worm has disabled internet, hidden program and other files

SuperDave

Re: Virus or worm has disabled internet, hidden program and other files

padraig

Re: Virus or worm has disabled internet, hidden program and other files

padraig

Re: Virus or worm has disabled internet, hidden program and other files

SuperDave

Re: Virus or worm has disabled internet, hidden program and other files

padraig

Re: Virus or worm has disabled internet, hidden program and other files

SuperDave

Re: Virus or worm has disabled internet, hidden program and other files