1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Unknown virus blocking access to websites and various other ailments

Discussion in 'Windows - Virus and spyware problems' started by LOCOENG, Sep 10, 2013.

  1. LOCOENG

    LOCOENG Moderator Staff Member

    Joined:
    Feb 4, 2005
    Messages:
    11,493
    Likes Received:
    2
    Trophy Points:
    118
    Long time no see ladies and gents.

    Two weeks ago I picked up the webcake and, I can't remember the name, supersearch something or rather. Removed them easily or so I thought. Now comes last Thursday, Shockwave crashes and Chrome freezes. Firefox gets dreaded "program not responding". Whole PC freezes periodically etc. When Chrome does work the only websites I can access while not in safe mode are facebook, google and youtube. Facebook appears to have full functionality, but after performing a search in google none of the links open and I eventualy get a time out message and the same for youtube, I can click on a link to a video but it never plays.

    I posted a DDS log at Bleeping Computer, but have yet to receive a response. While waiting I ran several programs as suggested to others with similar issues on BC to no avail. I've removed everything that they have returned but nothing has changed performance wise on my PC.

    This is the order and the programs that I used, all done in safe mode and run as administrator:

    Rkill
    RogueKiller
    ADWCleaner
    MBAM
    ESET Online Scanner
    JRT
    MBAR
    ComboFix

    After removing everything they've found nothing has changed performance wise so there is something I'm missing. Below is a fresh DDS log after all the cleaning I've done:

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16660
    Run by STEELY DAN II at 13:40:43 on 2013-09-10
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7655.4734 [GMT -4:00]
    .
    AV: Bitdefender Antivirus Free Edition *Enabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    SP: Bitdefender Antivirus Free Edition *Enabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
    .
    ============== Running Processes ===============
    .
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\system32\atiesrxx.exe
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k netsvcs
    C:\Program Files\HitmanPro\hmpsched.exe
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\system32\atieclxx.exe
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
    C:\windows\system32\Dwm.exe
    C:\windows\system32\taskhost.exe
    C:\windows\Explorer.EXE
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
    C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
    C:\windows\system32\svchost.exe -k imgsvc
    C:\windows\system32\TODDSrv.exe
    C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
    C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe
    C:\Users\STEELY DAN II\AppData\Roaming\uTorrent\uTorrent.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    C:\Program Files\TOSHIBA\TECO\TecoService.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\windows\system32\SearchIndexer.exe
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Users\STEELY DAN II\Downloads\AutoClicker\AutoClicker.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Users\STEELY DAN II\AppData\Local\Google\Chrome SxS\Application\chrome.exe
    C:\Users\STEELY DAN II\AppData\Local\Google\Chrome SxS\Application\chrome.exe
    C:\Users\STEELY DAN II\AppData\Local\Google\Chrome SxS\Application\chrome.exe
    C:\Users\STEELY DAN II\AppData\Local\Google\Chrome SxS\Application\chrome.exe
    C:\Users\STEELY DAN II\AppData\Local\Google\Chrome SxS\Application\chrome.exe
    C:\Users\STEELY DAN II\AppData\Local\Google\Chrome SxS\Application\chrome.exe
    C:\Users\STEELY DAN II\AppData\Local\Google\Chrome SxS\Application\chrome.exe
    C:\Users\STEELY DAN II\AppData\Local\Google\Chrome SxS\Application\chrome.exe
    C:\Users\STEELY DAN II\AppData\Local\Google\Chrome SxS\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\System32\svchost.exe -k WerSvcGroup
    C:\windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://search.yahoo.com?type=714647&fr=spigot-yhp-ie
    uProxyOverride = localhost;127.0.0.1;<local>;*.local
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
    uRun: [EasyTether] "C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe"
    uRun: [uTorrent] "C:\Users\STEELY DAN II\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
    uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{5B4D5D6B-3709-401D-812C-38B01D03FAAE} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{5B4D5D6B-3709-401D-812C-38B01D03FAAE}\3416D656C6F64733 : DHCPNameServer = 172.24.1.1
    TCP: Interfaces\{C4627585-9A35-4CA1-96EB-BC8AD0F14AC9} : DHCPNameServer = 8.8.8.8 8.8.4.4
    TCP: Interfaces\{CBEF9348-E751-4D83-B472-0F7A732F21BD} : DHCPNameServer = 75.75.75.75 75.75.76.76
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    Notify: SDWinLogon - SDWinLogon.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
    x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
    x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
    x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
    x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\STEELY DAN II\AppData\Roaming\Mozilla\Firefox\Profiles\qcr7ryhp.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - hxxp://search.yahoo.com?type=714647&fr=spigot-yhp-ff
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=714647&p=
    FF - plugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll
    FF - plugin: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
    FF - plugin: C:\Users\STEELY DAN II\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll
    FF - plugin: C:\windows\System32\Macromed\Flash\NPSWF64_11_8_800_94.dll
    FF - plugin: C:\windows\System32\npDeployJava1.dll
    FF - plugin: C:\windows\System32\npmproxy.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 avc3;avc3;C:\windows\System32\drivers\avc3.sys [2013-8-22 718840]
    R1 bdfwfpf;bdfwfpf;C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [2013-9-9 121928]
    R1 gzflt;gzflt;C:\windows\System32\drivers\gzflt.sys [2013-8-22 148696]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-5-23 143120]
    R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2012-2-19 204288]
    R2 gzserv;Bitdefender Antivirus Free Edition;C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [2013-8-29 64224]
    R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2013-9-8 109352]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-30 418376]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-30 701512]
    R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\windows\System32\drivers\AtihdW76.sys [2012-2-19 116752]
    R3 avckf;avckf;C:\windows\System32\drivers\avckf.sys [2013-8-22 593144]
    R3 easytether;easytether;C:\windows\System32\drivers\easytthr.sys [2012-4-10 20752]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2011-2-9 77424]
    R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-1-30 25928]
    R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2012-2-19 38096]
    R3 QIOMem;Generic IO & Memory Access;C:\windows\System32\drivers\QIOMem.sys [2009-6-15 12800]
    R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2012-2-19 1109096]
    R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
    R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
    R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 htcusbnet;HTC USB-NDIS miniport;C:\windows\System32\drivers\htcusbnet.sys [2012-4-10 153600]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2012-2-19 250984]
    S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;C:\windows\System32\drivers\rtsuvstor.sys [2012-2-19 307304]
    S3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
    S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
    .
    =============== Created Last 30 ================
    .
    2013-09-09 20:13:42 -------- d-sh--w- C:\$RECYCLE.BIN
    2013-09-09 20:05:23 98816 ----a-w- C:\windows\sed.exe
    2013-09-09 20:05:23 256000 ----a-w- C:\windows\PEV.exe
    2013-09-09 20:05:23 208896 ----a-w- C:\windows\MBR.exe
    2013-09-09 02:52:41 -------- d-----w- C:\Program Files\HitmanPro
    2013-09-09 02:52:08 -------- d-----w- C:\ProgramData\HitmanPro
    2013-09-09 01:15:13 -------- d-----w- C:\Users\STEELY DAN II\AppData\Roaming\SUPERAntiSpyware.com
    2013-09-09 01:15:05 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
    2013-09-09 01:15:05 -------- d-----w- C:\Program Files\SUPERAntiSpyware
    2013-09-08 21:48:57 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2013-09-08 21:20:23 -------- d-----w- C:\windows\ERUNT
    2013-09-08 19:21:03 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2013-09-08 19:10:06 -------- d-----w- C:\AdwCleaner
    2013-09-08 19:02:59 17272 ----a-w- C:\windows\System32\sdnclean64.exe
    2013-09-08 19:02:53 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
    2013-09-07 21:24:51 -------- d-----w- C:\Users\STEELY DAN II\AppData\Local\ElevatedDiagnostics
    2013-09-06 19:52:02 -------- d-----w- C:\Users\STEELY DAN II\Microsoft WINDOWS 8 1 RTM x64 ISO [ThumperDC]
    2013-08-22 10:09:06 261056 ----a-w- C:\windows\System32\drivers\avchv.sys
    2013-08-22 10:05:30 718840 ----a-w- C:\windows\System32\drivers\avc3.sys
    2013-08-22 10:05:30 593144 ----a-w- C:\windows\System32\drivers\avckf.sys
    2013-08-22 10:02:45 -------- d-----w- C:\Users\STEELY DAN II\AppData\Roaming\QuickScan
    2013-08-22 10:02:26 -------- d-----w- C:\Program Files\Bitdefender
    2013-08-22 10:02:24 148696 ----a-w- C:\windows\System32\drivers\gzflt.sys
    2013-08-22 10:02:21 382536 ----a-w- C:\windows\System32\drivers\trufos.sys
    2013-08-13 23:01:53 1472512 ----a-w- C:\windows\System32\crypt32.dll
    .
    ==================== Find3M ====================
    .
    2013-08-20 23:08:28 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-08-20 23:08:28 692104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
    2013-07-26 05:13:37 2241024 ----a-w- C:\windows\System32\wininet.dll
    2013-07-26 05:12:08 3958784 ----a-w- C:\windows\System32\jscript9.dll
    2013-07-26 05:12:04 136704 ----a-w- C:\windows\System32\iesysprep.dll
    2013-07-26 05:12:03 67072 ----a-w- C:\windows\System32\iesetup.dll
    2013-07-26 03:35:08 2706432 ----a-w- C:\windows\System32\mshtml.tlb
    2013-07-26 03:13:24 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
    2013-07-26 03:12:04 2877440 ----a-w- C:\windows\SysWow64\jscript9.dll
    2013-07-26 03:12:00 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
    2013-07-26 03:12:00 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
    2013-07-26 02:49:14 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
    2013-07-26 02:39:38 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe
    2013-07-26 01:59:38 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe
    2013-07-25 09:25:54 1888768 ----a-w- C:\windows\System32\WMVDECOD.DLL
    2013-07-25 08:57:27 1620992 ----a-w- C:\windows\SysWow64\WMVDECOD.DLL
    2013-07-19 01:58:42 2048 ----a-w- C:\windows\System32\tzres.dll
    2013-07-19 01:41:01 2048 ----a-w- C:\windows\SysWow64\tzres.dll
    2013-07-09 06:03:30 5550528 ----a-w- C:\windows\System32\ntoskrnl.exe
    2013-07-09 05:54:22 1732032 ----a-w- C:\windows\System32\ntdll.dll
    2013-07-09 05:53:12 243712 ----a-w- C:\windows\System32\wow64.dll
    2013-07-09 05:52:52 224256 ----a-w- C:\windows\System32\wintrust.dll
    2013-07-09 05:51:16 1217024 ----a-w- C:\windows\System32\rpcrt4.dll
    2013-07-09 05:46:20 184320 ----a-w- C:\windows\System32\cryptsvc.dll
    2013-07-09 05:46:20 139776 ----a-w- C:\windows\System32\cryptnet.dll
    2013-07-09 05:03:34 3968960 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
    2013-07-09 05:03:34 3913664 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
    2013-07-09 04:53:47 1292192 ----a-w- C:\windows\SysWow64\ntdll.dll
    2013-07-09 04:52:33 663552 ----a-w- C:\windows\SysWow64\rpcrt4.dll
    2013-07-09 04:52:33 5120 ----a-w- C:\windows\SysWow64\wow32.dll
    2013-07-09 04:52:10 175104 ----a-w- C:\windows\SysWow64\wintrust.dll
    2013-07-09 04:46:31 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
    2013-07-09 04:46:31 1166848 ----a-w- C:\windows\SysWow64\crypt32.dll
    2013-07-09 04:46:31 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
    2013-07-09 04:45:07 44032 ----a-w- C:\windows\apppatch\acwow64.dll
    2013-07-09 02:49:42 25600 ----a-w- C:\windows\SysWow64\setup16.exe
    2013-07-09 02:49:41 7680 ----a-w- C:\windows\SysWow64\instnm.exe
    2013-07-09 02:49:39 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
    2013-07-09 02:49:38 2048 ----a-w- C:\windows\SysWow64\user.exe
    2013-07-06 06:03:53 1910208 ----a-w- C:\windows\System32\drivers\tcpip.sys
    2013-06-15 04:32:16 39936 ----a-w- C:\windows\System32\drivers\tssecsrv.sys
    .
    ============= FINISH: 13:41:49.15 ===============
     
  2. ddp

    ddp Moderator Staff Member

    Joined:
    Oct 15, 2004
    Messages:
    39,008
    Likes Received:
    77
    Trophy Points:
    128
    hello loco, have you tried system restore even in safemode to before the problem started?
     
  3. LOCOENG

    LOCOENG Moderator Staff Member

    Joined:
    Feb 4, 2005
    Messages:
    11,493
    Likes Received:
    2
    Trophy Points:
    118
    I did, but it wouldn't complete...I got an error that my AV was preventing it, but I turned it all off before hand. Safe mode or regular mode.
     
  4. ddp

    ddp Moderator Staff Member

    Joined:
    Oct 15, 2004
    Messages:
    39,008
    Likes Received:
    77
    Trophy Points:
    128
    uninstall the av than retry the system restore.
     
  5. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,687
    Likes Received:
    35
    Trophy Points:
    78
    Hi LOCOENG, it's been a long, long time. hate to hear from you under these circumstances...

    Sounds like you have picked up the ZeroAccess rootkit that can completely destroy your operating system.

    Run this one and maybe it will show up to see if that's what it really is:
    if it is; system restore won't work.

    RogueKiller

    Please download and save RogueKiller to your Desktop.
    32bit -> HERE!
    64bit -> HERE!

    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start" For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+

    EDIT sorry see that you have ran RK missed it..

    2oG
     
    Last edited: Sep 10, 2013
  6. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,687
    Likes Received:
    35
    Trophy Points:
    78
    The last time I got a ZeroAccess Rootkit it fragmented my OS all over the disk and nothing would work.
    The way I found it was that I had MyDefrag and it gave me a picture of the OS fragmentation. The way I fixed it was that I had a Image backup of my C drive from Acronis True Image. Saved my ass!
     
  7. LOCOENG

    LOCOENG Moderator Staff Member

    Joined:
    Feb 4, 2005
    Messages:
    11,493
    Likes Received:
    2
    Trophy Points:
    118
    Interesting....after DDP asking about the restore I tried that as I hadn't after starting the removal processes. The restore failed, but webpages that weren't loading before are now loading. I'll watch it tonight and see about system freezes/lockups. Maybe trying to restore shook something loose :p
     
  8. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,687
    Likes Received:
    35
    Trophy Points:
    78
    Hopefully... Fingers crossed for you.
     

Share This Page