New
#11
Do you know how long the Prescan is supposed to run? its been checking the processes on rundll32.exe for quit a while.
Do you know how long the Prescan is supposed to run? its been checking the processes on rundll32.exe for quit a while.
GilV37,
If RogueKiller has not finished, just cancel it out, and let's press on...
BTW, this might be the largest fixlist ever processed by this program.
There are still toolbars and other "stuff", as well as files that may be malware. However, we'll handle those after we get done with this run.
Please open Notepad (Start > All Programs > Accessories > Notepad)
Copy/paste all the text inside the quote box to Notepad (Do not copy the word 'Quote')
In Notepad, click File (at the top), and select: Save as...
In the Save as prompt, name the file fixlist.txt, and save it to the Desktop <<---Important!!
NOTE. It is important that FRST64 and the fixlist.txt are in the same location (Desktop) or this will not work.start
HKCU\...\Run: [Gogeecni] "C:\Users\Ferreira Family\AppData\Roaming\Mufin\aluce.exe" [208896 2013-01-02] ()
HKCU\...\Run: [Dehyquu] "C:\Users\Ferreira Family\AppData\Roaming\Yrvihu\yccif.exe" [208896 2013-02-08] ()
HKCU\...\Run: [Internet Security] C:\ProgramData\amsecure.exe [830976 2013-05-07] (Apple Computer, Inc.)
HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] C:\Users\FERREI~1\AppData\Local\Temp\sibwxwx\sqonbam\wow64.dll ATTENTION! ====> ZeroAccess
HKLM-x32\...\Run: [] [x]
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\soxyme.exe ()
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\acaxku.exe (DT Soft Ltd)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\soxyme.exe ()
URLSearchHook: (No Name) - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - No File
URLSearchHook: (No Name) - {f4c28532-b9d0-4950-a2df-e83f9929242b} - No File
2013-05-07 17:31 - 2013-05-07 17:31 - 00000645 ____A C:\Users\Public\Desktop\Internet Security 2013.lnk
ZeroAccess: C:\$Recycle.Bin\S-1-5-21-2451089773-2969554723-1024505751-1000\$71d7cbe246470cbaec705e091023f4e2
ZeroAccess: C:\$Recycle.Bin\S-1-5-18\$71d7cbe246470cbaec705e091023f4e2
C:\Windows\svchost.exe
ATTENTION ====> Check for partition/boot infection.C:\ProgramData\amsecure.exe
C:\ProgramData\y86I4d8e.exe
C:\ProgramData\36m6K07.dat
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At10.job
C:\Windows\Tasks\At11.job
C:\Windows\Tasks\At12.job
C:\Windows\Tasks\At13.job
C:\Windows\Tasks\At14.job
C:\Windows\Tasks\At15.job
C:\Windows\Tasks\At16.job
C:\Windows\Tasks\At17.job
C:\Windows\Tasks\At18.job
C:\Windows\Tasks\At19.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At20.job
C:\Windows\Tasks\At21.job
C:\Windows\Tasks\At22.job
C:\Windows\Tasks\At23.job
C:\Windows\Tasks\At24.job
C:\Windows\Tasks\At25.job
C:\Windows\Tasks\At26.job
C:\Windows\Tasks\At27.job
C:\Windows\Tasks\At28.job
C:\Windows\Tasks\At29.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At30.job
C:\Windows\Tasks\At31.job
C:\Windows\Tasks\At32.job
C:\Windows\Tasks\At33.job
C:\Windows\Tasks\At34.job
C:\Windows\Tasks\At35.job
C:\Windows\Tasks\At36.job
C:\Windows\Tasks\At37.job
C:\Windows\Tasks\At38.job
C:\Windows\Tasks\At39.job
C:\Windows\Tasks\At4.job
C:\Windows\Tasks\At40.job
C:\Windows\Tasks\At41.job
C:\Windows\Tasks\At42.job
C:\Windows\Tasks\At43.job
C:\Windows\Tasks\At44.job
C:\Windows\Tasks\At45.job
C:\Windows\Tasks\At46.job
C:\Windows\Tasks\At47.job
C:\Windows\Tasks\At48.job
C:\Windows\Tasks\At5.job
C:\Windows\Tasks\At6.job
C:\Windows\Tasks\At7.job
C:\Windows\Tasks\At8.job
C:\Windows\Tasks\At9.job
TDL4: custom:26000022 <===== ATTENTION!
end
Now, run FRST64 and press the Fix button, just once, and wait.
When done, the tool makes a log on the Desktop: Fixlog.txt
Please post Fixlog.txt in your reply.
Try to boot the computer into normal Windows and post back on what happens.
NOTICE: This script was written specifically for GilV37, for use on this particular computer.
Running this on another computer may cause damage to the Operating System!!
Was up and running in windows for about 30 seconds, and got the bsod again. I took a snapshot of it and going to upload the photo. also attached is the fixlog.txt file.
I think we are ok now. I goggled that other error and it said to uninstall the video drive and reinstall it. Did that and the PC has been stable now for about 10 mins.
Good job, GilV37!!
Please try running RogueKiller now. Presuming you are in normal Windows.
It should not hang.
There is more to do here, but, let's go one step at a time. We do not want to return to another BSOD.
Will be back in about 30 minutes.
Ok, I Ran it, and I have attached the report file.
Let's press on with RogueKiller...
•Please quit all programs
•Right-click the RogueKiller file and select 'Run as Administrator'
•Wait until the Prescan finishes
•Press: Scan
•Once the scan is done, press the [Delete] button.
Please post the new RKreport (Mode: Delete) in your reply.
(It is created on the Desktop.)
Presume you are still in Windows, if not, let me know.
Please go to the TDSSKiller Download
Select the .exe version
Double-click on TDSSKiller.exe to run the program.
When the TDSSKiller console opens, click on: Change Parameters
Under Additional Options, place a check in the box next to: Detect TDLFS File System
Click: OK
Press: Start Scan
•If a suspicious object is detected by this program, the default action is Skip. Leave this action as is, and click on: Continue
•If malicious objects are found, they show in the Scan results.
Ensure Cure (the default action) is selected, then click: Continue > Reboot now, to finish the cleaning process.
(Note: If Cure is not available, select Skip, >>Do not select: Delete<<)
When done, the tool creates a log on the disk with the Windows Operating System, normally C:\
Logs have a name like:
C:\TDSSKiller.X.X.X_1.05.2013_15.31.43_log.txt
Please attach the TDSSKiller log in your reply.
Now, let's see if there are services damaged.
Please press on with Downloading Farbar Service Scanner
Save to the Desktop.
Please provide the FSS.txt in your reply.
- Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
- Press: Scan
- FSS creates a log, FSS.txt, on the Desktop.