GT500

Emsisoft Employee
  • Content Count

    13123
  • Joined

  • Days Won

    400

Everything posted by GT500

  1. OK, we should be able to use ComboFix to get rid of some of those broken services. I have written a script that will tell ComboFix how to delete some broken services from your logs. Here are instructions on what to do with the script: Download an updated version of ComboFix from one of the following links: [list=] BleepingComputer InfoSpyware [*] Turn off your Anti-Virus software. [*] Click your Start button, go to All Programs (or just Programs on Vista and Windows 7), go to Accessories, and then open Notepad. [*] Please copy and paste the contents of the box below into Notepad (here is a link to instructions if you do not know how to copy and paste): http://support.emsisoft.com/topic/7520-please-help-with-trojancrypte2/ KillAll:: Driver:: zppinger zpjava zpaction zdeviceservice ZDCNDIS5 zBackupAssistService z800obex yediex yats32 XilinxPC4Driver XFX_program XDva004 xaudioservice wzcsvc Wuser32 WUSB54GPV4SRV WUSB54GCSVC WPFFontCache_v0400 wpdusb wmp54gv4svc WmFilter WmBEnum WLAN_USB wkscfgsrv WISTechVIDCAP winvnc4 winpowerrmi winpower windowblinds winachcf WimFltr WGX websenselogserver websensecommunicationagent webrootenterpriseclientservice w810obex w800obex w550bus w39n51 w300bus vzupsvc vzfw vtserver vserial vsapint vrfwsvc VRcore VrAcFil vpn5000service vncdrv vmparport vmodem vmnetuserif vmkbd2 vmauthdservice videX32 Video3D viaudio vet-rec vetmsgnt vetmonnt vetfddnt VCIDRV VCAM VAIOMediaPlatform-PhotoServer-HTTP VAIOMediaPlatform-MusicServer-HTTP vaiomediaplatform-integratedserver-upnp USBModem usbio USBCamera usb_rndisx USB_NDIS_51 UCTblHid U81xmdfl U81xbus U2SP tvtpktfilter TUWinStylerThemeSvc tunnelguardservice trufos truecrypt trioservice trayman traprcvr transarcafsdaemon tosrfcom tosporte tomcatcws3 tng-dtmg tnbrlds tmesrv3 tifm TIEHDUSB thpsrv teefer tdsmapi tdimsys TClass2k tbhsd syslogd sysenforce symsecureport symlcbrd SymIMMP symids symevent symc8xx symappcore symantecantibotagent sym_u3 swwd SWUMX51 SWUMX20 SWNC8U20 SWNC5E00 SWMX00 svv svcwrsssdk suservice surveyor stylexphelper stunnel StkAMini stirusb sthda steamdvr statusagent StarOpen ssscsisv sr SQLBrowser spsslm sprtsvc_smartagent spmd sparrow sonypvu1 softfax SNP2STD snmptrapdservice SndTDriverV32 snac SMTPSVC SMNDIS5 SMCB000 SlWdmSup slservice slapd-data52 sisnic siskp siside SiSGbeXP SiS7018 SIODRV si3114r Shockprf sglfb SGHIDI sfusvc) Zd1211u(zydas sfsync04 sfng32 sfman sfhlp01 SerTVOutCtlr ser2plms SECYPUSB SeaPort se59mdfl se58obex se58mgmt se58bus se44mdm SE2Emgmt SE2Emdfl se2Cunic SE2Cbus SE2Bmdm SE26mdfl sdhelper sddmi2 sdcoreservice screadspool scdemu sbservice SaiU040B SaiMini sagefserver S7oppilx s616obex s616mdfl s125mgmt s117nd5 s116nd5 rxmssync RTLE8023xp RTL8023xp rtl8023 rt2500usb rt2500 rsvp RSAFAL RR2Ctrl rpcapd rollbackclientservice ROB_V RMSvc rmedia rksample rkhdrv31 risdptsk rimsptsk remotelyanywhere regsrvc Rawwan RAPIProtocol rapapp QV2KUX qserver ql1240 qconsvc pxfhbus pwisvc PTDCMdm psdistributionagent psadd prtg4service prodrv06 procexp90 prevxdriver prevxagent PQNTDrv pmsveh pmj151la pinetmgr PhilCam8116 pgsql-8.0 pepifilter pensup penrendezvous pdlnepkt pdlnebas pdlndldl pdiddcci pcx1unic pctoolsfirewallplus PCTINDIS5 pclepci pca pav_service passthru papyjoy papycpu2 Packet p2pgasvc P16X ossrv OsaFsLoc oraclesnmppeermasteragent oracleservicelocalora oracleorahomepagingserver oracleorahomedatagatherer oraclemtsrecoveryservice oracleformsserver-forms60server-oraform oracledbconsoleorcl openvpnservice ooclevercacheagent olapserver odysseyIM4 odysseyIM3 NWSNS NWFILTER NWDNS NVXBAR NVTCP nvstor64 nvport nvnetbus nvgts nvatabus nvata nv4 nuvaud2 ntuneservice ntlmssp nscservice NPPTNT npkcusb npkcsvc npfmntor npapimon nod32krn nmwcdcj nmap nidomainservice NICSer_WPC300N ni_nic nhcDriverDevice ngserver ngdbserv netw4x32 NETw3x32 netsvc neokdss NCPro navapel navap mysqlinventime MxlW2k MTsensor mssql$microsoftsmlbiz MSSQL$AUTODESKVAULT mskservice msi_wlan_service msgsrvservice MSFWDrv MSCamSvc mrobeservice MRESP50a64 MRESP50 mraid35x mqdmmdm MQAC mps9 MpFilter mmc_2K mhn mgabg mdmxsdk mdm mcvsrte mcusrmgr mcproxy mcontrol mcmscsvc mclogmanagerservice maxbackserviceint MaVctrl MaRdPnp mail2ec MagicTune mafwboot macformatservice MA8032U MA8032M lxdm_device lxcz_device lxcg_device lxcf_device lxcc_device lxby_device lxbx_device lvsrvlauncher lvpr2mon lvmvdrv lvckap LVBulk lpx lp6nds35 logmein lockmgr LMS LMouKE LMouFilt LMIRfsDriver lmimaint lktimesync LHidFilt lcs lbrtfdc L1e Ktp KS0108 KMW_KBD kmixer KLOGNT kbfiltr k750obex jsdaemon JiaoIO JiaoCap jaguar iwebcal IWCA ithsgt iteatapi itchfltr issvc issm iSMBIOS isapisearch ipssvc ipsraidn IPSECSHM IPFilter ipcsvc iPassPeriodicUpdateService iPassPeriodicUpdateApp ip6fw Invoker IntelC52 inport ino_flpy infrastructure incdsrv incdrm incdpass imap4d32 iksyssec IJPLMSVC igateway iftpsvc IFP700 idisw2km icollectservice ibmcicstransactiongateway IASJet iap iam iAimTV6 iAimTV5 iaimtv1 iAimFP7 i81x i2omp hwpsgt hwdatacard hsxhwazl HPFECP20 hpci houdinilicenseserver hidgame hf30service hcwPVRP2 hap17v2k GVCplDrv gotomypc GoToAssist GoogleDesktopManager-010708-104812 GoBack2K giveio ghaio gdrv GBDevice FVXSCSI ftpds FreeTdi freepops freebsd forcewarewebinterface fix FirePM firelm01 fips filterservice filemon701 filechecker FETNDIS fa_scheduler Exportit EU3_USB epoxusdm eloggersvc6 elockservice elnkupdateservice eamon eabfiltr DynDNS_Updater_Service dvpapi dsproct dsbrokerservice drvnddm drvmcdb dntus26 dnsexit dmio d-link_st3402 DLH5X dlbu_device dlaudfam digictrl DeviceScanner Defrag32b deckzpsx dcstor32 dcpflics DCamUSBMke2 DCamUSBGrandTek DCamUSBDXGTech dbmang db2jds CXAVXBAR cwafreportscheduler cusrvc ctxcpuusync ctprxy2k CTEXFIFX.DLL CTEDSPSY.DLL ctdvda2k ctaud2k cpqnicmgmt cpqfcalm cportclm COMMONFX.DLL com0com cmdagent clr_optimization_v2.0.50215_32 citrixxteserver cicsclient centennialclientagent CDRPDACC cdr4_xp cdr4_2k cdmservice c-dillasrv CdaD10BA CdaC15BA ccsetmgr ccalib8 cavasm ca-messagequeuing CAMCHALA CAMCAUD Cam5603C caisafe cachemgr caccprovsp CA561 bwsvc bwmservice btwrchid btwmodem btnhnd btnetfilter bt3cser BsHelpCS BRCMDECO botcbs blueservice blueletaudio bh611 bgsvcgen beatjamupnpmusicserver bdselfpr bdfdll bcftdi bantext backupexecrpcservice backupexecagentaccelerator axsnmsvc avp avgtdi avgfwsrv avgclean avg7updsvc AVerBDA ATSWPDRV atmeltpm atkkeyboardservice atkdisplf ativraxx atinrvxx atikmdag ATIBTCAP ati atfsd atdisk AtcL002 atchksrv asuskeyboardservice aslm75 artourservice arp1394 Appn APLMp50 antivirservice amon AmdLLD ALYac_PZSrv Alpham1 AlKernel aliadwdm alcxsens alcan5wn akshhl aic78u2 agpcpq agnwifi agentsrv AFGSp50 aexnsclienttransport aec aeaudio ADSMService adobeversioncue adobeactivefilemonitor5.0 acsvc ac97intc abp480n5 a8djavs A88xEnc a016obex a016mdfl {a7447300-8075-4b0d-83f1-3d75c8ebc623} {85ccb53b-23d8-4e73-b1b7-9ddb71827d9b} NetSvc:: zppinger zpjava zpaction zdeviceservice ZDCNDIS5 zBackupAssistService z800obex yediex yats32 XilinxPC4Driver XFX_program XDva004 xaudioservice wzcsvc Wuser32 WUSB54GPV4SRV WUSB54GCSVC WPFFontCache_v0400 wpdusb wmp54gv4svc WmFilter WmBEnum WLAN_USB wkscfgsrv WISTechVIDCAP winvnc4 winpowerrmi winpower windowblinds winachcf WimFltr WGX websenselogserver websensecommunicationagent webrootenterpriseclientservice w810obex w800obex w550bus w39n51 w300bus vzupsvc vzfw vtserver vserial vsapint vrfwsvc VRcore VrAcFil vpn5000service vncdrv vmparport vmodem vmnetuserif vmkbd2 vmauthdservice videX32 Video3D viaudio vet-rec vetmsgnt vetmonnt vetfddnt VCIDRV VCAM VAIOMediaPlatform-PhotoServer-HTTP VAIOMediaPlatform-MusicServer-HTTP vaiomediaplatform-integratedserver-upnp USBModem usbio USBCamera usb_rndisx USB_NDIS_51 UCTblHid U81xmdfl U81xbus U2SP tvtpktfilter TUWinStylerThemeSvc tunnelguardservice trufos truecrypt trioservice trayman traprcvr transarcafsdaemon tosrfcom tosporte tomcatcws3 tng-dtmg tnbrlds tmesrv3 tifm TIEHDUSB thpsrv teefer tdsmapi tdimsys TClass2k tbhsd syslogd sysenforce symsecureport symlcbrd SymIMMP symids symevent symc8xx symappcore symantecantibotagent sym_u3 swwd SWUMX51 SWUMX20 SWNC8U20 SWNC5E00 SWMX00 svv svcwrsssdk suservice surveyor stylexphelper stunnel StkAMini stirusb sthda steamdvr statusagent StarOpen ssscsisv sr SQLBrowser spsslm sprtsvc_smartagent spmd sparrow sonypvu1 softfax SNP2STD snmptrapdservice SndTDriverV32 snac SMTPSVC SMNDIS5 SMCB000 SlWdmSup slservice slapd-data52 sisnic siskp siside SiSGbeXP SiS7018 SIODRV si3114r Shockprf sglfb SGHIDI sfusvc) Zd1211u(zydas sfsync04 sfng32 sfman sfhlp01 SerTVOutCtlr ser2plms SECYPUSB SeaPort se59mdfl se58obex se58mgmt se58bus se44mdm SE2Emgmt SE2Emdfl se2Cunic SE2Cbus SE2Bmdm SE26mdfl sdhelper sddmi2 sdcoreservice screadspool scdemu sbservice SaiU040B SaiMini sagefserver S7oppilx s616obex s616mdfl s125mgmt s117nd5 s116nd5 rxmssync RTLE8023xp RTL8023xp rtl8023 rt2500usb rt2500 rsvp RSAFAL RR2Ctrl rpcapd rollbackclientservice ROB_V RMSvc rmedia rksample rkhdrv31 risdptsk rimsptsk remotelyanywhere regsrvc Rawwan RAPIProtocol rapapp QV2KUX qserver ql1240 qconsvc pxfhbus pwisvc PTDCMdm psdistributionagent psadd prtg4service prodrv06 procexp90 prevxdriver prevxagent PQNTDrv pmsveh pmj151la pinetmgr PhilCam8116 pgsql-8.0 pepifilter pensup penrendezvous pdlnepkt pdlnebas pdlndldl pdiddcci pcx1unic pctoolsfirewallplus PCTINDIS5 pclepci pca pav_service passthru papyjoy papycpu2 Packet p2pgasvc P16X ossrv OsaFsLoc oraclesnmppeermasteragent oracleservicelocalora oracleorahomepagingserver oracleorahomedatagatherer oraclemtsrecoveryservice oracleformsserver-forms60server-oraform oracledbconsoleorcl openvpnservice ooclevercacheagent olapserver odysseyIM4 odysseyIM3 NWSNS NWFILTER NWDNS NVXBAR NVTCP nvstor64 nvport nvnetbus nvgts nvatabus nvata nv4 nuvaud2 ntuneservice ntlmssp nscservice NPPTNT npkcusb npkcsvc npfmntor npapimon nod32krn nmwcdcj nmap nidomainservice NICSer_WPC300N ni_nic nhcDriverDevice ngserver ngdbserv netw4x32 NETw3x32 netsvc neokdss NCPro navapel navap mysqlinventime MxlW2k MTsensor mssql$microsoftsmlbiz MSSQL$AUTODESKVAULT mskservice msi_wlan_service msgsrvservice MSFWDrv MSCamSvc mrobeservice MRESP50a64 MRESP50 mraid35x mqdmmdm MQAC mps9 MpFilter mmc_2K mhn mgabg mdmxsdk mdm mcvsrte mcusrmgr mcproxy mcontrol mcmscsvc mclogmanagerservice maxbackserviceint MaVctrl MaRdPnp mail2ec MagicTune mafwboot macformatservice MA8032U MA8032M lxdm_device lxcz_device lxcg_device lxcf_device lxcc_device lxby_device lxbx_device lvsrvlauncher lvpr2mon lvmvdrv lvckap LVBulk lpx lp6nds35 logmein lockmgr LMS LMouKE LMouFilt LMIRfsDriver lmimaint lktimesync LHidFilt lcs lbrtfdc L1e Ktp KS0108 KMW_KBD kmixer KLOGNT kbfiltr k750obex jsdaemon JiaoIO JiaoCap jaguar iwebcal IWCA ithsgt iteatapi itchfltr issvc issm iSMBIOS isapisearch ipssvc ipsraidn IPSECSHM IPFilter ipcsvc iPassPeriodicUpdateService iPassPeriodicUpdateApp ip6fw Invoker IntelC52 inport ino_flpy infrastructure incdsrv incdrm incdpass imap4d32 iksyssec IJPLMSVC igateway iftpsvc IFP700 idisw2km icollectservice ibmcicstransactiongateway IASJet iap iam iAimTV6 iAimTV5 iaimtv1 iAimFP7 i81x i2omp hwpsgt hwdatacard hsxhwazl HPFECP20 hpci houdinilicenseserver hidgame hf30service hcwPVRP2 hap17v2k GVCplDrv gotomypc GoToAssist GoogleDesktopManager-010708-104812 GoBack2K giveio ghaio gdrv GBDevice FVXSCSI ftpds FreeTdi freepops freebsd forcewarewebinterface fix FirePM firelm01 fips filterservice filemon701 filechecker FETNDIS fa_scheduler Exportit EU3_USB epoxusdm eloggersvc6 elockservice elnkupdateservice eamon eabfiltr DynDNS_Updater_Service dvpapi dsproct dsbrokerservice drvnddm drvmcdb dntus26 dnsexit dmio d-link_st3402 DLH5X dlbu_device dlaudfam digictrl DeviceScanner Defrag32b deckzpsx dcstor32 dcpflics DCamUSBMke2 DCamUSBGrandTek DCamUSBDXGTech dbmang db2jds CXAVXBAR cwafreportscheduler cusrvc ctxcpuusync ctprxy2k CTEXFIFX.DLL CTEDSPSY.DLL ctdvda2k ctaud2k cpqnicmgmt cpqfcalm cportclm COMMONFX.DLL com0com cmdagent clr_optimization_v2.0.50215_32 citrixxteserver cicsclient centennialclientagent CDRPDACC cdr4_xp cdr4_2k cdmservice c-dillasrv CdaD10BA CdaC15BA ccsetmgr ccalib8 cavasm ca-messagequeuing CAMCHALA CAMCAUD Cam5603C caisafe cachemgr caccprovsp CA561 bwsvc bwmservice btwrchid btwmodem btnhnd btnetfilter bt3cser BsHelpCS BRCMDECO botcbs blueservice blueletaudio bh611 bgsvcgen beatjamupnpmusicserver bdselfpr bdfdll bcftdi bantext backupexecrpcservice backupexecagentaccelerator axsnmsvc avp avgtdi avgfwsrv avgclean avg7updsvc AVerBDA ATSWPDRV atmeltpm atkkeyboardservice atkdisplf ativraxx atinrvxx atikmdag ATIBTCAP ati atfsd atdisk AtcL002 atchksrv asuskeyboardservice aslm75 artourservice arp1394 Appn APLMp50 antivirservice amon AmdLLD ALYac_PZSrv Alpham1 AlKernel aliadwdm alcxsens alcan5wn akshhl aic78u2 agpcpq agnwifi agentsrv AFGSp50 aexnsclienttransport aec aeaudio ADSMService adobeversioncue adobeactivefilemonitor5.0 acsvc ac97intc abp480n5 a8djavs A88xEnc a016obex a016mdfl {a7447300-8075-4b0d-83f1-3d75c8ebc623} {85ccb53b-23d8-4e73-b1b7-9ddb71827d9b} [*] Save this as a Text Document named CFScript in the same location as ComboFix (which should be on your desktop). [*] Close Notepad and verify that the CFScript file is saved on your desktop. [*] Referring to the animated picture below, click the left mouse button on top of the CFScript icon on your desktop, then holding the mouse button down drag the CFScript icon on your desktop onto the ComboFix icon, and then drop it (let go of the mouse button) on top of the ComboFix icon: When finished, it will display a new log in Notepad. Please attach that log to a reply the same way you did before. If you prefer, you can save the log on your desktop to make it easier to find.
  2. My apologies, I may have made an incorrect assumption when I read your post. What version of Online Armor do you have installed? I assume that this is happening on Windows XP?
  3. There's still some strange services in that log. Please download Farbar Service Scanner, save it on your desktop, and follow the instructions below to get me a log. Make sure the following options are checked: Internet Services Windows Firewall System Restore Security Center Windows Update [*]Press "Scan". [*]It will create a log (FSS.txt) in the same directory the tool is run. [*]Please attach the log to a reply by clicking on the More Reply Options button to the lower-right of where you type your reply.
  4. Please follow the instructions at this link to start your computer in Safe Mode With Networking and then try ComboFix again.
  5. Please download ComboFix from one of the following links, and follow the instructions below to run it. Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop Link 1 Link 2 * IMPORTANT !!! Save Combo-Fix to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools See HERE for help Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: (This applies to Windows XP systems only) If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, ComboFix will produce a log. Note: 1. Do not mouseclick combofix's window while it's running. That may cause it to stall! 2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet. Attach logs for: (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS) ComboFix (C:\combofix.txt) Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
  6. That log looks OK. Go ahead and get me a fresh OTL log, and we'll go from there.
  7. I could have come bundled with something else. Since it does appear to be questionable, lets go ahead and remove it with OTL. I have written a cleanup script for OTL (if you need to, you may download OTL from this link). Please copy the contents of the following CODE box, and in OTL under the Custom Scans/Fixes box at the bottom, paste in what you just copied from the following CODE box: :OTL O4 - HKLM..\Run: [jsafesurf] C:\js\safesurf.exe (JetSwap Inc.) [2012/03/11 01:02:54 | 000,000,000 | -H-D | C] -- C:\js :Commands [EMPTYTEMP] Then click the Run Fix button at the top. Let the program run unhindered, restart your computer when it is done (it may automatically restart your computer on its own). After your computer has restarted, please open OTL again and click the Quick Scan button. Attach the log it produces in your next reply (just the OTL log, as I don't need to see the Extras log again). You will need to click the button that says More Reply Options to the lower-right of where you type your reply to be presented with the attachment controls.
  8. OK, things are looking pretty good. Is your computer still displaying any symptoms of an infection?
  9. OK, lets move that file back before we proceed: Please download BlitzBlank from , and save it on your desktop. Run BlitzBlank from the icon on your desktop. It will display a warning. Click OK to continue. Switch to the Script tab. Copy and paste the contents of the following box into the big white box on the Script tab: MoveFile: C:\IpsPlugin.dll "C:\Program Files\Common Files\Microsoft Shared\ink\IpsPlugin.dll" After pasting the script in the box above into the white box in BlitzBlank, please click the Execute button in the lower-right corner. A message will appear warning you that BlitzBlank is going to restart your computer. Make sure that anything you were working on is saved, and click OK to allow it to restart your computer. When your computer is starting up you should see an odd black screen with some white text on it. This is normal, and your computer will continue with its normal startup after a minute or two. Once your computer is finished starting up, there should be a log file saved as a Text Document named blitzblank in the root of your C: drive. Please attach that file to a reply by using the More Reply Options button to the lower-right of where you type in your reply.
  10. According to this Web Of Trust report the website go.jetswap.com has about a 75% trustworthiness rating (100% is the best possible score, and 0% is the worst possible score). On my first glance, I am only seeing one entry in your OTL log that appears to be related to this "SafeSurf" application. This ThreatExpert reports shows that parts of SafeSurf are detected by Ikarus and Kaspersky as a "Risk Tool", which means it is most likely unwanted software. This list of analysis reports at VirScan.org does not show consistent detections from anti-virus software, with a detection rate ranging from anywhere between 0% and 43%. Just for reference, there does appear to be a legitimate program named SafeSurf, so my first recommendation would be to upload the file to VirusTotal at this link and then post a link to the analysis in a reply for me to review. The file that you will want to upload is as follows: C:\js\safesurf.exe
  11. You're quite welcome. Please let us know if you have any further issues.
  12. Please download GMER from this link. Note that the file will have a random name, so make note of the file's name and save it to the root of your C: drive. Disconnect from the Internet and close all running programs. Temporarily disable any real-time active protection so your security program drivers will not conflict with this file. Click on this link to see a list of programs that should be disabled while running GMER (please try to avoid the advertisements on that page). Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator") Allow the driver to load if asked. You may be prompted to scan immediately if it detects rootkit activity. If you are prompted to scan your system click "No", save the log and post back the results. If not prompted, click the "Rootkit/Malware" tab. On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked. Select all drives that are connected to your system to be scanned. Click the Scan button to begin. (Please be patient as it can take some time to complete) When the scan is finished, click Save to save the scan results to your Desktop. Save the file as Results.log and please attach it to a reply by using the More Reply Options button to the lower-right of where you type in your reply (you may need to ZIP the log by right-clicking on it, going to Send to, and clicking on Compressed (zipped) folder before you can attach it). Exit the program and re-enable all active protection when done.
  13. Please download Crysis Aversion Tool from this link (you can run it from your USB flash drive), run it on the computer that is unable to access the Internet, and select the following fixes: Flush DNS Resolver Cache Repair Internet Explorer Reset All Networking Interfaces After selecting those three fixes, click the Apply Checked Fixes button, and it will tell you the progress in the lower-left corner. When it says that it is complete, you can close Crysis Aversion Tool, and restart your computer. Let me know if that repairs your Internet connection.
  14. OK, please download an updated version of ComboFix from one of the links below, disable any anti-virus software you have installed, and then ComboFix and get me a new log: Link 1 Link 2
  15. Please follow the instructions at this link to start your computer in Safe Mode With Networking and then try the ESET online scan again.
  16. Are you able to right-click on it and run it as administrator?
  17. OK, that log didn't show me what I thought it was going to show me. Lets go ahead and replace that file with the backup copy that ComboFix found, and then see if ComboFix will run normally after that. Please restart your computer (you may want to print out these instructions first), and immediately after the manufacturer's logo disappears (the one that you see every time you turn on your computer) start gently tapping the F8 key on your keyboard until you see a black screen with a list of options that looks like the screenshot below (you may need to click on the screenshot to see a larger version of it): Make sure that the Repair Your Computer option is highlighted (use the arrow keys on your keyboard to change which option is highlighted) and then press the Enter key on your keyboard to start the recovery environment. After Windows loads the recovery environment, you should be presented with a System Recovery Options screen that allows you to select your keyboard layout. If you don't know which one to select, then just click the Next> button. You will now be asked for the username and password to log in with. Please log in to an account that has administrative rights. If you only have one user account set up on your computer, then go ahead and use it. Windows should have automatically filled in the username for you, and if you don't use a password then just leave the box empty and click OK. Windows will present you with a list of recovery options. Please click the option for Command Prompt. In case you are not familiar with the Command Prompt in Windows, it is a program that will allow you to execute commands that you type out. You need to press Enter on your keyboard after you type in a command. Please go ahead and type in C: and then press Enter (this will tell the command prompt to switch to your C: drive). Now we need to delete the infected system file and replace it with the backup copy. Type in the following command to delete the infected file (making sure to press Enter afterwards): DEL c:\windows\System32\drivers\tdx.sys Assuming that there are no errors when attempting to delete that file, please type in the following command to replace it with the backup (making sure to press Enter afterwards): COPY c:\windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_ea141e6f3d693e28\tdx.sys c:\windows\System32\drivers\tdx.sys After that, you can close the command prompt by clicking the X button in the upper-right corner, and the restart your computer by clicking the Restart button. Once your computer is running normally, please download a new version of ComboFix from one of the links below, save it on your desktop, turn off any anti-virus and anti-spyware software that you have installed, and then run ComboFix and get me a new log. BleepingComputer InfoSpyware
  18. What happens if you attempt to open the Control Panel through the Start Menu?
  19. Please download GMER from this link. Note that the file will have a random name, so make note of the file's name and save it to the root of your C: drive. Disconnect from the Internet and close all running programs. Temporarily disable any real-time active protection so your security program drivers will not conflict with this file. Click on this link to see a list of programs that should be disabled while running GMER (please try to avoid the advertisements on that page). Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator") Allow the driver to load if asked. You may be prompted to scan immediately if it detects rootkit activity. If you are prompted to scan your system click "No", save the log and post back the results. If not prompted, click the "Rootkit/Malware" tab. On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked. Select all drives that are connected to your system to be scanned. Click the Scan button to begin. (Please be patient as it can take some time to complete) When the scan is finished, click Save to save the scan results to your Desktop. Save the file as Results.log and please attach it to a reply by using the More Reply Options button to the lower-right of where you type in your reply (you may need to ZIP the log by right-clicking on it, going to Send to, and clicking on Compressed (zipped) folder before you can attach it). Exit the program and re-enable all active protection when done.
  20. I deleted the logs you attached to your post because Fiddler logs can contain your license information for Emsisoft Anti-Malware (that information is verified by our servers on update and will wind up in your Fiddler log). Lets go ahead and proceed with cleanup, and if you still are unable to update Emsisoft Anti-Malware after that then we will worry about it once we are able to get things cleaned up with ComboFix and other utilities.
  21. Please download Rkill from one of the links below: rkill.exe rkill.com rkill.scr eXplorer.exe iExplore.exe WiNlOgOn.exe uSeRiNiT.exe The reason why there are 7 of them, each with a different name (and some of them with very funny names), is because some infections like to block security software from running. Start with the first one, and if it doesn't work then try the next one, and so on until you find one that works. Once you get one of the Rkill downloads to work, please run it a second time to make sure that it is no longer able to find any malicious processes still running. If it finds more, run it again to make sure that Rkill was able to stop any malicious processes still running on your computer. After running Rkill, please proceed with my previous instructions to run ComboFix, and if everything works OK then attach the log to a reply when it is done.
  22. OK, from what I'm seeing in that log, it should be OK to proceed with normal cleanup (no ZeroAccess infections detected). Please download ComboFix from one of the following links, and follow the instructions below to run it. Save as Combo-Fix.exe during the download. ComboFix must be renamed before you download to your Desktop Link 1 Link 2 * IMPORTANT !!! Save Combo-Fix to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools See HERE for help Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: (This applies to Windows XP systems only) If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, ComboFix will produce a log. Note: 1. Do not mouseclick combofix's window while it's running. That may cause it to stall! 2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet. Attach logs for: (USE THE "MORE REPLY OPTIONS" BUTTON TO BE ABLE TO DO THIS) ComboFix (C:\combofix.txt) Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!
  23. OK, according to that log ComboFix did not completely remove the ZeroAccess infection, and one of your system files is still infected. Fortunately, the ComboFix log shows a backup copy of the infected system file that appears to be clean. That backup copy can be used to replace the infected file. Before we do this, however, I will need some more information to ensure that we are not missing anything when we do this fix. Please run OTL again (you can download it from here if you need to), before clicking Run Scan make sure to type or copy and paste NETSVCS into the Custom Scans/Fixes box, and then click on the Run Scan button to start the scan. Please save the OTL log on your desktop when done, and attach it to a reply.
  24. No, if the file was moved then go ahead and run the ESET scan and attach the log for me when it is done. Here are the instructions again: Turn off your anti-virus software. Click on this link. Click on the ESET Online Scanner button. Put a check in the box that says YES, I accept the Terms of Use. Click the 'Start' button just to the right of the checkbox. Uncheck the box that says Remove found threats (this is very important). Click on Advanced settings. Put a check in the box that says Scan for potentially unsafe applications. Verify that Scan for potentially unwanted applications is also checked. Verify that Enable Anti-Stealth technology is also checked. Click the Start button in the lower-right corner of the page, and it will begin downloading it's database, and then it will start scanning. When the scan is done, if it shows a screen that says Threats found!, then click List of found threats, and then click Export to text file... (if nothing was found, then just let me know that no threats were found). Save that text file on your desktop, and then attach it to a reply (using the More Reply Options button in the lower-right corner of this forum topic) for me. Close the ESET online scan. I will take a look at the log, and let you know if anything needs removed.
  25. Just to clarify, the word 'malware' refers to "malicious software", which includes viruses, worms, spyware, trojans, rootkits, keyloggers, etc. Our developers are researchers take the definition of 'malware' literally, and they make sure that Emsisoft Anti-Malware covers all of these areas and more.