No program will open at all

Thank you

Yes you did. There's no obvious malware in this log but there are ~3 questionable files that we may remove just to be safe.

First though, I need you to reread my posts again and answer the questions I have asked.

 

Its a prompt free situation. None to be found at all.

 

Ok that's different than what you said earlier:

Which one of these is true? Please be detailed.

You have neglected to answer my remaining questions that I have asked you twice answers for. I need to know this information to better assist you.

• Were you allowed to turn User Account Control (UAC) off? (Step #2 here)
• Were you allowed to type in sfc /scannow from Safe Mode with Command Prompt? (Starting your computer in Safe Mode)
  • If you were able to, what messages did you receive? Once again, be specific!

 

No prompts from pdf, firefox.


When I click on rkill I get a message prompt saying "do you want to allow the following program from an unknown publisher to make changes to this computer. I click yes but nothing happens. The same prompt appears for combofix with the same response, or lack of one. Roguekiller too. The prompts look exactly like the second picture you attached.


The sfc scan was allowed in safe mode. It found nothing. "Windows resource protection did not find any integrity ..."



The uac did allow me to disable prompts. now when I click on rkill and combofix I get no prompt but they still do not run.

 

Thanks for clarifying

Do you have your data backed up? Some of the fixes I want to attempt may cause your system to become unbootable. Let me know.

 

Not that I am aware of. I cannot burn anything so that is out as far as saving files. What do you recommend?


By unbootable do u mean that windows will no longer run? Are we talking about reformatting my hd?

 

Copying / pasting your data (documents, music, pictures, videos, favorites, etc) to a flash drive using Windows Explorer (explorer.exe).

No we are not talking about reformatting your hard drive. Although that may need to be done if nothing else works.

Let me know when you have your data backed up and also let me know if you have any System Restore points prior to this infection.

 

No restore points. I have about 60 ,gbs of music. I am worried that if I move that in trips to another computer I might infect it by pasting the files.

 

Unfortunately we are running low on options at this point. I will leave the decision up to you.

 

What is it likely that I have? What are the chances of it spreading to a new computer from music and word docs,?


What does unbootable really mean?

 

TDL infection.

Low (if it is TDL)

That your PC doesn't boot into Windows. Possibly you'll get a bluescreen instead or it will say something like "bootmgr is missing".

Even if it does become unbootable, that is what FRST is for (to return your system to a booting state).

 

On the plus side my ipod is a record of all the music ive ripped onto my hf. I suppose I can use it to prioritize if everything gets wiped.


So what you are saying is there is a chance that instead of working it coukd backfire and the fix could leave me unbootable?

 

Yes, at least temporarily. I am here to try to help recover the system if that happens. This is why I recommended that you copy your data just in case I'm not successful.

 

Ok I'm ready when you are.

 

First ensure that you have FRST64.exe on your flash drive since you have a 64 bit OS.

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt
It has to be in the same directory as FRST64.exe!

Code:

start
2011-12-09 08:26 - 2011-12-09 08:26 - 0000050 ____A C:\Windows\dkfc.urn
2011-12-09 08:25 - 2011-12-09 08:25 - 0000008 ____A C:\Windows\kfct.dfc
2011-12-09 08:19 - 2011-12-09 08:19 - 0000008 ____A C:\Windows\dkdf.dfc
cmd: bootrec /fixmbr
Control: 
end

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please attach this log to your next reply. (How to attach)

 

Cool. So this is another similar scanning deal but with different parameters. Thank you for the code I will try it. Just out of curiosity what will the code do.

 

here it is

 

I assume there is no improvement? Are you even able to open Windows Explorer? :banghead

 

See if you are able to run either of the below programs:

• DDS.pif <--- If DDS produces a log, attach it!
• HitmanPro36_x64.exe <--- Make sure you click the "64Bit @Authors Site" download link for the 64 bit version of this program.
• RKill.scr <--- If this runs and produces a log, attach c:\Rkill.log

Be as detailed as possible on what exactly happens when you try to run the above programs.

 

If HitmanPro36_x64.exe was not able to open/scan, I want you to try the below set of instructions:

First, rename HitmanPro36_x64.exe to winlogon.exe
Now copy winlogon.exe to the root of C: ( C:\winlogon.exe ) If it's not here the below will not work!
Now open a Command Prompt with Admin permissions (Start -> All Programs -> Accessories -> Right mouse click "Command Prompt" and select "Run as Administrator".
The Command Prompt window should have opened (it's the black box)
Note: Any green text below is just informational. The bolded black text are the actual commands.
In the Command Prompt window, you should be seeing the following:

C:\Users\aoikirin>_ (the underscore is blinking)
Type in the following and then press ENTER:

cd .. That's cd[SPACE][period][period][ENTER]

You should now be here:

C:\Users>_

Type in the following and then press ENTER:

cd .. Same command again just like before --> cd[SPACE][period][period][ENTER]

Now you should be at the root of the C: drive with this showing:

C:>_

Once you are here, I want you to type in this final command and then press ENTER afterwards.

winlogon.exe /clean There is only a space AFTER the .exe

_______________________

Did Hitman Pro launch and start scanning? Be specific on what happened

 

Clever