Still Infected

cfessler · Oct 22, 2011

Hi... first of all THANK YOU for being here, I knew exactly where to go when the problem first popped up!!!!

Two days ago I discovered Google Searches were being redirected, to I came here and went thru the prescribed steps on the thread "Fixing Google Redirection/Hijacking Problems" After asking here first, I skipped the step for resetting the Router since the other PC that uses the router had no problems. The issue appeared to be resolved -- no more redirections.

Then I update my free AVIRA software to their 2012 free version and ran a full scan. No problems reported.

Yesterday morning I was at micfo.com our web hosting provider. Went to their page for video tutorials and selected one to view. When I pressed the play button for their youtube video, about a dozen narrow windows suddenly opened reporting a variety of problems. I immediately powered off my machine. When I powered up again, same thing. When I pressed the Start > All Programs, the list was blank.

AVIRA opened warning window saying:
A virus or unwanted program 'BOO/TDss.D' was found in Master boot sector of drive C: Please select a further action: Remove or Details.
I left it alone.
(This warning continue to appear throughout the entire process.)

So... going to a different computer I came here and printed out the instructions at READ & RUN ME FIRST, Malware Removal Guide. Downloaded the first 3 programs to a flash drive, and printed their instructions.

The infected pc was powered up in Safe Mode.
Running only one AV -- AVIRA free version
No Firewall software installed.

House Cleaning: In safe mode I wasn't able to uninstall anything, but the only ones from the list were Java 6 update 20 (64 bit), Java 6 update 23, and Ask Toolbar.
Unable to empty quarantine type folders.

I'm using 64-bit version of Windows, viewing extensions, hidden & system files.

Completed msconfig step.
Not using disk emulation software.

WIN 7 Procedure:

SAS -- ran portable version from flash drive. I rebooted as/when instructed.
When it completed I looked for a log file, but couldn't find one on the flash drive, or C:\. The summary box described in the instructions was empty.

Malwarebytes -- Renamed to MB.exe Ran as administrator.
Box popped up saying "Access Denied" Install not complete, then it deleted the icon from the desktop.
Since I'd loaded and run it for the Google Redirect issue 2 days ago, I used explorer to find it in Program Files (x86). Clicked on MBAM.exe to run it. It updated itself to version 7999. It appeared to run and complete properly.

ComboFix -- First attempt saw error msg. "Error opening file for writing C:\32788R22FWJFW\sed.3XE Abort / Retry / ignore. I used Retry but it seemed to get stuck. So I shut it down and tried again. It ran thru its paces as documented and took about an hour to complete.

RootRepeal -- skipped, since mine is 64 bit.

Ran MGtools. -- 2 times during this, a window popped up playing a video. GameWeaselTV is what I saw before I closed it. After the second appearance I disconnected my machine from the internet. It's a wireless connection, so I just pressed the F2 key which disconnects.

When everything was complete, I still had the AVIRA message about BOO/TDss.D. I finally clicked the Remove button. The message is gone now.

Remaining symptoms.... I keep getting a IE message box even though I use only Firefox. I didn't write down the msg., just keep closing the box with the X.

The Google Re-Direct problem has returned.

I'm attaching the log files (none for SAS, but I'm including GooredFix.txt since I ran it the day before.)

THANKS SO MUCH FOR YOUR HELP!

Carolyn

TimW · Oct 23, 2011

Go to the below link and follow the instructions for running TDSSKiller from Kaspersky

TDSSkiller - How to run

Be sure to attach your log from TDSSKiller

Please also download MBRCheck to your desktop.

See the download links under this icon http://forums.majorgeeks.com/chaslang/images/MGDownloadLoc.gif

Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
It will show a Black screen with some information that will contain either the below line if no problem is found:
- Done! Press ENTER to exit...
Or you will see more information like below if a problem is found:
- Found non-standard or infected MBR.
- Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.
Attach this log to your next message. (See: HOW TO: Attach Items To Your Post )

* Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
If it is not on your Desktop, the below will not work.
* Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
* If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
* Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):

Code:

KILLALL::

File::
C:\ProgramData\6DSS92c31Apgjk
DeQuarantine::
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\4
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Default Programs.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\desktop.ini
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Accessories
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Acronis Backup Software
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Adobe
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Adobe Reader X.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Adv. SystemCare 3
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Apple Software Update.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Avira
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Bluetooth
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Bluetooth ON-OFF use Options.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Canon MP500
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Coupons
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\CutePDF
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Dell
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Delta Flight Schedules
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\desktop.ini
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\EASEUS Todo Backup Home 2.0
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\EQ5.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\FileZilla FTP Client
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Games
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Google SketchUp 8
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Maintenance
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Microsoft
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Mozilla
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\PowerDVD DX.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\QuickTime
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Roxio
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Startup
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Tablet PC
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Webcam - Dell
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Windows Media Player.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Windows Stuff
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\XPS Viewer.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Z Folder3
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Accessories\Accessibility
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Accessories\Calculator.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Accessories\Desktop.ini
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Accessories\displayswitch.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Accessories\Math Input Panel.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Accessories\Mobility Center.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Accessories\Paint.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Accessories\Printkey2000.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Accessories\Remote Desktop Connection.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Accessories\Sidebar.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Accessories\Snipping Tool.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Accessories\Sound Recorder.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Accessories\Sticky Notes.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Accessories\Sync Center.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Accessories\UEDIT32.EXE - Shortcut.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Accessories\Welcome Center.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Accessories\Wordpad.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Accessories\Accessibility\Desktop.ini
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Accessories\Accessibility\Speech Recognition.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Character Map.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Desktop.ini
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\dfrgui.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Cleanup.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Resource Monitor.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\System Information.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\System Restore.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Task Scheduler.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools\Windows Easy Transfer.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC\Desktop.ini
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC\ShapeCollector.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC\TabTip.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC\Windows Journal.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\desktop.ini
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Acronis Backup Software\Acronis Backup and Security 2011
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Acronis Backup Software\Acronis Backup and Security 2011\Acronis True Image Home
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Acronis Backup Software\Acronis Backup and Security 2011\Acronis True Image Home\Acronis Web Site.url
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Acronis Backup Software\Acronis Backup and Security 2011\Acronis True Image Home\Tools and Utilities
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Acronis Backup Software\Acronis Backup and Security 2011\Acronis True Image Home\User's guide.url
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Component Services.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Computer Management.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Data Sources (ODBC).lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\desktop.ini
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Event Viewer.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\iSCSI Initiator.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Memory Diagnostics Tool.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Performance Monitor.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\services.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\System Configuration.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Task Scheduler.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Windows PowerShell Modules.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Adobe\Adobe Bridge CS5.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Adobe\Adobe Device Central CS5.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Adobe\Adobe Dreamweaver CS4.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Adobe\Adobe ExtendScript Toolkit CS4.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Adobe\Adobe ExtendScript Toolkit CS5.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Adobe\Adobe Extension Manager CS5.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Adobe\Adobe Photoshop CS5 (64 Bit).lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Adobe\Adobe Reader X.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Adv. SystemCare 3\Advanced SystemCare.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Adv. SystemCare 3\All Tools
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Adv. SystemCare 3\Uninstall Advanced SystemCare.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Adv. SystemCare 3\User Manual.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Adv. SystemCare 3\All Tools\Auto Shutdown.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Adv. SystemCare 3\All Tools\Cloned Files Finder.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Adv. SystemCare 3\All Tools\Context Manager.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Adv. SystemCare 3\All Tools\Disk Cleaner.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Adv. SystemCare 3\All Tools\Disk Doctor.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Adv. SystemCare 3\All Tools\Disk Explorer.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Adv. SystemCare 3\All Tools\Driver Backup.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Adv. SystemCare 3\All Tools\File Shredder.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Adv. SystemCare 3\All Tools\Game Booster.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Adv. SystemCare 3\All Tools\IE Helper.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Adv. SystemCare 3\All Tools\Internet Booster.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Adv. SystemCare 3\All Tools\Registry Defrag.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Adv. SystemCare 3\All Tools\Shortcuts Fixer.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Adv. SystemCare 3\All Tools\Smart RAM.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Adv. SystemCare 3\All Tools\Startup Manager.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Adv. SystemCare 3\All Tools\System Backup.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Adv. SystemCare 3\All Tools\System File Scan.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Adv. SystemCare 3\All Tools\System Information.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Adv. SystemCare 3\All Tools\Windows Manager.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Avira\Avira Desktop
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Avira\Avira Desktop\Avira Free Antivirus Help.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Avira\Avira Desktop\Avira on the Internet.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Avira\Avira Desktop\Display readme.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Avira\Avira Desktop\Start Avira Free Antivirus.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Bluetooth\--Settings (for ON-OFF use Options).lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Bluetooth\Add New Connection.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Bluetooth\Bluetooth Assistant.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Bluetooth\Bluetooth Information Exchanger.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Bluetooth\desktop.ini
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Bluetooth\Remote Camera.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Bluetooth\User's Guide.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Bluetooth\Wireless File Transfer.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Canon MP500\Readme.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Canon MP500\Uninstall.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Coupons\Coupons.com - Print Coupons.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Coupons\Uninstall Coupon Printer for Windows.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\CutePDF\PDF Writer
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\CutePDF\PDF Writer\Readme.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Dell\Dell Dock.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Dell\Dell Help Documentation.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Dell\Dell Support Center
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Dell\Service Agreements
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Dell\Dell Support Center\About Dell Support Center.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Dell\Dell Support Center\Dell Support Center Alerts.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Dell\Dell Support Center\Dell Support Center User Settings.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Dell\Dell Support Center\Dell Support Center.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Dell\Service Agreements\DHS.pdf.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Delta Flight Schedules\Delta Flight Schedules.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Delta Flight Schedules\UnInstall.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\EASEUS Todo Backup Home 2.0\EASEUS Todo Backup Home 2.0 Help.url
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\EASEUS Todo Backup Home 2.0\EASEUS Todo Backup Home 2.0.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\EASEUS Todo Backup Home 2.0\ReadMe.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\EASEUS Todo Backup Home 2.0\Uninstall EASEUS Todo Backup Home 2.0.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\EASEUS Todo Backup Home 2.0\Visit EASEUS on the Web.url
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\FileZilla FTP Client\Extra xxxxx
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\FileZilla FTP Client\FileZilla.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\FileZilla FTP Client\Uninstall.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Games\Chess.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Games\Desktop.ini
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Games\FreeCell.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Games\GameExplorer.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Games\Hearts.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Games\Internet Backgammon.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Games\Internet Checkers.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Games\Internet Spades.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Games\Mahjong.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Games\Minesweeper.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Games\More Games from Microsoft.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Games\Purble Place.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Games\Solitaire.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Games\Spider Solitaire.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Google SketchUp 8\Google SketchUp.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Backup and Restore Center.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Create Recovery Disc.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Desktop.ini
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Intel® Matrix Storage Console.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Maintenance\MozBackup.exe - Shortcut.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Maintenance\Remote Assistance.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware Help.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware\Uninstall Malwarebytes' Anti-Malware.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Microsoft\Microsoft Office Access 2007.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Microsoft\Microsoft Office Excel 2007.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Microsoft\Microsoft Office InfoPath 2007.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Microsoft\Microsoft Office PowerPoint 2007.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Microsoft\Microsoft Office PowerPoint Viewer 2007.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Microsoft\Microsoft Office Publisher 2007.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Microsoft\Microsoft Office Tools
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Microsoft\Microsoft Office Word 2007.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Microsoft\Microsoft Office Tools\Microsoft Office 2007 Language Settings.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Microsoft\Microsoft Office Tools\Microsoft Office Diagnostics.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Microsoft\Microsoft Office Tools\Microsoft Office Picture Manager.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Excel 2007.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Publisher 2007.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Word 2007.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2007 Language Settings.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Diagnostics.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Picture Manager.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Mozilla\MozBackup
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Mozilla\Mozilla Firefox (Safe Mode).lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Mozilla\Mozilla Firefox.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Mozilla\Thunderbird
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Mozilla\MozBackup\Homepage.url
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Mozilla\MozBackup\MozBackup.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Mozilla\MozBackup\Support.url
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Mozilla\MozBackup\Uninstall.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Mozilla\Thunderbird\Mozilla Thunderbird (Safe Mode).lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Mozilla\Thunderbird\Mozilla Thunderbird.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\QuickTime\About QuickTime.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\QuickTime\PictureViewer.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\QuickTime\QuickTime Player.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\QuickTime\Uninstall QuickTime.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Roxio\Roxio Burn.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Startup\desktop.ini
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Webcam - Dell\Dell Webcam Central.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Webcam - Dell\Live! Cam Avatar Creator
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Webcam - Dell\Live! Cam Avatar Creator\License Agreement.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Webcam - Dell\Live! Cam Avatar Creator\Live! Cam Avatar Creator Help.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Webcam - Dell\Live! Cam Avatar Creator\Live! Cam Avatar Creator.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Webcam - Dell\Live! Cam Avatar Creator\Read Me.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Webcam - Dell\Live! Cam Avatar Creator\Uninstall Live! Cam Avatar Creator.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Windows Stuff\desktop.ini
----a-w             1,345 2010-11-03 09:18:12  C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Windows Stuff\Media Center.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Windows Stuff\Windows Anytime Upgrade.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Windows Stuff\Windows DVD Maker.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Windows Stuff\Windows Fax and Scan.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Windows Stuff\Windows Media Player.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\1\Programs\Windows Stuff\Windows Update.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\4\Delta Flight Schedules.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\4\desktop.ini
C:\QooBox\Quarantine\C\Users\F\AppData\Local\Temp\smtmp\4\Embird 2010.lnk
C:\QooBox\Quarantine\C\Users\F\AppData\Roaming\Microsoft
C:\QooBox\Quarantine\C\Users\F\AppData\Roaming\Microsoft\Windows
C:\QooBox\Quarantine\C\Users\F\AppData\Roaming\Microsoft\Windows\Start Menu
C:\QooBox\Quarantine\C\Users\F\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
C:\QooBox\Quarantine\C\Users\F\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
C:\QooBox\Quarantine\Registry_backups\tcpip.reg
C:\QooBox\Quarantine\Registry_backups\Toolbar-Locked.reg.dat
C:\QooBox\Quarantine\Registry_backups\WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440}.reg.dat
C:\QooBox\Quarantine\Registry_backups\Wow6432Node-Toolbar-Locked.reg.dat

Quit::

* Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
* At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
* You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
If it asks you to overide the previous file with the same name, click YES.
* Now use your mouse to drag CFscript.txt on top of ComboFix.exe
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
* Follow the prompts.
* When it finishes, a log will be produced named c:\combofix.txt
* I will ask for this log below

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.

Note: If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.

Please download and save the below tool from Grinler @ bleepingcomputer to your Desktop or anywhere else you can find it ( if the Desktop is not showing )

http://download.bleepingcomputer.com/grinler/unhide.exe

Now run it. Now see if you can find the items that seemed to be missing?

If you are still missing items, follow these instructions:
http://www.smartestcomputing.us.com...iles-hiddendeleted-by-windows-recovery-virus/

Tell me how you make out.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).Make sure that you watch for the license agreement for TrendMicro HijackThis and click on the Accept button TWICE to accept ( yes twice ).

Then attach the below logs:

* C:\MGlogs.zip

cfessler · Oct 23, 2011

Hi Tim and thanks for the help. I'm still having problems.
I followed your instructions and didn't have any issues along the way except that the log file created after dragging the txt file to combofix was named DeQuarantine.txt rather than combofix.txt.

I did NOT get the Illegal Operation msg., but I ran unhide.exe because I wasn't sure if it was needed. A couple icons appeared on the desktop that I'd forgotten about.

The issues I'm still having are:

1. Google Searches are still being re-directed.
2. AVIRA is still warning me about BOO/TDss.D all the time.
3. When I Shut Down, a message pops up saying it's Waiting For Background Programs to Close. I don't know of anything that should be running. I've closed all the apps and windows I know of before shutting down.
4. Every few minutes 2 IE windows pop up (not at the same time). One says IE has stopped working. The other says A program on your computer has corrupted your default search provider setting for IE. when I close it it pops up a box showing Bing as a selection. I use Firefox, not ie so I don't understand why these are continually popping up.

Thanks again!

TimW · Oct 24, 2011

Where you able to recover your program files and links?

Your MBR is infected. If you don't have your Win7 install disc, you can create one here:
Win7 64bit Recovery Environment

Win7 32bit Recovery Environment

You can use ImageBurn to create the disc.

Create the disc, boot to your bios and change the boot order to CD/DVD as first boot device. Insert the DVD and reboot. Once you are in the Recovery Environment, click on the Command prompt and type this:
bootrec.exe /fixmbr

Reboot to normal mode and re-run MBRCheck. Attach that log.

Also, use windows explorer to find and delete:
C:\ProgramData\6DSS92c31Apgjk

cfessler · Oct 24, 2011

Hi Tim,
Did you really mean to use the Window 7 install disk, or did you mean the System Restore Disk?

Following your instructions I used the Install Disk and selected the option for repairing. Now it's grinding away doing Startup Repair, which is says will fix files automatically and might restart the computer several time.

It just doesn't look like what I expected from your instructions. It doesn't sound like it's going to go to the command prompt.

Am I on the right track here?

TimW · Oct 24, 2011

Your install disc should give you an option to go into the Command Prompt. That's were you need to go.

cfessler · Oct 24, 2011

After finishing what it called Startup Repair, it said Cannot Repair. The next screen gave several options, one of which was the Command Prompt. The command prompt was X:\Sources>
I entered the the bootrec command as instructed, it returned msg saying operation completed successfully.

I rebooted and changed the boot sequence back to HDD. It tried to boot, but returned with a black screen saying...
Windows failed to Start. Launch Startup Repair or Start Normally. I attempted to Start Normally but returned to the same screen

I powered down and tried again with the same result. I let it run thru the Startup Repair, again. Same results.

I CANNOT Boot the machine. What now?

p.s. in answer to your earlier question... yes I had all my programs and links yesterday.

cfessler · Oct 25, 2011

I tried a couple more things, too. But nothing helped. I still can't get into Windows. Only the command prompt. By going to D:\ I can see all the usual directories and files such as System32, Windows, etc. While in DOS, I went to c:\programdata and deleted the file you specified.

What I tried was:
Bootrec.exe /fixboot
Bootrec.exe /RebuildBcd
And I tried to restore the MBR from a backup I made with Acronis when the machine was brand new (Dec. 2010).

They all report that they ran successfully, but when I power up it goes to "Windows failed to Start" / Lauch Startup Repair or Start Normally"

TimW · Oct 25, 2011

Try this command:
bootrec.exe /fixboot

cfessler · Oct 25, 2011

Hi again. Although I did that already (see my last post), I tried it again. Same results.

Any idea why restoring the MBR with Acronis doesn't help? Is something blocking that region, perhaps?

What now?

TimW · Oct 25, 2011

I frankly don't know. I am conferring with my colleagues about this.

TimW · Oct 26, 2011

You may want to post in the software forum to try to get your system to boot up. All I can suggest is this:

If you cannot boot in any mode ( safe or normal mode ) and you cannot run any of the READ & RUN ME there is not much we can do for you except suggest what is in the below quote box

[*]Take the hard disk out and scan it in another well protected PC
[*]Use another PC to make a special CD which you can boot from to try and run virus and spyware scans or to at least backup data. CDs like the below:

Avira Rescue CD - also see Tutorial for Avira Rescue CD

AVG Rescue CD

BitDefender Rescue USB

F-Secure Rescue CD

Kaspersky Rescue Disk

SystemRescueCD

Trinity Rescue CD

UBCD4Win

Secure2k BootCD - Malware/Rootkit Removal

Ubuntu LiveCD

Also see: Use Ubuntu Live CD to Backup Files from Your Dead Windows Computer

Hiren's BootCD

[*]reinstall

Click to expand...

Log in or Sign up

Still Infected

cfessler Private E-2

Attached Files:

mbam-log-2011-10-22 (08-53-57).txt

ComboFix.txt

MGlogs.zip

GooredFix.txt

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

cfessler Private E-2

Attached Files:

MBRCheck_10.23.11_13.35.03.txt

TDSSKiller.2.6.12.0_23.10.2011_13.33.25_log.txt

DeQuarantine.txt

MGlogs.zip

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

cfessler Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

cfessler Private E-2

cfessler Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

cfessler Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

Still Infected

cfessler Private E-2

Attached Files:

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

cfessler Private E-2

Attached Files:

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

cfessler Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

cfessler Private E-2

cfessler Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

cfessler Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

Useful Searches