Hi there it would help if I knew what the problem is
Start OTS. Copy/Paste the information in the quotebox below into the panel where it says “Paste fix here” and then click the Run Fix button.
[Unregister Dlls]
[Registry - Safe List]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {9D425283-D487-4337-BAB6-AB8354A81457} [HKLM] -> C:\Program Files\Search Toolbar\SearchToolbar.dll [Search Toolbar]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YY -> "{9D425283-D487-4337-BAB6-AB8354A81457}" [HKLM] -> C:\Program Files\Search Toolbar\SearchToolbar.dll [Search Toolbar]
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YN -> itlnfw32 ->
YN -> itlntfy ->
[Files/Folders - Created Within 30 Days]
NY -> Search Toolbar -> C:\Program Files\Search Toolbar
[Files/Folders - Modified Within 30 Days]
NY -> Ckosim.bin -> C:\WINDOWS\Ckosim.bin
NY -> at6o162ssfx0wy76t1 -> C:\Documents and Settings\Angie\Local Settings\Application Data\at6o162ssfx0wy76t1
NY -> at6o162ssfx0wy76t1 -> C:\Documents and Settings\All Users\Application Data\at6o162ssfx0wy76t1
NY -> Qhixocital.dat -> C:\WINDOWS\Qhixocital.dat
NY -> ~17424164r -> C:\Documents and Settings\All Users\Application Data\~17424164r
NY -> ~17424164 -> C:\Documents and Settings\All Users\Application Data\~17424164
NY -> 17424164 -> C:\Documents and Settings\All Users\Application Data\17424164
NY -> 2990429331 -> C:\Documents and Settings\All Users\Application Data\2990429331
NY -> iykead.sys -> C:\WINDOWS\System32\drivers\iykead.sys
[Files - No Company Name]
NY -> ~17424164r -> C:\Documents and Settings\All Users\Application Data\~17424164r
NY -> ~17424164 -> C:\Documents and Settings\All Users\Application Data\~17424164
NY -> 17424164 -> C:\Documents and Settings\All Users\Application Data\17424164
NY -> at6o162ssfx0wy76t1 -> C:\Documents and Settings\Angie\Local Settings\Application Data\at6o162ssfx0wy76t1
NY -> 2990429331 -> C:\Documents and Settings\All Users\Application Data\2990429331
NY -> Qhixocital.dat -> C:\WINDOWS\Qhixocital.dat
NY -> Ckosim.bin -> C:\WINDOWS\Ckosim.bin
NY -> at6o162ssfx0wy76t1 -> C:\Documents and Settings\All Users\Application Data\at6o162ssfx0wy76t1
NY -> iykead.sys -> C:\WINDOWS\System32\drivers\iykead.sys
[File - Lop Check]
NY -> Avg7 -> C:\Documents and Settings\All Users\Application Data\Avg7
NY -> {00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} -> C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
NY -> {429CAD59-35B1-4DBC-BB6D-1DB246563521} -> C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
NY -> {755AC846-7372-4AC8-8550-C52491DAA8BD} -> C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
NY -> {81D4BDA8-1F33-4633-B176-8A7E942ABDE1} -> C:\Documents and Settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
NY -> {8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} -> C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[EmptyFlash]
[CreateRestorePoint]
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here
I will review the information when it comes back in.
OK, I can’t say that I know exactly what’s going on. I’ve never had any problems like this. Malware is bad! So I stepped in to help on this problem and proceeded to get avast on the infected computer. When the boot scan didn’t fix things (all the files and programs are still missing), I followed your directions using the anti-malware program and OTS.
Messages from anti-malware are continually popping up blocking harmful sites. Avast keeps sending warnings and asking me to delete files too.
I just did your last fix and attached the log. I appreciate your help!
[*]Quit all running programs
[*]For Vista/Seven, right click → run as administrator, for XP simply run RogueKiller.exe
[*]When prompted, type 2 and validate
[]The RKreport.txt shall be generated next to the executable.
[]If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.
THEN
Run RogueKiller again and this time select option 6
Thanks again.
I am posting the RogueKiller log you requested from a different computer while the infected one is now running option 6. I had no problems running it.
You should have the vast majority of your files and folders back now - lets see if we can recover the last two. Once completed let me know what problems remain
Start OTS. Copy/Paste the information in the quotebox below into the panel where it says “Paste fix here” and then click the Run Fix button.
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here
I will review the information when it comes back in.
Things aren’t going so well. When I turned on the PC to do your latest fix everything appeared fine; my files were finally visible! After checking things out I noticed that my program folders in my start menu were almost all empty. Then things started running painfully slow, so very slow. I thought my computer had frozen. OTS wouldn’t start. Then Avast was popping up with malware messages, then the Anti-Malware program was giving messages too. I came back in 30 minutes and I was eventually able to open OTS. However, I didn’t open it in the Avast “sandbox.” Shortly after clicking “run fix,” a black C: prompt screen came up. (It read something like C:WINDOWS/system32/cmd.exe) Next the desktop flashed and all the desktop files were gone as well as the Window’s taskbar. Eventually the C: prompt went away. Now OTS seems to be frozen; the green bars have stopped moving. There’s a ‘windows-looking’ message that reads, “The system needs to reboot to finish removing files. Click Yes to reboot the system.” And there’s only a Yes button…
Avast continues to pop up, I haven’t been quick enough to read the messages, but one said something again about System32/SVChost.exe. So things are at a standstill now. I have no logs to share.
Thank you for your continued help!
After the manual reboot a log came up. However, I am unable to attach it because it’s <400 KB.
I was worried when the odd windows warning came up because I think this may how things started. Something that looked like windows prompted the user to do something and then we proceeded to download this mess onto the PC.
The problems I listed earlier still exist.
My files seem to all have been restored; some of the names are in blue text and others in black. Most all of the program folders are empty. Adaware and Malwarebytes continue to pop-up with messages and ask me to delete files and so on.
[]Quit all running programs
[]For Vista/Seven, right click → run as administrator, for XP simply run RogueKiller.exe
[]When prompted, type 1 and validate
[]The RKreport.txt shall be generated next to the executable.
[*]If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Angie [Admin rights]
Mode: Scan – Date : 06/08/2011 18:47:03
Bad processes: 1
[SUSP PATH] SacNetAgent.exe – c:\documents and settings\all users\application data\clickfree\c2nplus\reminder\sacnetagent.exe → KILLED