Merrainee

That did the trick! Thank you so much again.

I tried searching for Combofix /uninstall but could find nothing? It doesn't appear under Programs either... Is it okay just to delete the combofix.exe file?

It's running well! Thank you so much!

Scan Log ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=054b33af7b7dc84891a54aa2445d9299 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2012-07-14 08:04:21 # local_time=2012-07-14 03:04:21 (-0600, Central Daylight Time) # country="Singapore" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776638 100 94 31601769 93823705 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=440359 # found=2 # cleaned=2 # scan_time=17347 C:\Qoobox\Quarantine\C\ProgramData\DwGrEROeImE.exe.vir a variant of Win32/Kryptik.AIIB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\ProgramData\kwAzjqkPUoRbQu.exe.vir a variant of Win32/Kryptik.AIIB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

The Combofix guide said to close all windows but the virus window was still open, so I ran RKill. It said Access Denied, but the virus window closed so I left it like that and closed RKill. I ran Unhide without any problems. I was unable to disable my Symantec antivirus before running Combofix, but it seems like it ran smoothly. Unhide Log Unhide by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2012 BleepingComputer.com More Information about Unhide.exe can be found at this link: http://www.bleepingcomputer.com/forums/topic405109.html Program started at: 07/12/2012 11:51:34 AM Windows Version: Windows 7 Please be patient while your files are made visible again. Processing the C:\ drive Finished processing the C:\ drive. 511031 files processed. Processing the D:\ drive Finished processing the D:\ drive. 41 files processed. Restoring the Start Menu. * 285 Shortcuts and Desktop items were restored. Searching for Windows Registry changes made by FakeHDD rogues. - Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System - Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced * Start_ShowControlPanel was set to 0! It was set back to 1! * Start_ShowHelp was set to 0! It was set back to 1! * Start_ShowMyComputer was set to 0! It was set back to 1! * Start_ShowMyDocs was set to 0! It was set back to 1! * Start_ShowMyMusic was set to 0! It was set back to 1! * Start_ShowMyPics was set to 0! It was set back to 1! * Start_ShowPrinters was set to 0! It was set back to 1! * Start_ShowRun was set to 0! It was set back to 1! * Start_ShowSearch was set to 0! It was set back to 1! * Start_ShowSetProgramAccessAndDefaults was set to 0! It was set back to 1! * Start_ShowRecentDocs was set to 0! It was set back to 2! * Start_ShowNetConn was set to 0! It was set back to 1! * Start_ShowNetPlaces was set to 0! It was set back to 1! * Start_TrackDocs was set to 0! It was set back to 1! * Start_TrackProgs was set to 0! It was set back to 1! * Start_ShowUser was set to 0! It was set back to 1! * Start_ShowMyGames was set to 0! It was set back to 1! Restarting Explorer.exe in order to apply changes. Program finished at: 07/12/2012 12:05:59 PM Execution time: 0 hours(s), 14 minute(s), and 24 seconds(s) Unhide by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2012 BleepingComputer.com More Information about Unhide.exe can be found at this link: http://www.bleepingcomputer.com/forums/topic405109.html Program started at: 07/12/2012 04:28:45 PM Windows Version: Windows 7 Please be patient while your files are made visible again. Processing the C:\ drive Finished processing the C:\ drive. 511919 files processed. Processing the D:\ drive Finished processing the D:\ drive. 41 files processed. Restoring the Start Menu. * 285 Shortcuts and Desktop items were restored. Searching for Windows Registry changes made by FakeHDD rogues. - Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System - Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced * Start_ShowControlPanel was set to 0! It was set back to 1! * Start_ShowHelp was set to 0! It was set back to 1! * Start_ShowMyComputer was set to 0! It was set back to 1! * Start_ShowMyDocs was set to 0! It was set back to 1! * Start_ShowMyMusic was set to 0! It was set back to 1! * Start_ShowMyPics was set to 0! It was set back to 1! * Start_ShowPrinters was set to 0! It was set back to 1! * Start_ShowRun was set to 0! It was set back to 1! * Start_ShowSearch was set to 0! It was set back to 1! * Start_ShowSetProgramAccessAndDefaults was set to 0! It was set back to 1! * Start_ShowRecentDocs was set to 0! It was set back to 2! * Start_ShowNetConn was set to 0! It was set back to 1! * Start_ShowNetPlaces was set to 0! It was set back to 1! * Start_TrackDocs was set to 0! It was set back to 1! * Start_TrackProgs was set to 0! It was set back to 1! * Start_ShowUser was set to 0! It was set back to 1! * Start_ShowMyGames was set to 0! It was set back to 1! Restarting Explorer.exe in order to apply changes. Program finished at: 07/12/2012 04:45:18 PM Execution time: 0 hours(s), 16 minute(s), and 32 seconds(s) Unhide by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2012 BleepingComputer.com More Information about Unhide.exe can be found at this link: http://www.bleepingcomputer.com/forums/topic405109.html Program started at: 07/13/2012 04:59:15 PM Windows Version: Windows 7 Please be patient while your files are made visible again. Processing the C:\ drive Finished processing the C:\ drive. 510230 files processed. Processing the D:\ drive Finished processing the D:\ drive. 43 files processed. Restoring the Start Menu. * 285 Shortcuts and Desktop items were restored. Searching for Windows Registry changes made by FakeHDD rogues. - Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System * DisableTaskMgr policy was found and deleted! - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop * HidNoChangingWallPaperden policy was found and deleted! - Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced * Start_ShowControlPanel was set to 0! It was set back to 1! * Start_ShowHelp was set to 0! It was set back to 1! * Start_ShowMyComputer was set to 0! It was set back to 1! * Start_ShowMyDocs was set to 0! It was set back to 1! * Start_ShowMyMusic was set to 0! It was set back to 1! * Start_ShowMyPics was set to 0! It was set back to 1! * Start_ShowPrinters was set to 0! It was set back to 1! * Start_ShowRun was set to 0! It was set back to 1! * Start_ShowSearch was set to 0! It was set back to 1! * Start_ShowSetProgramAccessAndDefaults was set to 0! It was set back to 1! * Start_ShowRecentDocs was set to 0! It was set back to 2! * Start_ShowNetConn was set to 0! It was set back to 1! * Start_ShowNetPlaces was set to 0! It was set back to 1! * Start_TrackDocs was set to 0! It was set back to 1! * Start_TrackProgs was set to 0! It was set back to 1! * Start_ShowUser was set to 0! It was set back to 1! * Start_ShowMyGames was set to 0! It was set back to 1! Restarting Explorer.exe in order to apply changes. Program finished at: 07/13/2012 05:07:54 PM Execution time: 0 hours(s), 8 minute(s), and 39 seconds(s) Combofix Log ComboFix 12-07-13.03 - SP 13/07/2012 17:19:08.1.4 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.65.1033.18.3059.1578 [GMT -5:00] Running from: c:\users\SP\Desktop\ComboFix.exe AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E} SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\100 c:\programdata\DwGrEROeImE.exe c:\programdata\kwAzjqkPUoRbQu c:\programdata\kwAzjqkPUoRbQu.exe c:\users\SP\AppData\Local\Microsoft\Windows\Temporary Internet Files\bidconfig_v1.2.dat c:\users\SP\AppData\Local\Microsoft\Windows\Temporary Internet Files\collecttask_v1.2.dat c:\windows\apppatch\AppLoc.exe c:\windows\system32\drivers\10CF_FUJITSU_FPCA_SH760_FUJITSU_FJNB20B_Version 1.07_FUJ - 1070000_Version 1.07 _NVIDIA GeForce 310M .MRK c:\windows\system32\html c:\windows\system32\html\calendar.html c:\windows\system32\html\calendarbottom.html c:\windows\system32\html\calendartop.html c:\windows\system32\html\crystalexportdialog.htm c:\windows\system32\html\crystalprinthost.html c:\windows\system32\images c:\windows\system32\images\toolbar\calendar.gif c:\windows\system32\images\toolbar\crlogo.gif c:\windows\system32\images\toolbar\export.gif c:\windows\system32\images\toolbar\export_over.gif c:\windows\system32\images\toolbar\exportd.gif c:\windows\system32\images\toolbar\First.gif c:\windows\system32\images\toolbar\first_over.gif c:\windows\system32\images\toolbar\Firstd.gif c:\windows\system32\images\toolbar\gotopage.gif c:\windows\system32\images\toolbar\gotopage_over.gif c:\windows\system32\images\toolbar\gotopaged.gif c:\windows\system32\images\toolbar\grouptree.gif c:\windows\system32\images\toolbar\grouptree_over.gif c:\windows\system32\images\toolbar\grouptreed.gif c:\windows\system32\images\toolbar\grouptreepressed.gif c:\windows\system32\images\toolbar\Last.gif c:\windows\system32\images\toolbar\last_over.gif c:\windows\system32\images\toolbar\Lastd.gif c:\windows\system32\images\toolbar\Next.gif c:\windows\system32\images\toolbar\next_over.gif c:\windows\system32\images\toolbar\Nextd.gif c:\windows\system32\images\toolbar\Prev.gif c:\windows\system32\images\toolbar\prev_over.gif c:\windows\system32\images\toolbar\Prevd.gif c:\windows\system32\images\toolbar\print.gif c:\windows\system32\images\toolbar\print_over.gif c:\windows\system32\images\toolbar\printd.gif c:\windows\system32\images\toolbar\Refresh.gif c:\windows\system32\images\toolbar\refresh_over.gif c:\windows\system32\images\toolbar\refreshd.gif c:\windows\system32\images\toolbar\Search.gif c:\windows\system32\images\toolbar\search_over.gif c:\windows\system32\images\toolbar\searchd.gif c:\windows\system32\images\toolbar\up.gif c:\windows\system32\images\toolbar\up_over.gif c:\windows\system32\images\toolbar\upd.gif c:\windows\system32\images\tree\begindots.gif c:\windows\system32\images\tree\beginminus.gif c:\windows\system32\images\tree\beginplus.gif c:\windows\system32\images\tree\blank.gif c:\windows\system32\images\tree\blankdots.gif c:\windows\system32\images\tree\dots.gif c:\windows\system32\images\tree\lastdots.gif c:\windows\system32\images\tree\lastminus.gif c:\windows\system32\images\tree\lastplus.gif c:\windows\system32\images\tree\Magnify.gif c:\windows\system32\images\tree\minus.gif c:\windows\system32\images\tree\minusbox.gif c:\windows\system32\images\tree\plus.gif c:\windows\system32\images\tree\plusbox.gif c:\windows\system32\images\tree\singleminus.gif c:\windows\system32\images\tree\singleplus.gif . . ((((((((((((((((((((((((( Files Created from 2012-06-13 to 2012-07-13 ))))))))))))))))))))))))))))))) . . 2012-07-13 22:31 . 2012-07-13 22:31 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-13 19:01 . 2012-07-13 21:43 865022 ----a-w- c:\windows\system32\PerfStringBackup.TMP 2012-07-13 17:21 . 2012-07-13 17:21 31560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2012-07-12 04:40 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys 2012-07-11 15:09 . 2012-06-02 04:40 369336 ----a-w- c:\windows\system32\drivers\cng.sys 2012-07-11 15:09 . 2012-06-02 04:45 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2012-07-11 15:09 . 2012-06-02 04:39 219136 ----a-w- c:\windows\system32\ncrypt.dll 2012-07-11 15:09 . 2012-06-02 04:40 225280 ----a-w- c:\windows\system32\schannel.dll 2012-07-11 15:09 . 2012-06-02 04:45 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-07-11 15:09 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\system32\msxml6.dll 2012-07-11 15:08 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\system32\msxml3.dll 2012-07-11 15:08 . 2010-06-26 03:24 2048 ----a-w- c:\windows\system32\msxml3r.dll 2012-07-11 15:08 . 2012-06-06 05:05 1019904 ----a-w- c:\program files\Common Files\System\ado\msado15.dll 2012-07-11 15:08 . 2012-06-06 05:03 805376 ----a-w- c:\windows\system32\cdosys.dll 2012-07-11 15:08 . 2012-06-06 05:05 352256 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll 2012-07-11 15:08 . 2012-06-06 05:05 57344 ----a-w- c:\program files\Common Files\System\ado\msador15.dll 2012-07-11 15:08 . 2012-06-06 05:05 212992 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll 2012-07-11 15:08 . 2012-06-06 05:05 143360 ----a-w- c:\program files\Common Files\System\ado\msjro.dll 2012-07-11 15:08 . 2012-06-06 05:05 372736 ----a-w- c:\program files\Common Files\System\ado\msadox.dll 2012-07-10 19:31 . 2012-07-10 19:31 -------- d-----w- c:\programdata\Motorola 2012-07-10 19:30 . 2012-07-10 19:30 -------- d-----w- c:\users\SP\AppData\Roaming\Motorola Mobility 2012-07-10 19:30 . 2012-07-10 19:30 -------- d-----w- c:\program files\Motorola Mobility 2012-07-10 19:30 . 2012-07-10 19:30 -------- d-----w- c:\program files\Motorola 2012-07-10 19:28 . 2012-07-10 19:28 -------- d-----w- c:\program files\Common Files\Motorola Shared 2012-07-10 19:26 . 2012-07-10 19:26 -------- d-----w- c:\users\SP\AppData\Roaming\Motorola 2012-07-10 18:02 . 2012-07-10 18:02 -------- d-----w- c:\users\SP\.keytooliui 2012-07-09 18:29 . 2012-07-12 15:14 -------- d-----w- c:\program files\eclipse 2012-07-09 03:21 . 2012-07-09 03:21 -------- d-----w- c:\users\SP\AppData\Roaming\Malwarebytes 2012-07-09 03:21 . 2012-07-09 03:21 -------- d-----w- c:\programdata\Malwarebytes 2012-07-09 03:21 . 2012-07-13 17:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-07-07 01:03 . 2012-07-07 01:03 -------- d-----w- c:\users\Public\Real 2012-07-07 00:49 . 2012-07-07 00:49 -------- d-----w- c:\programdata\TSLOG 2012-07-06 23:43 . 2012-07-06 23:43 -------- d-----w- c:\programdata\Xunlei 2012-07-06 23:41 . 2012-07-13 00:47 -------- d-----w- c:\program files\Common Files\Thunder Network 2012-07-06 23:41 . 2012-07-06 23:42 -------- d-----w- c:\programdata\Thunder Network 2012-07-06 23:40 . 2012-07-13 00:47 -------- d-----w- c:\program files\Thunder Network 2012-07-06 16:07 . 2012-07-06 16:07 25200 ----a-w- c:\windows\system32\drivers\ggsemc.sys 2012-07-06 16:07 . 2012-07-06 16:07 12400 ----a-w- c:\windows\system32\drivers\ggflt.sys 2012-07-06 16:06 . 2012-07-06 16:06 -------- d-----w- c:\programdata\Sony Ericsson 2012-07-06 16:06 . 2012-07-06 16:06 -------- d-----w- c:\program files\Sony Ericsson 2012-07-06 16:00 . 2012-07-06 16:00 -------- d-----w- c:\programdata\Sony 2012-06-25 21:04 . 2012-06-25 21:04 1394248 ----a-w- c:\windows\system32\msxml4.dll 2012-06-21 14:57 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-21 14:57 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-21 14:57 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-21 14:57 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-21 14:57 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-21 14:57 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-21 14:57 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-21 14:56 . 2012-06-02 20:19 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-21 14:56 . 2012-06-02 20:12 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-19 22:35 . 2012-06-19 22:35 4967624 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll 2012-06-18 15:36 . 2012-06-18 15:36 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll 2012-06-18 15:36 . 2012-06-18 15:36 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-12 04:19 . 2012-03-30 03:53 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-07-12 04:19 . 2011-05-19 01:48 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-30 06:50 . 2012-05-30 06:50 34768 ---ha-w- c:\windows\xinstaller.exe 2012-05-30 06:50 . 2012-05-30 06:50 79824 ---ha-w- c:\windows\xinstaller.dll 2012-05-01 04:44 . 2012-06-13 18:14 164352 ----a-w- c:\windows\system32\profsvc.dll 2012-04-28 03:17 . 2012-06-13 18:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-26 04:45 . 2012-06-13 18:16 58880 ----a-w- c:\windows\system32\rdpwsx.dll 2012-04-26 04:45 . 2012-06-13 18:16 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-04-26 04:41 . 2012-06-13 18:16 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-04-24 04:36 . 2012-06-13 18:14 1158656 ----a-w- c:\windows\system32\crypt32.dll 2012-04-24 04:36 . 2012-06-13 18:14 140288 ----a-w- c:\windows\system32\cryptsvc.dll 2012-04-24 04:36 . 2012-06-13 18:14 103936 ----a-w- c:\windows\system32\cryptnet.dll 2012-06-18 15:36 . 2011-05-11 12:22 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AAADesktopTips] @="{4562B511-62E9-4533-B7B2-56A8BB10B482}" [HKEY_CLASSES_ROOT\CLSID\{4562B511-62E9-4533-B7B2-56A8BB10B482}] 2012-05-30 02:56 247760 ----a-w- c:\program files\Common Files\Thunder Network\Kankan\xappex.1.1.1.38.(403).dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\SP\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\SP\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\SP\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\SP\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATSwpNav"="c:\program files\Fingerprint Sensor\ATSwpNav -run" [X] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296] "IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2009-10-10 47976] "LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2009-10-14 36712] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-05 7703072] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-09 1578280] "snp2uvc"="c:\windows\vsnp2uvc.exe" [2009-08-12 662016] "SNUVCDSM"="c:\windows\snuvcdsm.exe" [2009-05-22 24576] "CSRSkype"="c:\program files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe" [2009-08-20 346464] "ConMgr"="c:\program files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe" [2009-08-20 504160] "FDM7"="c:\program files\Fujitsu\FDM7\FdmDaemon.exe" [2009-10-27 128360] "PSUTility"="c:\program files\Fujitsu\PSUtility\TrayManager.exe" [2009-07-27 144744] "LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2009-10-16 138088] "LoadBtnHnd"="c:\program files\Fujitsu\Application Panel\BtnHnd.exe" [2009-10-16 33640] "FJBATAID2"="c:\program files\Fujitsu\BatteryAid2\BatteryDaemon.exe" [2009-10-16 107880] "RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-07-17 91432] "PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472] "UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504] "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "YouCam Mirror Tray icon"="c:\program files\CyberLink\YouCam\YouCamTray.exe" [2009-10-03 167008] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "FJUPDNV_Chitose"="c:\program files\Fujitsu\updnavi\updatenv.exe" [2009-08-07 143360] "OmniPass"="c:\program files\Softex\OmniPass\scureapp.exe" [2009-08-27 3248128] "NUSB3MON"="c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-10-21 106496] "SSUtility"="c:\program files\Fujitsu\SSUtility\FJSSDMN.exe" [2007-12-14 193832] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-12-01 13838952] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2011-03-02 115560] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-05-25 1951112] "PlusService"="c:\program files\Yuna Software\Messenger Plus!\PlusService.exe" [2012-02-27 801792] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888] "vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2011-11-13 103536] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x] R2 VMwareHostd;VMware Workstation Server;c:\program files\VMware\VMware Workstation\vmware-hostd.exe [x] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x] R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\drivers\BthAvrcp.sys [x] R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [x] R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x] R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x] R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [x] R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x] R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [x] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x] R3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNt.sys [x] R3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [x] R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [x] R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x] R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x] R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x] R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x] R3 O2MDGRDR;O2MDGRDR;c:\windows\system32\drivers\o2mdg.sys [x] R3 O2SDGRDR;O2SDGRDR;c:\windows\system32\drivers\o2sdg.sys [x] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x] R3 PCDSRVC{F819FCA4-67B3B36D-06000000}_0;PCDSRVC{F819FCA4-67B3B36D-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\fujitsu hardware diagnostics tool\pcdsrvc.pkms [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [x] R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 XDva393;XDva393;c:\windows\system32\XDva393.sys [x] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x] S0 FBIOSDRV;Fujitsu BIOS Driver;c:\windows\System32\Drivers\FBIOSDRV.sys [x] S0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\DRIVERS\FJGSDisk.sys [x] S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x] S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [x] S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [x] S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x] S2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\Fujitsu\PSUtility\PSUService.exe [x] S2 PST Service;PST Service;c:\program files\Motorola\MotForwardDaemon\ForwardDaemon.exe [x] S2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [x] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] S2 UpdateNaviInstallService;UpdateNaviInstallService;c:\program files\Fujitsu\updnavi\updnvsrv.exe [x] S2 VFPRadioSupportService;Bluetooth Feature Support;c:\program files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [x] S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [x] S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [x] S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);c:\windows\system32\drivers\vstor2-mntapi10-shared.sys [x] S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [x] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x] S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\FUJ02E3.sys [x] S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x] S3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [x] S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x] S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc XLServicePlatform REG_MULTI_SZ XLServicePlatform . Contents of the 'Scheduled Tasks' folder . 2012-07-13 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 04:19] . 2012-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2584503236-3850616731-3045101856-1005Core.job - c:\users\SP\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-11 13:47] . 2012-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2584503236-3850616731-3045101856-1005UA.job - c:\users\SP\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-11 13:47] . 2012-06-26 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\Fujitsu Hardware Diagnostics Tool\pcdrcui.exe [2009-11-17 04:36] . . ------- Supplementary Scan ------- . uStart Page = hxxp://about.start.iplay.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 LSP: %SystemRoot%\system32\vsocklib.dll TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1 FF - ProfilePath - c:\users\SP\AppData\Roaming\Mozilla\Firefox\Profiles\ulcmxq60.default\ FF - prefs.js: browser.startup.homepage - www.google.com FF - user.js: yahoo.homepage.dontask - true . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file) Toolbar-Locked - (no file) HKCU-Run-AdobeBridge - (no file) HKCU-Run-kwAzjqkPUoRbQu - c:\programdata\kwAzjqkPUoRbQu.exe HKLM-Run-DwGrEROeImE.exe - c:\programdata\DwGrEROeImE.exe SafeBoot-Symantec Antvirus AddRemove-LSI Soft Modem - c:\windows\agrsmdel . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{F819FCA4-67B3B36D-06000000}_0] "ImagePath"="\??\c:\program files\fujitsu hardware diagnostics tool\pcdsrvc.pkms" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-07-13 17:35:10 ComboFix-quarantined-files.txt 2012-07-13 22:35 . Pre-Run: 61,263,237,120 bytes free Post-Run: 71,124,664,320 bytes free . - - End Of File - - D306478D44F86C1E96B07946DA1C2E88

I restarted my computer a few times during the previous steps, and the virus hid my files again. My start bar disappeared and I could do nothing after running RKill. After that, I didn't bother with running RKill or Unhide. Should I run those now before running Combofix?

If I run Comboxfix, will the files hidden by the virus still be there? I noticed that Combofix will delete the Temp folder?

Hi, thank you for your reply! I've carried out the steps above. TDSSKiller found a few objects but didn't show any Cure options, so I skipped them all. While updating MBAM, it gave this error: PROGRAM_ERROR_UPDATING (5, 0, MBAMFileIO::WriteFile) Access is denied. MBAM found two objects and I've removed them. While restarting and such, I had to run Rkill to stop the virus from throwing out popups, but my desktop went entirely black without my start bar. Nothing I pressed seemed to have any effect either. I had to force shut and restart my laptop and I'm not running RKill for now. Here are the logs: TDSSKiller Sorry, had to attach it as it said my post was too long? MBAM Log Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.12.08 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 SP :: ROSHIE [administrator] 13/7/2012 12:26:48 PM mbam-log-2012-07-13 (12-26-48).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 267996 Time elapsed: 17 minute(s), 27 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 5 HKCR\CLSID\{18689D3E-CF06-482F-AEB1-0880F859F0AA} (PUP.Funshion) -> No action taken. HKCR\TypeLib\{5165BFF4-4E35-446F-B00E-EA4185B64F76} (PUP.Funshion) -> No action taken. HKCR\Interface\{332C1DFF-B83D-40E3-968F-F85E20BF0CFB} (PUP.Funshion) -> No action taken. HKCR\Fun.OnlineInstallCtrl.1 (PUP.Funshion) -> No action taken. HKCR\Fun.OnlineInstallCtrl (PUP.Funshion) -> No action taken. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully. Folders Detected: 3 C:\Program Files\Funshion Online (PUP.Funshion) -> No action taken. C:\Program Files\Funshion Online\Funshion (PUP.Funshion) -> No action taken. C:\Program Files\Funshion Online\Funshion\icon (PUP.Funshion) -> No action taken. Files Detected: 9 C:\Windows\System32\funshion.ini (PUP.Funshion) -> No action taken. C:\Program Files\Funshion Online\Funshion\fpsrv.dll (PUP.Funshion) -> No action taken. C:\Program Files\Funshion Online\Funshion\funoictl.dll (PUP.Funshion) -> No action taken. C:\Program Files\Funshion Online\Funshion\funshion.ini (PUP.Funshion) -> No action taken. C:\Program Files\Funshion Online\Funshion\FunshionGame2.ico (PUP.Funshion) -> No action taken. C:\Program Files\Funshion Online\Funshion\FunshionGame3.ico (PUP.Funshion) -> No action taken. C:\Program Files\Funshion Online\Funshion\FunshionService.diagnose (PUP.Funshion) -> No action taken. C:\Program Files\Funshion Online\Funshion\Funshop2.ico (PUP.Funshion) -> No action taken. C:\Program Files\Funshion Online\Funshion\Funshop3.ico (PUP.Funshion) -> No action taken. (end) Ran a second scan and deleted the other PUP.Funshion files detected. Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.12.08 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 SP :: ROSHIE [administrator] 13/7/2012 12:46:18 PM mbam-log-2012-07-13 (12-46-18).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 268007 Time elapsed: 17 minute(s), 16 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 5 HKCR\CLSID\{18689D3E-CF06-482F-AEB1-0880F859F0AA} (PUP.Funshion) -> Quarantined and deleted successfully. HKCR\TypeLib\{5165BFF4-4E35-446F-B00E-EA4185B64F76} (PUP.Funshion) -> Quarantined and deleted successfully. HKCR\Interface\{332C1DFF-B83D-40E3-968F-F85E20BF0CFB} (PUP.Funshion) -> Quarantined and deleted successfully. HKCR\Fun.OnlineInstallCtrl.1 (PUP.Funshion) -> Quarantined and deleted successfully. HKCR\Fun.OnlineInstallCtrl (PUP.Funshion) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 3 C:\Program Files\Funshion Online (PUP.Funshion) -> Delete on reboot. C:\Program Files\Funshion Online\Funshion (PUP.Funshion) -> Delete on reboot. C:\Program Files\Funshion Online\Funshion\icon (PUP.Funshion) -> Quarantined and deleted successfully. Files Detected: 9 C:\Windows\System32\funshion.ini (PUP.Funshion) -> Quarantined and deleted successfully. C:\Program Files\Funshion Online\Funshion\fpsrv.dll (PUP.Funshion) -> Quarantined and deleted successfully. C:\Program Files\Funshion Online\Funshion\funoictl.dll (PUP.Funshion) -> Quarantined and deleted successfully. C:\Program Files\Funshion Online\Funshion\funshion.ini (PUP.Funshion) -> Quarantined and deleted successfully. C:\Program Files\Funshion Online\Funshion\FunshionGame2.ico (PUP.Funshion) -> Quarantined and deleted successfully. C:\Program Files\Funshion Online\Funshion\FunshionGame3.ico (PUP.Funshion) -> Quarantined and deleted successfully. C:\Program Files\Funshion Online\Funshion\FunshionService.diagnose (PUP.Funshion) -> Quarantined and deleted successfully. C:\Program Files\Funshion Online\Funshion\Funshop2.ico (PUP.Funshion) -> Quarantined and deleted successfully. C:\Program Files\Funshion Online\Funshion\Funshop3.ico (PUP.Funshion) -> Quarantined and deleted successfully. (end) DDS Log: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.3.1 Run by SP at 13:58:06 on 2012-07-13 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.65.1033.18.3059.1659 [GMT -5:00] . AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E} . ============== Running Processes =============== . C:\windows\system32\wininit.exe C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\Program Files\Fingerprint Sensor\AtService.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\Softex\OmniPass\OmniServ.exe C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\nvvsvc.exe C:\windows\SYSTEM32\WISPTIS.EXE C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe C:\windows\SYSTEM32\WISPTIS.EXE C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\windows\system32\svchost.exe -k NetworkService C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\windows\system32\WLANExt.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\windows\system32\conhost.exe C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Program Files\Softex\OmniPass\opvapp.exe C:\windows\System32\spoolsv.exe C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe C:\Program Files\Fingerprint Sensor\ATSwpNav.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\LSI SoftModem\agrsmsvc.exe C:\windows\system32\svchost.exe -k bthsvcs C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Windows\vsnp2uvc.exe C:\Windows\snuvcdsm.exe C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe C:\Program Files\Fujitsu\PSUtility\TrayManager.exe C:\Program Files\LogMeIn Hamachi\hamachi-2.exe C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files\Fujitsu\BatteryAid2\BatteryDaemon.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe C:\Program Files\Fujitsu\updnavi\updatenv.exe c:\Program Files\Fujitsu\PSUtility\PSUService.exe C:\Program Files\Softex\OmniPass\scureapp.exe C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe c:\Program Files\CyberLink\Shared files\RichVideo.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe C:\windows\system32\svchost.exe -k imgsvc C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe C:\Program Files\VMware\VMware Workstation\vmware-tray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\windows\system32\Wacom_Tablet.exe C:\ProgramData\DwGrEROeImE.exe C:\Program Files\Fujitsu\updnavi\updnvsrv.exe C:\Users\SP\AppData\Local\Google\Update\GoogleUpdate.exe C:\windows\system32\WTablet\Wacom_TabletUser.exe C:\windows\system32\Wacom_Tablet.exe C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe C:\Windows\System32\StikyNot.exe C:\ProgramData\kwAzjqkPUoRbQu.exe C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe C:\windows\system32\vmnat.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\windows\system32\CCM\CcmExec.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\VMware\VMware Workstation\vmware-authd.exe C:\windows\system32\vmnetdhcp.exe C:\Program Files\VMware\VMware Workstation\vmware-hostd.exe C:\windows\system32\wbem\unsecapp.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\system32\msiexec.exe C:\windows\system32\SearchIndexer.exe C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\windows\System32\svchost.exe -k WerSvcGroup C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\windows\system32\wbem\wmiprvse.exe C:\windows\System32\alg.exe C:\windows\system32\conhost.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://about.start.iplay.com uDefault_Page_URL = hxxp://www.sp.edu.sg uURLSearchHooks: H - No File BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL BHO: {889D2FEB-5411-4565-8998-1DD2C5261283} - No File BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.0 runtime\bin\jp2ssv.dll TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll uRun: [Google Update] "c:\users\sp\appdata\local\google\update\GoogleUpdate.exe" /c uRun: [AdobeBridge] uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe uRun: [kwAzjqkPUoRbQu] c:\programdata\kwAzjqkPUoRbQu.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [indicatorUtility] c:\program files\fujitsu\fujitsu hotkey utility\IndicatorUty.exe mRun: [LoadFUJ02E3] c:\program files\fujitsu\fuj02e3\FUJ02E3.exe mRun: [ATSwpNav] "c:\program files\fingerprint sensor\ATSwpNav" -run mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe mRun: [snp2uvc] c:\windows\vsnp2uvc.exe mRun: [sNUVCDSM] c:\windows\snuvcdsm.exe mRun: [CSRSkype] c:\program files\csr\bluetooth feature pack 5.0\CSRSkype.exe mRun: [ConMgr] "c:\program files\csr\bluetooth feature pack 5.0\ConMgr.exe" mRun: [FDM7] c:\program files\fujitsu\fdm7\FdmDaemon.exe mRun: [PSUTility] c:\program files\fujitsu\psutility\TrayManager.exe mRun: [LoadFujitsuQuickTouch] c:\program files\fujitsu\application panel\QuickTouch.exe mRun: [LoadBtnHnd] c:\program files\fujitsu\application panel\BtnHnd.exe mRun: [FJBATAID2] c:\program files\fujitsu\batteryaid2\BatteryDaemon.exe mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe" mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe" mRun: [updatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0" mRun: [uCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\3.0" mRun: [YouCam Mirror Tray icon] "c:\program files\cyberlink\youcam\YouCamTray.exe" /s mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [FJUPDNV_Chitose] c:\program files\fujitsu\updnavi\updatenv.exe mRun: [OmniPass] c:\program files\softex\omnipass\scureapp.exe mRun: [NUSB3MON] "c:\program files\nec electronics\usb 3.0 host controller driver\application\nusb3mon.exe" mRun: [sSUtility] c:\program files\fujitsu\ssutility\FJSSDMN.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe" mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start mRun: [PlusService] c:\program files\yuna software\messenger plus!\PlusService.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [vmware-tray] c:\program files\vmware\vmware workstation\vmware-tray.exe mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [DwGrEROeImE.exe] c:\programdata\DwGrEROeImE.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL LSP: %SystemRoot%\system32\vsocklib.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1 TCP: Interfaces\{B8DBD259-EBF3-4628-A020-E5AD6D0D6674} : DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1 TCP: Interfaces\{B8DBD259-EBF3-4628-A020-E5AD6D0D6674}\3594E4744554C4D273733313 : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{B8DBD259-EBF3-4628-A020-E5AD6D0D6674}\46C696E6B6 : DhcpNameServer = 192.168.0.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll Notify: igfxcui - igfxdev.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\users\sp\appdata\roaming\mozilla\firefox\profiles\ulcmxq60.default\ FF - prefs.js: browser.startup.homepage - www.google.com FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\ahnlab\asp\components\aosmgr\conflict_221\npaosmgr.dll FF - plugin: c:\program files\ahnlab\asp\mykeydefense 2.5\npmkd25aos.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll FF - plugin: c:\program files\oracle\javafx 2.0 runtime\bin\plugin2\npjp2.dll FF - plugin: c:\program files\tabletplugins\npwacom.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\programdata\thunder network\thunder\data\npxunlei1.0.0.1.dll FF - plugin: c:\users\sp\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll FF - plugin: c:\windows\system32\npdeployJava1.dll FF - plugin: c:\windows\system32\npmproxy.dll . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true ============= SERVICES / DRIVERS =============== . R0 FBIOSDRV;Fujitsu BIOS Driver;c:\windows\system32\drivers\FBIOSDRV.sys [2009-9-2 17008] R0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\drivers\FJGSDisk.sys [2010-3-15 12776] R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2009-8-1 659328] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-5-30 106656] R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [2009-9-2 5632] R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2012-5-28 73216] R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2009-10-25 125696] R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-10-15 274984] R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2009-9-15 6114816] R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2009-10-26 58240] R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2009-10-26 136704] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-11-11 66664] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2009-1-29 6016] S3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\drivers\BthAvrcp.sys [2009-8-20 28000] S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2009-7-13 214016] S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2012-5-28 102784] S3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\drivers\ewusbwwan.sys [2012-5-28 349184] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2012-7-6 12400] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2009-10-29 209920] S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-7-13 31560] S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [2011-6-2 133632] S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2011-6-2 79360] S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2009-7-10 25856] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2012-1-25 20864] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2012-1-25 8448] S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2012-1-25 23808] S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168] S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\drivers\o2mdg.sys [2009-7-20 60576] S3 O2SDGRDR;O2SDGRDR;c:\windows\system32\drivers\o2sdg.sys [2009-7-15 41632] S3 PCDSRVC{F819FCA4-67B3B36D-06000000}_0;PCDSRVC{F819FCA4-67B3B36D-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\fujitsu hardware diagnostics tool\pcdsrvc.pkms [2009-11-16 20848] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-12-11 174592] . =============== Created Last 30 ================ . 2012-07-13 17:21:53 31560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2012-07-12 15:30:52 236280 ---ha-w- c:\programdata\kwAzjqkPUoRbQu.exe 2012-07-12 15:20:05 325880 ---ha-w- c:\programdata\DwGrEROeImE.exe 2012-07-12 04:44:08 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-07-12 04:44:07 194560 ----a-w- c:\program files\internet explorer\ieproxy.dll 2012-07-12 04:44:07 194048 ----a-w- c:\program files\internet explorer\IEShims.dll 2012-07-12 04:44:07 140920 ----a-w- c:\program files\internet explorer\sqmapi.dll 2012-07-12 04:44:06 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-07-12 04:44:04 1800192 ----a-w- c:\windows\system32\jscript9.dll 2012-07-12 04:44:03 748664 ----a-w- c:\program files\internet explorer\iexplore.exe 2012-07-12 04:44:02 678912 ----a-w- c:\program files\internet explorer\iedvtool.dll 2012-07-12 04:44:02 387584 ----a-w- c:\program files\internet explorer\jsdbgui.dll 2012-07-12 04:44:00 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-07-12 03:54:49 -------- d--h--w- c:\users\sp\appdata\local\{6D163377-3D2C-4041-8E24-4D27E03B6D8D} 2012-07-12 03:54:25 -------- d--h--w- c:\users\sp\appdata\local\{4D52A9A4-29F0-4C93-BA21-6470B93D347A} 2012-07-11 15:49:52 -------- d--h--w- c:\users\sp\appdata\local\{154CCAA7-44D8-4E45-86EF-7C74DE308DEE} 2012-07-11 15:49:30 -------- d--h--w- c:\users\sp\appdata\local\{B028E758-E5C5-4686-B3A9-A95348C9B57D} 2012-07-11 15:09:20 369336 ----a-w- c:\windows\system32\drivers\cng.sys 2012-07-11 15:09:19 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2012-07-11 15:09:10 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-07-11 15:08:30 1019904 ----a-w- c:\program files\common files\system\ado\msado15.dll 2012-07-11 15:08:29 805376 ----a-w- c:\windows\system32\cdosys.dll 2012-07-11 15:08:24 352256 ----a-w- c:\program files\common files\system\ado\msadomd.dll 2012-07-11 15:08:23 57344 ----a-w- c:\program files\common files\system\ado\msador15.dll 2012-07-11 15:08:22 212992 ----a-w- c:\program files\common files\system\msadc\msadco.dll 2012-07-11 15:08:18 143360 ----a-w- c:\program files\common files\system\ado\msjro.dll 2012-07-11 15:08:14 372736 ----a-w- c:\program files\common files\system\ado\msadox.dll 2012-07-11 03:29:30 -------- d--h--w- c:\users\sp\appdata\local\{B8A34615-244E-46DB-8BD7-07B30C3A8361} 2012-07-11 03:29:09 -------- d--h--w- c:\users\sp\appdata\local\{6F7DE407-E19F-4A9B-859B-177284FA7F68} 2012-07-10 19:31:41 -------- d--h--w- c:\programdata\Motorola 2012-07-10 19:30:53 -------- d--h--w- c:\users\sp\appdata\roaming\Motorola Mobility 2012-07-10 19:30:34 -------- d--h--w- c:\program files\Motorola Mobility 2012-07-10 19:30:34 -------- d--h--w- c:\program files\Motorola 2012-07-10 19:30:34 -------- d--h--w- c:\program files\common files\MSSoap 2012-07-10 19:28:32 -------- d--h--w- c:\program files\common files\Motorola Shared 2012-07-10 19:26:48 -------- d--h--w- c:\users\sp\appdata\roaming\Motorola 2012-07-10 18:02:57 -------- d--h--w- c:\users\sp\.keytooliui 2012-07-10 15:28:41 -------- d--h--w- c:\users\sp\appdata\local\{77663E87-A162-45E0-9FCA-96AC07B36A52} 2012-07-10 15:28:19 -------- d--h--w- c:\users\sp\appdata\local\{B1EE5B13-D6AD-4915-B05D-5F0BD4ECC3C3} 2012-07-10 02:56:45 -------- d--h--w- c:\users\sp\appdata\local\{6FBFD123-9EF1-46CD-995C-3AA8D641EA3A} 2012-07-10 02:56:21 -------- d--h--w- c:\users\sp\appdata\local\{E3F5E366-E359-4405-8063-9AACA2756D74} 2012-07-09 18:29:12 -------- d--h--w- c:\program files\eclipse 2012-07-09 03:21:20 -------- d--h--w- c:\users\sp\appdata\roaming\Malwarebytes 2012-07-09 03:21:13 -------- d--h--w- c:\programdata\Malwarebytes 2012-07-09 03:21:12 -------- d--h--w- c:\program files\Malwarebytes' Anti-Malware 2012-07-09 02:30:45 -------- d--h--w- c:\users\sp\appdata\local\{48E68B56-1DD9-48C3-9882-756AE3748F1C} 2012-07-09 02:30:24 -------- d--h--w- c:\users\sp\appdata\local\{7320C3EE-8164-4C51-BC57-D72917613123} 2012-07-08 14:29:24 -------- d--h--w- c:\users\sp\appdata\local\{47A852B3-0EEC-4C9A-AF6D-85D954D15FD5} 2012-07-08 14:29:07 -------- d--h--w- c:\users\sp\appdata\local\{36AF0129-C3A2-4E19-BE0A-0A5AFD742A03} 2012-07-07 15:10:37 -------- d--h--w- c:\users\sp\appdata\local\{37857896-1E50-4D1D-8DAA-AC87A5235B33} 2012-07-07 15:10:15 -------- d--h--w- c:\users\sp\appdata\local\{06335C05-660C-4FFE-B093-9D3C48AEC7DF} 2012-07-07 03:09:41 -------- d--h--w- c:\users\sp\appdata\local\{EE58FFD0-37E8-453F-A943-8E1898924AC6} 2012-07-07 03:09:16 -------- d--h--w- c:\users\sp\appdata\local\{0E7F4EBD-2F16-42DF-89CD-2BA31502DDAE} 2012-07-07 00:49:59 -------- d--h--w- c:\programdata\TSLOG 2012-07-06 23:43:30 -------- d--h--w- c:\programdata\Xunlei 2012-07-06 23:41:37 -------- d--h--w- c:\program files\common files\Thunder Network 2012-07-06 23:41:31 -------- d--h--w- c:\programdata\Thunder Network 2012-07-06 23:40:57 -------- d--h--w- c:\program files\Thunder Network 2012-07-06 16:07:24 25200 ---ha-w- c:\windows\system32\drivers\ggsemc.sys 2012-07-06 16:07:24 12400 ---ha-w- c:\windows\system32\drivers\ggflt.sys 2012-07-06 16:06:13 -------- d--h--w- c:\programdata\Sony Ericsson 2012-07-06 16:06:09 -------- d--h--w- c:\program files\Sony Ericsson 2012-07-06 15:08:22 -------- d--h--w- c:\users\sp\appdata\local\{0DC32457-489F-4306-8544-0692008F6211} 2012-07-06 15:07:48 -------- d--h--w- c:\users\sp\appdata\local\{C0D33954-3164-49FB-90B6-5B962DA67CC8} 2012-07-04 15:22:52 -------- d--h--w- c:\users\sp\appdata\local\{2BC879F2-6069-42DC-BDF0-9F01F489D6AE} 2012-07-04 15:22:31 -------- d--h--w- c:\users\sp\appdata\local\{C0CBF135-BBB5-4C62-A8D6-1B9EE7CB9854} 2012-07-04 03:22:04 -------- d--h--w- c:\users\sp\appdata\local\{63EABDBB-EB15-4095-93E9-F8F799CE116E} 2012-07-04 03:21:42 -------- d--h--w- c:\users\sp\appdata\local\{7C0794D1-B112-4378-A273-C39A3B99F529} 2012-07-03 15:21:14 -------- d--h--w- c:\users\sp\appdata\local\{EF48F83E-97BE-4019-8C1D-BE30BD0B334D} 2012-07-03 15:20:52 -------- d--h--w- c:\users\sp\appdata\local\{6F08551B-24EE-41BE-A1E9-89D839E88C2E} 2012-07-03 03:20:13 -------- d--h--w- c:\users\sp\appdata\local\{88A3D3B7-946F-4055-9422-48D5E07B0875} 2012-07-03 03:19:49 -------- d--h--w- c:\users\sp\appdata\local\{3429F9C0-3D3A-48CE-8FE9-C568411F9556} 2012-07-01 18:02:25 -------- d--h--w- c:\users\sp\appdata\local\{297501F1-E60D-4368-9791-9960AB2485F0} 2012-07-01 18:02:04 -------- d--h--w- c:\users\sp\appdata\local\{A2240C57-CBB7-4E42-B1E3-9D1B19ACC1B9} 2012-06-30 14:59:46 -------- d--h--w- c:\users\sp\appdata\local\{FA0EE562-905C-4082-BBF0-E62648FCC276} 2012-06-30 14:59:24 -------- d--h--w- c:\users\sp\appdata\local\{93FB469D-2688-4C74-BE88-2B4E00B0242F} 2012-06-29 14:40:53 -------- d--h--w- c:\users\sp\appdata\local\{D3483237-4182-4E1B-8D91-4DB1C339BD96} 2012-06-29 14:40:26 -------- d--h--w- c:\users\sp\appdata\local\{42A5FD40-9A67-440E-8E35-B290B109693B} 2012-06-28 15:10:23 -------- d--h--w- c:\users\sp\appdata\local\{AEAEA033-1480-4ACE-8172-377FAAB59E91} 2012-06-28 15:10:02 -------- d--h--w- c:\users\sp\appdata\local\{9907CC72-9CB7-42C6-BB59-54F812A3E918} 2012-06-26 14:26:10 -------- d--h--w- c:\users\sp\appdata\local\{996B9632-F4AA-495D-9449-D3BDA21D1A7F} 2012-06-26 14:26:00 -------- d--h--w- c:\users\sp\appdata\local\{82339FF5-B698-4534-8B2C-8FF420DF9A81} 2012-06-26 01:31:10 -------- d--h--w- c:\users\sp\appdata\local\{4861598B-F83E-476D-A750-42E78C6D140E} 2012-06-26 01:30:48 -------- d--h--w- c:\users\sp\appdata\local\{EA7690CE-A086-45B4-BB11-F7A3D488CCEB} 2012-06-25 02:10:27 -------- d--h--w- c:\users\sp\appdata\local\{32A077B5-2EA5-4E31-B4AB-DEC00B93AD69} 2012-06-23 03:45:02 -------- d--h--w- c:\users\sp\appdata\local\{599BD4B9-4454-4E67-8DB5-1621A284B4C1} 2012-06-23 03:44:41 -------- d--h--w- c:\users\sp\appdata\local\{310B9E23-1CF7-42A8-ACC9-3A0A21F3310E} 2012-06-22 15:44:14 -------- d--h--w- c:\users\sp\appdata\local\{79398A62-6B6F-49E5-A92A-9BEA39E06FDD} 2012-06-22 15:43:49 -------- d--h--w- c:\users\sp\appdata\local\{0306ACA1-F474-4A1E-8838-1BBDC4A4EF35} 2012-06-22 03:43:19 -------- d--h--w- c:\users\sp\appdata\local\{63473AE9-22A6-42A0-96BE-2F46903A3545} 2012-06-22 03:42:58 -------- d--h--w- c:\users\sp\appdata\local\{A1B43DB9-19BD-479C-B0C5-8EA9EFF7E001} 2012-06-21 15:42:31 -------- d--h--w- c:\users\sp\appdata\local\{350D4A3E-EB89-48BB-A2F4-C4FF42A410AA} 2012-06-21 15:42:09 -------- d--h--w- c:\users\sp\appdata\local\{88BB2E8A-38F1-411F-8EDE-C3087FE17409} 2012-06-21 03:41:38 -------- d--h--w- c:\users\sp\appdata\local\{06B7D4FC-79A5-4A57-99D5-AAAB9945DFC6} 2012-06-21 03:41:14 -------- d--h--w- c:\users\sp\appdata\local\{D1841185-2E72-4A1E-B549-AB8362B4C4FB} 2012-06-20 15:40:41 -------- d--h--w- c:\users\sp\appdata\local\{F22F75CF-5987-4945-88BD-427B9C902283} 2012-06-20 15:40:17 -------- d--h--w- c:\users\sp\appdata\local\{B797E5AA-CF64-4316-A1D3-15314E030969} 2012-06-20 03:39:50 -------- d--h--w- c:\users\sp\appdata\local\{9CC6C64F-1D4B-48F1-B32B-37C081D7F283} 2012-06-20 03:39:29 -------- d--h--w- c:\users\sp\appdata\local\{23132524-34D1-48C5-AC45-BEB514A2DBC5} 2012-06-19 22:35:14 4967624 ---ha-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll 2012-06-19 15:39:02 -------- d--h--w- c:\users\sp\appdata\local\{41F88865-C560-4028-8826-3497224DDCF3} 2012-06-19 15:38:39 -------- d--h--w- c:\users\sp\appdata\local\{D21D7ED2-4596-4FC3-A7F6-DC62AD143DB7} 2012-06-19 03:37:56 -------- d--h--w- c:\users\sp\appdata\local\{1086CC20-6BFA-454D-BF43-47BEB88D6E57} 2012-06-19 03:37:24 -------- d--h--w- c:\users\sp\appdata\local\{93198057-5BB3-4251-BA17-AF3331D2C5BD} 2012-06-18 15:36:37 -------- d--h--w- c:\users\sp\appdata\local\{209D2A9E-1B39-428C-9D3E-8F91BA118A90} 2012-06-18 15:36:10 770384 ---ha-w- c:\program files\mozilla firefox\msvcr100.dll 2012-06-18 15:36:10 421200 ---ha-w- c:\program files\mozilla firefox\msvcp100.dll 2012-06-17 14:41:21 -------- d--h--w- c:\users\sp\appdata\local\{497CF24B-FB60-426A-B481-240DD813E437} 2012-06-16 04:00:58 -------- d--h--w- c:\users\sp\appdata\local\{FAF83CBB-55B6-4405-B03D-C074270285A3} 2012-06-15 13:57:12 -------- d--h--w- c:\users\sp\appdata\local\{06358064-5F0F-4500-B9D3-942BEA3959D4} . ==================== Find3M ==================== . 2012-07-13 19:02:06 865022 ----a-w- c:\windows\system32\PerfStringBackup.TMP 2012-07-12 04:19:19 70344 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-07-12 04:19:19 426184 ---ha-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-25 21:04:24 1394248 ---ha-w- c:\windows\system32\msxml4.dll 2012-06-06 05:05:52 1390080 ----a-w- c:\windows\system32\msxml6.dll 2012-06-06 05:05:52 1236992 ----a-w- c:\windows\system32\msxml3.dll 2012-06-02 04:40:39 225280 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 04:39:10 219136 ----a-w- c:\windows\system32\ncrypt.dll 2012-05-30 06:50:44 34768 ---ha-w- c:\windows\xinstaller.exe 2012-05-30 06:50:42 79824 ---ha-w- c:\windows\xinstaller.dll 2012-05-01 04:44:12 164352 ----a-w- c:\windows\system32\profsvc.dll 2012-04-28 03:17:07 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-26 04:45:55 58880 ----a-w- c:\windows\system32\rdpwsx.dll 2012-04-26 04:45:54 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-04-26 04:41:16 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-04-24 04:36:42 140288 ----a-w- c:\windows\system32\cryptsvc.dll 2012-04-24 04:36:42 1158656 ----a-w- c:\windows\system32\crypt32.dll 2012-04-24 04:36:42 103936 ----a-w- c:\windows\system32\cryptnet.dll . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 6.1.7601 Disk: FUJITSU_ rev.0000 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 . device: opened successfully user: MBR read successfully . Disk trace: called modules: >>UNKNOWN [0x8384F000]<< >>UNKNOWN [0x8C650000]<< >>UNKNOWN [0x8C63F000]<< >>UNKNOWN [0x8BDA6000]<< >>UNKNOWN [0x83818000]<< >>UNKNOWN [0x8C01B000]<< >>UNKNOWN [0x8BC90000]<< >>UNKNOWN [0xA0F20000]<< _asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; } 1 ntkrnlpa!IofCallDriver[0x8388655A] -> \Device\Harddisk0\DR0[0x861F1700] \Driver\Disk[0x861F5668] -> IRP_MJ_CREATE -> 0x8C65439F 3 [0x8C65459E] -> ntkrnlpa!IofCallDriver[0x8388655A] -> [0x86EEE8C0] \Driver\ACPI[0x8615BE40] -> IRP_MJ_CREATE -> 0x8BDAF4CC 5 [0x8BDAF3D4] -> ntkrnlpa!IofCallDriver[0x8388655A] -> \Device\Ide\IAAStorageDevice-1[0x86EBB028] \Driver\iaStor[0x86EEA030] -> IRP_MJ_CREATE -> 0x8C07C830 kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [bP+0x0], 0x0; } user & kernel MBR OK Warning: possible TDL3 rootkit infection ! . ============= FINISH: 14:14:13.65 =============== TDSSKiller.2.7.45.0_13.07.2012_12.09.27_log.txt

My laptop has been infected with the System Check virus, or something similar. I found a few solutions online, but I was unable to fix it. This is what I've tried: -RKill (kills 2 unknown processes with random names and stops the popups, closes the virus program) -Unhide (successfully unhides all my files) -TDSKiller (could not run at first, I ran FixTDSS and it could run after, however it found nothing) -MBAM free version (ran a full scan as well as a few quick scans before and after trying the 3 programs above, but it found nothing) I'm currently running in Safe Mode with Networking. The virus appeared only when I booted my laptop today. I have attached DDS.txt and Attach.txt as instructed by the pinned topic. I hope someone can help! Thanks! Attach.txt DDS.txt