Jump to content

Merrainee

Members
 View Profile  See their activity

  • Posts

    9

  • Joined

  • Last visited

 Content Type 

Posts posted by Merrainee

    Infected with System Check, cannot be detected by antivirus

    in Resolved Malware Removal Logs

    Posted

    Scan Log

    ESETSmartInstaller@High as CAB hook log:

    OnlineScanner.ocx - registred OK

    # version=7

    # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

    # OnlineScanner.ocx=1.0.0.6583

    # api_version=3.0.2

    # EOSSerial=054b33af7b7dc84891a54aa2445d9299

    # end=finished

    # remove_checked=true

    # archives_checked=true

    # unwanted_checked=true

    # unsafe_checked=true

    # antistealth_checked=true

    # utc_time=2012-07-14 08:04:21

    # local_time=2012-07-14 03:04:21 (-0600, Central Daylight Time)

    # country="Singapore"

    # lang=1033

    # osver=6.1.7601 NT Service Pack 1

    # compatibility_mode=5893 16776638 100 94 31601769 93823705 0 0

    # compatibility_mode=8192 67108863 100 0 0 0 0 0

    # scanned=440359

    # found=2

    # cleaned=2

    # scan_time=17347

    C:\Qoobox\Quarantine\C\ProgramData\DwGrEROeImE.exe.vir a variant of Win32/Kryptik.AIIB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

    C:\Qoobox\Quarantine\C\ProgramData\kwAzjqkPUoRbQu.exe.vir a variant of Win32/Kryptik.AIIB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

    Infected with System Check, cannot be detected by antivirus

    in Resolved Malware Removal Logs

    Posted

    The Combofix guide said to close all windows but the virus window was still open, so I ran RKill. It said Access Denied, but the virus window closed so I left it like that and closed RKill. I ran Unhide without any problems. I was unable to disable my Symantec antivirus before running Combofix, but it seems like it ran smoothly.

    Unhide Log

    Unhide by Lawrence Abrams (Grinler)

    http://www.bleepingcomputer.com/

    Copyright 2008-2012 BleepingComputer.com

    More Information about Unhide.exe can be found at this link:

    http://www.bleepingcomputer.com/forums/topic405109.html

    Program started at: 07/12/2012 11:51:34 AM

    Windows Version: Windows 7

    Please be patient while your files are made visible again.

    Processing the C:\ drive

    Finished processing the C:\ drive. 511031 files processed.

    Processing the D:\ drive

    Finished processing the D:\ drive. 41 files processed.

    Restoring the Start Menu.

    * 285 Shortcuts and Desktop items were restored.

    Searching for Windows Registry changes made by FakeHDD rogues.

    - Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

    - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

    - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System

    - Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced

    * Start_ShowControlPanel was set to 0! It was set back to 1!

    * Start_ShowHelp was set to 0! It was set back to 1!

    * Start_ShowMyComputer was set to 0! It was set back to 1!

    * Start_ShowMyDocs was set to 0! It was set back to 1!

    * Start_ShowMyMusic was set to 0! It was set back to 1!

    * Start_ShowMyPics was set to 0! It was set back to 1!

    * Start_ShowPrinters was set to 0! It was set back to 1!

    * Start_ShowRun was set to 0! It was set back to 1!

    * Start_ShowSearch was set to 0! It was set back to 1!

    * Start_ShowSetProgramAccessAndDefaults was set to 0! It was set back to 1!

    * Start_ShowRecentDocs was set to 0! It was set back to 2!

    * Start_ShowNetConn was set to 0! It was set back to 1!

    * Start_ShowNetPlaces was set to 0! It was set back to 1!

    * Start_TrackDocs was set to 0! It was set back to 1!

    * Start_TrackProgs was set to 0! It was set back to 1!

    * Start_ShowUser was set to 0! It was set back to 1!

    * Start_ShowMyGames was set to 0! It was set back to 1!

    Restarting Explorer.exe in order to apply changes.

    Program finished at: 07/12/2012 12:05:59 PM

    Execution time: 0 hours(s), 14 minute(s), and 24 seconds(s)

    Unhide by Lawrence Abrams (Grinler)

    http://www.bleepingcomputer.com/

    Copyright 2008-2012 BleepingComputer.com

    More Information about Unhide.exe can be found at this link:

    http://www.bleepingcomputer.com/forums/topic405109.html

    Program started at: 07/12/2012 04:28:45 PM

    Windows Version: Windows 7

    Please be patient while your files are made visible again.

    Processing the C:\ drive

    Finished processing the C:\ drive. 511919 files processed.

    Processing the D:\ drive

    Finished processing the D:\ drive. 41 files processed.

    Restoring the Start Menu.

    * 285 Shortcuts and Desktop items were restored.

    Searching for Windows Registry changes made by FakeHDD rogues.

    - Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

    - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

    - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System

    - Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced

    * Start_ShowControlPanel was set to 0! It was set back to 1!

    * Start_ShowHelp was set to 0! It was set back to 1!

    * Start_ShowMyComputer was set to 0! It was set back to 1!

    * Start_ShowMyDocs was set to 0! It was set back to 1!

    * Start_ShowMyMusic was set to 0! It was set back to 1!

    * Start_ShowMyPics was set to 0! It was set back to 1!

    * Start_ShowPrinters was set to 0! It was set back to 1!

    * Start_ShowRun was set to 0! It was set back to 1!

    * Start_ShowSearch was set to 0! It was set back to 1!

    * Start_ShowSetProgramAccessAndDefaults was set to 0! It was set back to 1!

    * Start_ShowRecentDocs was set to 0! It was set back to 2!

    * Start_ShowNetConn was set to 0! It was set back to 1!

    * Start_ShowNetPlaces was set to 0! It was set back to 1!

    * Start_TrackDocs was set to 0! It was set back to 1!

    * Start_TrackProgs was set to 0! It was set back to 1!

    * Start_ShowUser was set to 0! It was set back to 1!

    * Start_ShowMyGames was set to 0! It was set back to 1!

    Restarting Explorer.exe in order to apply changes.

    Program finished at: 07/12/2012 04:45:18 PM

    Execution time: 0 hours(s), 16 minute(s), and 32 seconds(s)

    Unhide by Lawrence Abrams (Grinler)

    http://www.bleepingcomputer.com/

    Copyright 2008-2012 BleepingComputer.com

    More Information about Unhide.exe can be found at this link:

    http://www.bleepingcomputer.com/forums/topic405109.html

    Program started at: 07/13/2012 04:59:15 PM

    Windows Version: Windows 7

    Please be patient while your files are made visible again.

    Processing the C:\ drive

    Finished processing the C:\ drive. 510230 files processed.

    Processing the D:\ drive

    Finished processing the D:\ drive. 43 files processed.

    Restoring the Start Menu.

    * 285 Shortcuts and Desktop items were restored.

    Searching for Windows Registry changes made by FakeHDD rogues.

    - Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

    - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

    - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System

    * DisableTaskMgr policy was found and deleted!

    - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop

    * HidNoChangingWallPaperden policy was found and deleted!

    - Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced

    * Start_ShowControlPanel was set to 0! It was set back to 1!

    * Start_ShowHelp was set to 0! It was set back to 1!

    * Start_ShowMyComputer was set to 0! It was set back to 1!

    * Start_ShowMyDocs was set to 0! It was set back to 1!

    * Start_ShowMyMusic was set to 0! It was set back to 1!

    * Start_ShowMyPics was set to 0! It was set back to 1!

    * Start_ShowPrinters was set to 0! It was set back to 1!

    * Start_ShowRun was set to 0! It was set back to 1!

    * Start_ShowSearch was set to 0! It was set back to 1!

    * Start_ShowSetProgramAccessAndDefaults was set to 0! It was set back to 1!

    * Start_ShowRecentDocs was set to 0! It was set back to 2!

    * Start_ShowNetConn was set to 0! It was set back to 1!

    * Start_ShowNetPlaces was set to 0! It was set back to 1!

    * Start_TrackDocs was set to 0! It was set back to 1!

    * Start_TrackProgs was set to 0! It was set back to 1!

    * Start_ShowUser was set to 0! It was set back to 1!

    * Start_ShowMyGames was set to 0! It was set back to 1!

    Restarting Explorer.exe in order to apply changes.

    Program finished at: 07/13/2012 05:07:54 PM

    Execution time: 0 hours(s), 8 minute(s), and 39 seconds(s)

    Combofix Log

    ComboFix 12-07-13.03 - SP 13/07/2012 17:19:08.1.4 - x86

    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.65.1033.18.3059.1578 [GMT -5:00]

    Running from: c:\users\SP\Desktop\ComboFix.exe

    AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

    FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

    SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    .

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    c:\programdata\100

    c:\programdata\DwGrEROeImE.exe

    c:\programdata\kwAzjqkPUoRbQu

    c:\programdata\kwAzjqkPUoRbQu.exe

    c:\users\SP\AppData\Local\Microsoft\Windows\Temporary Internet Files\bidconfig_v1.2.dat

    c:\users\SP\AppData\Local\Microsoft\Windows\Temporary Internet Files\collecttask_v1.2.dat

    c:\windows\apppatch\AppLoc.exe

    c:\windows\system32\drivers\10CF_FUJITSU_FPCA_SH760_FUJITSU_FJNB20B_Version 1.07_FUJ - 1070000_Version 1.07 _NVIDIA GeForce 310M .MRK

    c:\windows\system32\html

    c:\windows\system32\html\calendar.html

    c:\windows\system32\html\calendarbottom.html

    c:\windows\system32\html\calendartop.html

    c:\windows\system32\html\crystalexportdialog.htm

    c:\windows\system32\html\crystalprinthost.html

    c:\windows\system32\images

    c:\windows\system32\images\toolbar\calendar.gif

    c:\windows\system32\images\toolbar\crlogo.gif

    c:\windows\system32\images\toolbar\export.gif

    c:\windows\system32\images\toolbar\export_over.gif

    c:\windows\system32\images\toolbar\exportd.gif

    c:\windows\system32\images\toolbar\First.gif

    c:\windows\system32\images\toolbar\first_over.gif

    c:\windows\system32\images\toolbar\Firstd.gif

    c:\windows\system32\images\toolbar\gotopage.gif

    c:\windows\system32\images\toolbar\gotopage_over.gif

    c:\windows\system32\images\toolbar\gotopaged.gif

    c:\windows\system32\images\toolbar\grouptree.gif

    c:\windows\system32\images\toolbar\grouptree_over.gif

    c:\windows\system32\images\toolbar\grouptreed.gif

    c:\windows\system32\images\toolbar\grouptreepressed.gif

    c:\windows\system32\images\toolbar\Last.gif

    c:\windows\system32\images\toolbar\last_over.gif

    c:\windows\system32\images\toolbar\Lastd.gif

    c:\windows\system32\images\toolbar\Next.gif

    c:\windows\system32\images\toolbar\next_over.gif

    c:\windows\system32\images\toolbar\Nextd.gif

    c:\windows\system32\images\toolbar\Prev.gif

    c:\windows\system32\images\toolbar\prev_over.gif

    c:\windows\system32\images\toolbar\Prevd.gif

    c:\windows\system32\images\toolbar\print.gif

    c:\windows\system32\images\toolbar\print_over.gif

    c:\windows\system32\images\toolbar\printd.gif

    c:\windows\system32\images\toolbar\Refresh.gif

    c:\windows\system32\images\toolbar\refresh_over.gif

    c:\windows\system32\images\toolbar\refreshd.gif

    c:\windows\system32\images\toolbar\Search.gif

    c:\windows\system32\images\toolbar\search_over.gif

    c:\windows\system32\images\toolbar\searchd.gif

    c:\windows\system32\images\toolbar\up.gif

    c:\windows\system32\images\toolbar\up_over.gif

    c:\windows\system32\images\toolbar\upd.gif

    c:\windows\system32\images\tree\begindots.gif

    c:\windows\system32\images\tree\beginminus.gif

    c:\windows\system32\images\tree\beginplus.gif

    c:\windows\system32\images\tree\blank.gif

    c:\windows\system32\images\tree\blankdots.gif

    c:\windows\system32\images\tree\dots.gif

    c:\windows\system32\images\tree\lastdots.gif

    c:\windows\system32\images\tree\lastminus.gif

    c:\windows\system32\images\tree\lastplus.gif

    c:\windows\system32\images\tree\Magnify.gif

    c:\windows\system32\images\tree\minus.gif

    c:\windows\system32\images\tree\minusbox.gif

    c:\windows\system32\images\tree\plus.gif

    c:\windows\system32\images\tree\plusbox.gif

    c:\windows\system32\images\tree\singleminus.gif

    c:\windows\system32\images\tree\singleplus.gif

    .

    .

    ((((((((((((((((((((((((( Files Created from 2012-06-13 to 2012-07-13 )))))))))))))))))))))))))))))))

    .

    .

    2012-07-13 22:31 . 2012-07-13 22:31 -------- d-----w- c:\users\Default\AppData\Local\temp

    2012-07-13 19:01 . 2012-07-13 21:43 865022 ----a-w- c:\windows\system32\PerfStringBackup.TMP

    2012-07-13 17:21 . 2012-07-13 17:21 31560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

    2012-07-12 04:40 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys

    2012-07-11 15:09 . 2012-06-02 04:40 369336 ----a-w- c:\windows\system32\drivers\cng.sys

    2012-07-11 15:09 . 2012-06-02 04:45 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

    2012-07-11 15:09 . 2012-06-02 04:39 219136 ----a-w- c:\windows\system32\ncrypt.dll

    2012-07-11 15:09 . 2012-06-02 04:40 225280 ----a-w- c:\windows\system32\schannel.dll

    2012-07-11 15:09 . 2012-06-02 04:45 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys

    2012-07-11 15:09 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\system32\msxml6.dll

    2012-07-11 15:08 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\system32\msxml3.dll

    2012-07-11 15:08 . 2010-06-26 03:24 2048 ----a-w- c:\windows\system32\msxml3r.dll

    2012-07-11 15:08 . 2012-06-06 05:05 1019904 ----a-w- c:\program files\Common Files\System\ado\msado15.dll

    2012-07-11 15:08 . 2012-06-06 05:03 805376 ----a-w- c:\windows\system32\cdosys.dll

    2012-07-11 15:08 . 2012-06-06 05:05 352256 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll

    2012-07-11 15:08 . 2012-06-06 05:05 57344 ----a-w- c:\program files\Common Files\System\ado\msador15.dll

    2012-07-11 15:08 . 2012-06-06 05:05 212992 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll

    2012-07-11 15:08 . 2012-06-06 05:05 143360 ----a-w- c:\program files\Common Files\System\ado\msjro.dll

    2012-07-11 15:08 . 2012-06-06 05:05 372736 ----a-w- c:\program files\Common Files\System\ado\msadox.dll

    2012-07-10 19:31 . 2012-07-10 19:31 -------- d-----w- c:\programdata\Motorola

    2012-07-10 19:30 . 2012-07-10 19:30 -------- d-----w- c:\users\SP\AppData\Roaming\Motorola Mobility

    2012-07-10 19:30 . 2012-07-10 19:30 -------- d-----w- c:\program files\Motorola Mobility

    2012-07-10 19:30 . 2012-07-10 19:30 -------- d-----w- c:\program files\Motorola

    2012-07-10 19:28 . 2012-07-10 19:28 -------- d-----w- c:\program files\Common Files\Motorola Shared

    2012-07-10 19:26 . 2012-07-10 19:26 -------- d-----w- c:\users\SP\AppData\Roaming\Motorola

    2012-07-10 18:02 . 2012-07-10 18:02 -------- d-----w- c:\users\SP\.keytooliui

    2012-07-09 18:29 . 2012-07-12 15:14 -------- d-----w- c:\program files\eclipse

    2012-07-09 03:21 . 2012-07-09 03:21 -------- d-----w- c:\users\SP\AppData\Roaming\Malwarebytes

    2012-07-09 03:21 . 2012-07-09 03:21 -------- d-----w- c:\programdata\Malwarebytes

    2012-07-09 03:21 . 2012-07-13 17:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

    2012-07-07 01:03 . 2012-07-07 01:03 -------- d-----w- c:\users\Public\Real

    2012-07-07 00:49 . 2012-07-07 00:49 -------- d-----w- c:\programdata\TSLOG

    2012-07-06 23:43 . 2012-07-06 23:43 -------- d-----w- c:\programdata\Xunlei

    2012-07-06 23:41 . 2012-07-13 00:47 -------- d-----w- c:\program files\Common Files\Thunder Network

    2012-07-06 23:41 . 2012-07-06 23:42 -------- d-----w- c:\programdata\Thunder Network

    2012-07-06 23:40 . 2012-07-13 00:47 -------- d-----w- c:\program files\Thunder Network

    2012-07-06 16:07 . 2012-07-06 16:07 25200 ----a-w- c:\windows\system32\drivers\ggsemc.sys

    2012-07-06 16:07 . 2012-07-06 16:07 12400 ----a-w- c:\windows\system32\drivers\ggflt.sys

    2012-07-06 16:06 . 2012-07-06 16:06 -------- d-----w- c:\programdata\Sony Ericsson

    2012-07-06 16:06 . 2012-07-06 16:06 -------- d-----w- c:\program files\Sony Ericsson

    2012-07-06 16:00 . 2012-07-06 16:00 -------- d-----w- c:\programdata\Sony

    2012-06-25 21:04 . 2012-06-25 21:04 1394248 ----a-w- c:\windows\system32\msxml4.dll

    2012-06-21 14:57 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe

    2012-06-21 14:57 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll

    2012-06-21 14:57 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll

    2012-06-21 14:57 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll

    2012-06-21 14:57 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll

    2012-06-21 14:57 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll

    2012-06-21 14:57 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll

    2012-06-21 14:56 . 2012-06-02 20:19 171904 ----a-w- c:\windows\system32\wuwebv.dll

    2012-06-21 14:56 . 2012-06-02 20:12 33792 ----a-w- c:\windows\system32\wuapp.exe

    2012-06-19 22:35 . 2012-06-19 22:35 4967624 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll

    2012-06-18 15:36 . 2012-06-18 15:36 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll

    2012-06-18 15:36 . 2012-06-18 15:36 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll

    .

    .

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2012-07-12 04:19 . 2012-03-30 03:53 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

    2012-07-12 04:19 . 2011-05-19 01:48 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

    2012-05-30 06:50 . 2012-05-30 06:50 34768 ---ha-w- c:\windows\xinstaller.exe

    2012-05-30 06:50 . 2012-05-30 06:50 79824 ---ha-w- c:\windows\xinstaller.dll

    2012-05-01 04:44 . 2012-06-13 18:14 164352 ----a-w- c:\windows\system32\profsvc.dll

    2012-04-28 03:17 . 2012-06-13 18:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys

    2012-04-26 04:45 . 2012-06-13 18:16 58880 ----a-w- c:\windows\system32\rdpwsx.dll

    2012-04-26 04:45 . 2012-06-13 18:16 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

    2012-04-26 04:41 . 2012-06-13 18:16 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

    2012-04-24 04:36 . 2012-06-13 18:14 1158656 ----a-w- c:\windows\system32\crypt32.dll

    2012-04-24 04:36 . 2012-06-13 18:14 140288 ----a-w- c:\windows\system32\cryptsvc.dll

    2012-04-24 04:36 . 2012-06-13 18:14 103936 ----a-w- c:\windows\system32\cryptnet.dll

    2012-06-18 15:36 . 2011-05-11 12:22 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

    .

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AAADesktopTips]

    @="{4562B511-62E9-4533-B7B2-56A8BB10B482}"

    [HKEY_CLASSES_ROOT\CLSID\{4562B511-62E9-4533-B7B2-56A8BB10B482}]

    2012-05-30 02:56 247760 ----a-w- c:\program files\Common Files\Thunder Network\Kankan\xappex.1.1.1.38.(403).dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

    2011-02-18 05:12 94208 ----a-w- c:\users\SP\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

    2011-02-18 05:12 94208 ----a-w- c:\users\SP\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

    2011-02-18 05:12 94208 ----a-w- c:\users\SP\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

    2011-02-18 05:12 94208 ----a-w- c:\users\SP\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "ATSwpNav"="c:\program files\Fingerprint Sensor\ATSwpNav -run" [X]

    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]

    "IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2009-10-10 47976]

    "LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2009-10-14 36712]

    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-05 7703072]

    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-09 1578280]

    "snp2uvc"="c:\windows\vsnp2uvc.exe" [2009-08-12 662016]

    "SNUVCDSM"="c:\windows\snuvcdsm.exe" [2009-05-22 24576]

    "CSRSkype"="c:\program files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe" [2009-08-20 346464]

    "ConMgr"="c:\program files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe" [2009-08-20 504160]

    "FDM7"="c:\program files\Fujitsu\FDM7\FdmDaemon.exe" [2009-10-27 128360]

    "PSUTility"="c:\program files\Fujitsu\PSUtility\TrayManager.exe" [2009-07-27 144744]

    "LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2009-10-16 138088]

    "LoadBtnHnd"="c:\program files\Fujitsu\Application Panel\BtnHnd.exe" [2009-10-16 33640]

    "FJBATAID2"="c:\program files\Fujitsu\BatteryAid2\BatteryDaemon.exe" [2009-10-16 107880]

    "RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-07-17 91432]

    "PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]

    "UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]

    "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

    "YouCam Mirror Tray icon"="c:\program files\CyberLink\YouCam\YouCamTray.exe" [2009-10-03 167008]

    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

    "FJUPDNV_Chitose"="c:\program files\Fujitsu\updnavi\updatenv.exe" [2009-08-07 143360]

    "OmniPass"="c:\program files\Softex\OmniPass\scureapp.exe" [2009-08-27 3248128]

    "NUSB3MON"="c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-10-21 106496]

    "SSUtility"="c:\program files\Fujitsu\SSUtility\FJSSDMN.exe" [2007-12-14 193832]

    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-12-01 13838952]

    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2011-03-02 115560]

    "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208]

    "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]

    "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

    "LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-05-25 1951112]

    "PlusService"="c:\program files\Yuna Software\Messenger Plus!\PlusService.exe" [2012-02-27 801792]

    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]

    "vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2011-11-13 103536]

    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "ConsentPromptBehaviorAdmin"= 5 (0x5)

    "ConsentPromptBehaviorUser"= 3 (0x3)

    "EnableLUA"= 0 (0x0)

    "EnableUIADesktopToggle"= 0 (0x0)

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

    "mixer2"=wdmaud.drv

    .

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

    @="Service"

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

    @="Service"

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

    @="Service"

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

    "DisableMonitoring"=dword:00000001

    .

    R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]

    R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]

    R2 VMwareHostd;VMware Workstation Server;c:\program files\VMware\VMware Workstation\vmware-hostd.exe [x]

    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

    R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]

    R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\drivers\BthAvrcp.sys [x]

    R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [x]

    R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]

    R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]

    R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [x]

    R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]

    R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

    R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [x]

    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]

    R3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNt.sys [x]

    R3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [x]

    R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [x]

    R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]

    R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]

    R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]

    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]

    R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]

    R3 O2MDGRDR;O2MDGRDR;c:\windows\system32\drivers\o2mdg.sys [x]

    R3 O2SDGRDR;O2SDGRDR;c:\windows\system32\drivers\o2sdg.sys [x]

    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]

    R3 PCDSRVC{F819FCA4-67B3B36D-06000000}_0;PCDSRVC{F819FCA4-67B3B36D-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\fujitsu hardware diagnostics tool\pcdsrvc.pkms [x]

    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

    R3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [x]

    R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]

    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

    R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]

    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

    R3 XDva393;XDva393;c:\windows\system32\XDva393.sys [x]

    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]

    S0 FBIOSDRV;Fujitsu BIOS Driver;c:\windows\System32\Drivers\FBIOSDRV.sys [x]

    S0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\DRIVERS\FJGSDisk.sys [x]

    S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

    S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]

    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

    S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [x]

    S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [x]

    S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]

    S2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\Fujitsu\PSUtility\PSUService.exe [x]

    S2 PST Service;PST Service;c:\program files\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]

    S2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [x]

    S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

    S2 UpdateNaviInstallService;UpdateNaviInstallService;c:\program files\Fujitsu\updnavi\updnvsrv.exe [x]

    S2 VFPRadioSupportService;Bluetooth Feature Support;c:\program files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [x]

    S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [x]

    S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [x]

    S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);c:\windows\system32\drivers\vstor2-mntapi10-shared.sys [x]

    S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [x]

    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]

    S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\FUJ02E3.sys [x]

    S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]

    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

    S3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [x]

    S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x]

    S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

    S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x]

    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

    .

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

    LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc

    XLServicePlatform REG_MULTI_SZ XLServicePlatform

    .

    Contents of the 'Scheduled Tasks' folder

    .

    2012-07-13 c:\windows\Tasks\Adobe Flash Player Updater.job

    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 04:19]

    .

    2012-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2584503236-3850616731-3045101856-1005Core.job

    - c:\users\SP\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-11 13:47]

    .

    2012-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2584503236-3850616731-3045101856-1005UA.job

    - c:\users\SP\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-11 13:47]

    .

    2012-06-26 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

    - c:\program files\Fujitsu Hardware Diagnostics Tool\pcdrcui.exe [2009-11-17 04:36]

    .

    .

    ------- Supplementary Scan -------

    .

    uStart Page = hxxp://about.start.iplay.com

    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

    IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

    LSP: %SystemRoot%\system32\vsocklib.dll

    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1

    FF - ProfilePath - c:\users\SP\AppData\Roaming\Mozilla\Firefox\Profiles\ulcmxq60.default\

    FF - prefs.js: browser.startup.homepage - www.google.com

    FF - user.js: yahoo.homepage.dontask - true

    .

    - - - - ORPHANS REMOVED - - - -

    .

    URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)

    Toolbar-Locked - (no file)

    HKCU-Run-AdobeBridge - (no file)

    HKCU-Run-kwAzjqkPUoRbQu - c:\programdata\kwAzjqkPUoRbQu.exe

    HKLM-Run-DwGrEROeImE.exe - c:\programdata\DwGrEROeImE.exe

    SafeBoot-Symantec Antvirus

    AddRemove-LSI Soft Modem - c:\windows\agrsmdel

    .

    .

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{F819FCA4-67B3B36D-06000000}_0]

    "ImagePath"="\??\c:\program files\fujitsu hardware diagnostics tool\pcdsrvc.pkms"

    .

    --------------------- LOCKED REGISTRY KEYS ---------------------

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    "BlindDial"=dword:00000000

    "MSCurrentCountry"=dword:000000b5

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    "BlindDial"=dword:00000000

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    "BlindDial"=dword:00000000

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

    @Denied: (Full) (Everyone)

    .

    Completion time: 2012-07-13 17:35:10

    ComboFix-quarantined-files.txt 2012-07-13 22:35

    .

    Pre-Run: 61,263,237,120 bytes free

    Post-Run: 71,124,664,320 bytes free

    .

    - - End Of File - - D306478D44F86C1E96B07946DA1C2E88

    Infected with System Check, cannot be detected by antivirus

    in Resolved Malware Removal Logs

    Posted

    Hi, thank you for your reply! I've carried out the steps above. TDSSKiller found a few objects but didn't show any Cure options, so I skipped them all. While updating MBAM, it gave this error: PROGRAM_ERROR_UPDATING (5, 0, MBAMFileIO::WriteFile) Access is denied. MBAM found two objects and I've removed them.

    While restarting and such, I had to run Rkill to stop the virus from throwing out popups, but my desktop went entirely black without my start bar. Nothing I pressed seemed to have any effect either. I had to force shut and restart my laptop and I'm not running RKill for now.

    Here are the logs:

    TDSSKiller

    Sorry, had to attach it as it said my post was too long?

    MBAM Log

    Malwarebytes Anti-Malware 1.62.0.1300

    www.malwarebytes.org

    Database version: v2012.07.12.08

    Windows 7 Service Pack 1 x86 NTFS

    Internet Explorer 9.0.8112.16421

    SP :: ROSHIE [administrator]

    13/7/2012 12:26:48 PM

    mbam-log-2012-07-13 (12-26-48).txt

    Scan type: Quick scan

    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

    Scan options disabled: P2P

    Objects scanned: 267996

    Time elapsed: 17 minute(s), 27 second(s)

    Memory Processes Detected: 0

    (No malicious items detected)

    Memory Modules Detected: 0

    (No malicious items detected)

    Registry Keys Detected: 5

    HKCR\CLSID\{18689D3E-CF06-482F-AEB1-0880F859F0AA} (PUP.Funshion) -> No action taken.

    HKCR\TypeLib\{5165BFF4-4E35-446F-B00E-EA4185B64F76} (PUP.Funshion) -> No action taken.

    HKCR\Interface\{332C1DFF-B83D-40E3-968F-F85E20BF0CFB} (PUP.Funshion) -> No action taken.

    HKCR\Fun.OnlineInstallCtrl.1 (PUP.Funshion) -> No action taken.

    HKCR\Fun.OnlineInstallCtrl (PUP.Funshion) -> No action taken.

    Registry Values Detected: 0

    (No malicious items detected)

    Registry Data Items Detected: 2

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

    Folders Detected: 3

    C:\Program Files\Funshion Online (PUP.Funshion) -> No action taken.

    C:\Program Files\Funshion Online\Funshion (PUP.Funshion) -> No action taken.

    C:\Program Files\Funshion Online\Funshion\icon (PUP.Funshion) -> No action taken.

    Files Detected: 9

    C:\Windows\System32\funshion.ini (PUP.Funshion) -> No action taken.

    C:\Program Files\Funshion Online\Funshion\fpsrv.dll (PUP.Funshion) -> No action taken.

    C:\Program Files\Funshion Online\Funshion\funoictl.dll (PUP.Funshion) -> No action taken.

    C:\Program Files\Funshion Online\Funshion\funshion.ini (PUP.Funshion) -> No action taken.

    C:\Program Files\Funshion Online\Funshion\FunshionGame2.ico (PUP.Funshion) -> No action taken.

    C:\Program Files\Funshion Online\Funshion\FunshionGame3.ico (PUP.Funshion) -> No action taken.

    C:\Program Files\Funshion Online\Funshion\FunshionService.diagnose (PUP.Funshion) -> No action taken.

    C:\Program Files\Funshion Online\Funshion\Funshop2.ico (PUP.Funshion) -> No action taken.

    C:\Program Files\Funshion Online\Funshion\Funshop3.ico (PUP.Funshion) -> No action taken.

    (end)

    Ran a second scan and deleted the other PUP.Funshion files detected.

    Malwarebytes Anti-Malware 1.62.0.1300

    www.malwarebytes.org

    Database version: v2012.07.12.08

    Windows 7 Service Pack 1 x86 NTFS

    Internet Explorer 9.0.8112.16421

    SP :: ROSHIE [administrator]

    13/7/2012 12:46:18 PM

    mbam-log-2012-07-13 (12-46-18).txt

    Scan type: Quick scan

    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

    Scan options disabled: P2P

    Objects scanned: 268007

    Time elapsed: 17 minute(s), 16 second(s)

    Memory Processes Detected: 0

    (No malicious items detected)

    Memory Modules Detected: 0

    (No malicious items detected)

    Registry Keys Detected: 5

    HKCR\CLSID\{18689D3E-CF06-482F-AEB1-0880F859F0AA} (PUP.Funshion) -> Quarantined and deleted successfully.

    HKCR\TypeLib\{5165BFF4-4E35-446F-B00E-EA4185B64F76} (PUP.Funshion) -> Quarantined and deleted successfully.

    HKCR\Interface\{332C1DFF-B83D-40E3-968F-F85E20BF0CFB} (PUP.Funshion) -> Quarantined and deleted successfully.

    HKCR\Fun.OnlineInstallCtrl.1 (PUP.Funshion) -> Quarantined and deleted successfully.

    HKCR\Fun.OnlineInstallCtrl (PUP.Funshion) -> Quarantined and deleted successfully.

    Registry Values Detected: 0

    (No malicious items detected)

    Registry Data Items Detected: 0

    (No malicious items detected)

    Folders Detected: 3

    C:\Program Files\Funshion Online (PUP.Funshion) -> Delete on reboot.

    C:\Program Files\Funshion Online\Funshion (PUP.Funshion) -> Delete on reboot.

    C:\Program Files\Funshion Online\Funshion\icon (PUP.Funshion) -> Quarantined and deleted successfully.

    Files Detected: 9

    C:\Windows\System32\funshion.ini (PUP.Funshion) -> Quarantined and deleted successfully.

    C:\Program Files\Funshion Online\Funshion\fpsrv.dll (PUP.Funshion) -> Quarantined and deleted successfully.

    C:\Program Files\Funshion Online\Funshion\funoictl.dll (PUP.Funshion) -> Quarantined and deleted successfully.

    C:\Program Files\Funshion Online\Funshion\funshion.ini (PUP.Funshion) -> Quarantined and deleted successfully.

    C:\Program Files\Funshion Online\Funshion\FunshionGame2.ico (PUP.Funshion) -> Quarantined and deleted successfully.

    C:\Program Files\Funshion Online\Funshion\FunshionGame3.ico (PUP.Funshion) -> Quarantined and deleted successfully.

    C:\Program Files\Funshion Online\Funshion\FunshionService.diagnose (PUP.Funshion) -> Quarantined and deleted successfully.

    C:\Program Files\Funshion Online\Funshion\Funshop2.ico (PUP.Funshion) -> Quarantined and deleted successfully.

    C:\Program Files\Funshion Online\Funshion\Funshop3.ico (PUP.Funshion) -> Quarantined and deleted successfully.

    (end)

    DDS Log:

    .

    DDS (Ver_2011-08-26.01) - NTFSx86

    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.3.1

    Run by SP at 13:58:06 on 2012-07-13

    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.65.1033.18.3059.1659 [GMT -5:00]

    .

    AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

    FW: Symantec Endpoint Protection *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

    .

    ============== Running Processes ===============

    .

    C:\windows\system32\wininit.exe

    C:\windows\system32\lsm.exe

    C:\windows\system32\svchost.exe -k DcomLaunch

    C:\Program Files\Fingerprint Sensor\AtService.exe

    C:\Windows\system32\nvvsvc.exe

    C:\Program Files\Softex\OmniPass\OmniServ.exe

    C:\windows\system32\svchost.exe -k RPCSS

    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

    C:\windows\system32\svchost.exe -k netsvcs

    C:\windows\system32\svchost.exe -k LocalService

    C:\windows\system32\nvvsvc.exe

    C:\windows\SYSTEM32\WISPTIS.EXE

    C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

    C:\windows\SYSTEM32\WISPTIS.EXE

    C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

    C:\windows\system32\Dwm.exe

    C:\windows\Explorer.EXE

    C:\windows\system32\svchost.exe -k NetworkService

    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

    C:\windows\system32\WLANExt.exe

    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

    C:\windows\system32\conhost.exe

    C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

    C:\Program Files\Softex\OmniPass\opvapp.exe

    C:\windows\System32\spoolsv.exe

    C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe

    C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe

    C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe

    C:\Program Files\Fingerprint Sensor\ATSwpNav.exe

    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

    C:\Program Files\LSI SoftModem\agrsmsvc.exe

    C:\windows\system32\svchost.exe -k bthsvcs

    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    C:\Program Files\Intel\WiFi\bin\EvtEng.exe

    C:\Windows\vsnp2uvc.exe

    C:\Windows\snuvcdsm.exe

    C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe

    C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe

    C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe

    C:\Program Files\Fujitsu\PSUtility\TrayManager.exe

    C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

    C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe

    C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe

    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

    C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

    C:\Program Files\Fujitsu\BatteryAid2\BatteryDaemon.exe

    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

    C:\Program Files\Fujitsu\Application Panel\BtnHndHkb.exe

    C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe

    C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe

    C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe

    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

    C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe

    C:\Program Files\Fujitsu\updnavi\updatenv.exe

    c:\Program Files\Fujitsu\PSUtility\PSUService.exe

    C:\Program Files\Softex\OmniPass\scureapp.exe

    C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe

    C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

    C:\Program Files\Fujitsu\SSUtility\FJSSDMN.exe

    c:\Program Files\CyberLink\Shared files\RichVideo.exe

    C:\Program Files\Common Files\Symantec Shared\ccApp.exe

    C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

    C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

    C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe

    C:\windows\system32\svchost.exe -k imgsvc

    C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

    C:\Program Files\VMware\VMware Workstation\vmware-tray.exe

    C:\Program Files\Common Files\Java\Java Update\jusched.exe

    C:\windows\system32\Wacom_Tablet.exe

    C:\ProgramData\DwGrEROeImE.exe

    C:\Program Files\Fujitsu\updnavi\updnvsrv.exe

    C:\Users\SP\AppData\Local\Google\Update\GoogleUpdate.exe

    C:\windows\system32\WTablet\Wacom_TabletUser.exe

    C:\windows\system32\Wacom_Tablet.exe

    C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe

    C:\Windows\System32\StikyNot.exe

    C:\ProgramData\kwAzjqkPUoRbQu.exe

    C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe

    C:\windows\system32\vmnat.exe

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

    C:\windows\system32\CCM\CcmExec.exe

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

    C:\Program Files\VMware\VMware Workstation\vmware-authd.exe

    C:\windows\system32\vmnetdhcp.exe

    C:\Program Files\VMware\VMware Workstation\vmware-hostd.exe

    C:\windows\system32\wbem\unsecapp.exe

    C:\windows\system32\wbem\wmiprvse.exe

    C:\windows\system32\wbem\wmiprvse.exe

    C:\windows\system32\msiexec.exe

    C:\windows\system32\SearchIndexer.exe

    C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

    C:\windows\System32\svchost.exe -k WerSvcGroup

    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

    C:\windows\system32\wbem\wmiprvse.exe

    C:\windows\System32\alg.exe

    C:\windows\system32\conhost.exe

    .

    ============== Pseudo HJT Report ===============

    .

    uStart Page = hxxp://about.start.iplay.com

    uDefault_Page_URL = hxxp://www.sp.edu.sg

    uURLSearchHooks: H - No File

    BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll

    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

    BHO: {889D2FEB-5411-4565-8998-1DD2C5261283} - No File

    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL

    BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.0 runtime\bin\jp2ssv.dll

    TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll

    uRun: [Google Update] "c:\users\sp\appdata\local\google\update\GoogleUpdate.exe" /c

    uRun: [AdobeBridge]

    uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe

    uRun: [kwAzjqkPUoRbQu] c:\programdata\kwAzjqkPUoRbQu.exe

    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

    mRun: [indicatorUtility] c:\program files\fujitsu\fujitsu hotkey utility\IndicatorUty.exe

    mRun: [LoadFUJ02E3] c:\program files\fujitsu\fuj02e3\FUJ02E3.exe

    mRun: [ATSwpNav] "c:\program files\fingerprint sensor\ATSwpNav" -run

    mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s

    mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

    mRun: [snp2uvc] c:\windows\vsnp2uvc.exe

    mRun: [sNUVCDSM] c:\windows\snuvcdsm.exe

    mRun: [CSRSkype] c:\program files\csr\bluetooth feature pack 5.0\CSRSkype.exe

    mRun: [ConMgr] "c:\program files\csr\bluetooth feature pack 5.0\ConMgr.exe"

    mRun: [FDM7] c:\program files\fujitsu\fdm7\FdmDaemon.exe

    mRun: [PSUTility] c:\program files\fujitsu\psutility\TrayManager.exe

    mRun: [LoadFujitsuQuickTouch] c:\program files\fujitsu\application panel\QuickTouch.exe

    mRun: [LoadBtnHnd] c:\program files\fujitsu\application panel\BtnHnd.exe

    mRun: [FJBATAID2] c:\program files\fujitsu\batteryaid2\BatteryDaemon.exe

    mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe"

    mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe"

    mRun: [updatePDRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"

    mRun: [uCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\3.0"

    mRun: [YouCam Mirror Tray icon] "c:\program files\cyberlink\youcam\YouCamTray.exe" /s

    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

    mRun: [FJUPDNV_Chitose] c:\program files\fujitsu\updnavi\updatenv.exe

    mRun: [OmniPass] c:\program files\softex\omnipass\scureapp.exe

    mRun: [NUSB3MON] "c:\program files\nec electronics\usb 3.0 host controller driver\application\nusb3mon.exe"

    mRun: [sSUtility] c:\program files\fujitsu\ssutility\FJSSDMN.exe

    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

    mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

    mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

    mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin

    mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe

    mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start

    mRun: [PlusService] c:\program files\yuna software\messenger plus!\PlusService.exe

    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

    mRun: [vmware-tray] c:\program files\vmware\vmware workstation\vmware-tray.exe

    mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

    mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

    mRun: [DwGrEROeImE.exe] c:\programdata\DwGrEROeImE.exe

    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

    mPolicies-system: EnableLUA = 0 (0x0)

    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000

    IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105

    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

    LSP: %SystemRoot%\system32\vsocklib.dll

    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab

    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

    DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab

    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab

    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

    DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1

    TCP: Interfaces\{B8DBD259-EBF3-4628-A020-E5AD6D0D6674} : DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1

    TCP: Interfaces\{B8DBD259-EBF3-4628-A020-E5AD6D0D6674}\3594E4744554C4D273733313 : DhcpNameServer = 192.168.1.254

    TCP: Interfaces\{B8DBD259-EBF3-4628-A020-E5AD6D0D6674}\46C696E6B6 : DhcpNameServer = 192.168.0.1

    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

    Notify: igfxcui - igfxdev.dll

    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

    .

    ================= FIREFOX ===================

    .

    FF - ProfilePath - c:\users\sp\appdata\roaming\mozilla\firefox\profiles\ulcmxq60.default\

    FF - prefs.js: browser.startup.homepage - www.google.com

    FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL

    FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL

    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

    FF - plugin: c:\program files\ahnlab\asp\components\aosmgr\conflict_221\npaosmgr.dll

    FF - plugin: c:\program files\ahnlab\asp\mykeydefense 2.5\npmkd25aos.dll

    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

    FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll

    FF - plugin: c:\program files\oracle\javafx 2.0 runtime\bin\plugin2\npjp2.dll

    FF - plugin: c:\program files\tabletplugins\npwacom.dll

    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

    FF - plugin: c:\programdata\thunder network\thunder\data\npxunlei1.0.0.1.dll

    FF - plugin: c:\users\sp\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll

    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll

    FF - plugin: c:\windows\system32\npdeployJava1.dll

    FF - plugin: c:\windows\system32\npmproxy.dll

    .

    ---- FIREFOX POLICIES ----

    FF - user.js: yahoo.homepage.dontask - true

    ============= SERVICES / DRIVERS ===============

    .

    R0 FBIOSDRV;Fujitsu BIOS Driver;c:\windows\system32\drivers\FBIOSDRV.sys [2009-9-2 17008]

    R0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\drivers\FJGSDisk.sys [2010-3-15 12776]

    R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2009-8-1 659328]

    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-5-30 106656]

    R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [2009-9-2 5632]

    R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2012-5-28 73216]

    R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2009-10-25 125696]

    R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-10-15 274984]

    R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2009-9-15 6114816]

    R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2009-10-26 58240]

    R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2009-10-26 136704]

    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-11-11 66664]

    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

    S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2009-1-29 6016]

    S3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\drivers\BthAvrcp.sys [2009-8-20 28000]

    S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2009-7-13 214016]

    S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2012-5-28 102784]

    S3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\drivers\ewusbwwan.sys [2012-5-28 349184]

    S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2012-7-6 12400]

    S3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2009-10-29 209920]

    S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-7-13 31560]

    S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [2011-6-2 133632]

    S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2011-6-2 79360]

    S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2009-7-10 25856]

    S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2012-1-25 20864]

    S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2012-1-25 8448]

    S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2012-1-25 23808]

    S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]

    S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\drivers\o2mdg.sys [2009-7-20 60576]

    S3 O2SDGRDR;O2SDGRDR;c:\windows\system32\drivers\o2sdg.sys [2009-7-15 41632]

    S3 PCDSRVC{F819FCA4-67B3B36D-06000000}_0;PCDSRVC{F819FCA4-67B3B36D-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\fujitsu hardware diagnostics tool\pcdsrvc.pkms [2009-11-16 20848]

    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-12-11 174592]

    .

    =============== Created Last 30 ================

    .

    2012-07-13 17:21:53 31560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

    2012-07-12 15:30:52 236280 ---ha-w- c:\programdata\kwAzjqkPUoRbQu.exe

    2012-07-12 15:20:05 325880 ---ha-w- c:\programdata\DwGrEROeImE.exe

    2012-07-12 04:44:08 2382848 ----a-w- c:\windows\system32\mshtml.tlb

    2012-07-12 04:44:07 194560 ----a-w- c:\program files\internet explorer\ieproxy.dll

    2012-07-12 04:44:07 194048 ----a-w- c:\program files\internet explorer\IEShims.dll

    2012-07-12 04:44:07 140920 ----a-w- c:\program files\internet explorer\sqmapi.dll

    2012-07-12 04:44:06 142848 ----a-w- c:\windows\system32\ieUnatt.exe

    2012-07-12 04:44:04 1800192 ----a-w- c:\windows\system32\jscript9.dll

    2012-07-12 04:44:03 748664 ----a-w- c:\program files\internet explorer\iexplore.exe

    2012-07-12 04:44:02 678912 ----a-w- c:\program files\internet explorer\iedvtool.dll

    2012-07-12 04:44:02 387584 ----a-w- c:\program files\internet explorer\jsdbgui.dll

    2012-07-12 04:44:00 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

    2012-07-12 03:54:49 -------- d--h--w- c:\users\sp\appdata\local\{6D163377-3D2C-4041-8E24-4D27E03B6D8D}

    2012-07-12 03:54:25 -------- d--h--w- c:\users\sp\appdata\local\{4D52A9A4-29F0-4C93-BA21-6470B93D347A}

    2012-07-11 15:49:52 -------- d--h--w- c:\users\sp\appdata\local\{154CCAA7-44D8-4E45-86EF-7C74DE308DEE}

    2012-07-11 15:49:30 -------- d--h--w- c:\users\sp\appdata\local\{B028E758-E5C5-4686-B3A9-A95348C9B57D}

    2012-07-11 15:09:20 369336 ----a-w- c:\windows\system32\drivers\cng.sys

    2012-07-11 15:09:19 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

    2012-07-11 15:09:10 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys

    2012-07-11 15:08:30 1019904 ----a-w- c:\program files\common files\system\ado\msado15.dll

    2012-07-11 15:08:29 805376 ----a-w- c:\windows\system32\cdosys.dll

    2012-07-11 15:08:24 352256 ----a-w- c:\program files\common files\system\ado\msadomd.dll

    2012-07-11 15:08:23 57344 ----a-w- c:\program files\common files\system\ado\msador15.dll

    2012-07-11 15:08:22 212992 ----a-w- c:\program files\common files\system\msadc\msadco.dll

    2012-07-11 15:08:18 143360 ----a-w- c:\program files\common files\system\ado\msjro.dll

    2012-07-11 15:08:14 372736 ----a-w- c:\program files\common files\system\ado\msadox.dll

    2012-07-11 03:29:30 -------- d--h--w- c:\users\sp\appdata\local\{B8A34615-244E-46DB-8BD7-07B30C3A8361}

    2012-07-11 03:29:09 -------- d--h--w- c:\users\sp\appdata\local\{6F7DE407-E19F-4A9B-859B-177284FA7F68}

    2012-07-10 19:31:41 -------- d--h--w- c:\programdata\Motorola

    2012-07-10 19:30:53 -------- d--h--w- c:\users\sp\appdata\roaming\Motorola Mobility

    2012-07-10 19:30:34 -------- d--h--w- c:\program files\Motorola Mobility

    2012-07-10 19:30:34 -------- d--h--w- c:\program files\Motorola

    2012-07-10 19:30:34 -------- d--h--w- c:\program files\common files\MSSoap

    2012-07-10 19:28:32 -------- d--h--w- c:\program files\common files\Motorola Shared

    2012-07-10 19:26:48 -------- d--h--w- c:\users\sp\appdata\roaming\Motorola

    2012-07-10 18:02:57 -------- d--h--w- c:\users\sp\.keytooliui

    2012-07-10 15:28:41 -------- d--h--w- c:\users\sp\appdata\local\{77663E87-A162-45E0-9FCA-96AC07B36A52}

    2012-07-10 15:28:19 -------- d--h--w- c:\users\sp\appdata\local\{B1EE5B13-D6AD-4915-B05D-5F0BD4ECC3C3}

    2012-07-10 02:56:45 -------- d--h--w- c:\users\sp\appdata\local\{6FBFD123-9EF1-46CD-995C-3AA8D641EA3A}

    2012-07-10 02:56:21 -------- d--h--w- c:\users\sp\appdata\local\{E3F5E366-E359-4405-8063-9AACA2756D74}

    2012-07-09 18:29:12 -------- d--h--w- c:\program files\eclipse

    2012-07-09 03:21:20 -------- d--h--w- c:\users\sp\appdata\roaming\Malwarebytes

    2012-07-09 03:21:13 -------- d--h--w- c:\programdata\Malwarebytes

    2012-07-09 03:21:12 -------- d--h--w- c:\program files\Malwarebytes' Anti-Malware

    2012-07-09 02:30:45 -------- d--h--w- c:\users\sp\appdata\local\{48E68B56-1DD9-48C3-9882-756AE3748F1C}

    2012-07-09 02:30:24 -------- d--h--w- c:\users\sp\appdata\local\{7320C3EE-8164-4C51-BC57-D72917613123}

    2012-07-08 14:29:24 -------- d--h--w- c:\users\sp\appdata\local\{47A852B3-0EEC-4C9A-AF6D-85D954D15FD5}

    2012-07-08 14:29:07 -------- d--h--w- c:\users\sp\appdata\local\{36AF0129-C3A2-4E19-BE0A-0A5AFD742A03}

    2012-07-07 15:10:37 -------- d--h--w- c:\users\sp\appdata\local\{37857896-1E50-4D1D-8DAA-AC87A5235B33}

    2012-07-07 15:10:15 -------- d--h--w- c:\users\sp\appdata\local\{06335C05-660C-4FFE-B093-9D3C48AEC7DF}

    2012-07-07 03:09:41 -------- d--h--w- c:\users\sp\appdata\local\{EE58FFD0-37E8-453F-A943-8E1898924AC6}

    2012-07-07 03:09:16 -------- d--h--w- c:\users\sp\appdata\local\{0E7F4EBD-2F16-42DF-89CD-2BA31502DDAE}

    2012-07-07 00:49:59 -------- d--h--w- c:\programdata\TSLOG

    2012-07-06 23:43:30 -------- d--h--w- c:\programdata\Xunlei

    2012-07-06 23:41:37 -------- d--h--w- c:\program files\common files\Thunder Network

    2012-07-06 23:41:31 -------- d--h--w- c:\programdata\Thunder Network

    2012-07-06 23:40:57 -------- d--h--w- c:\program files\Thunder Network

    2012-07-06 16:07:24 25200 ---ha-w- c:\windows\system32\drivers\ggsemc.sys

    2012-07-06 16:07:24 12400 ---ha-w- c:\windows\system32\drivers\ggflt.sys

    2012-07-06 16:06:13 -------- d--h--w- c:\programdata\Sony Ericsson

    2012-07-06 16:06:09 -------- d--h--w- c:\program files\Sony Ericsson

    2012-07-06 15:08:22 -------- d--h--w- c:\users\sp\appdata\local\{0DC32457-489F-4306-8544-0692008F6211}

    2012-07-06 15:07:48 -------- d--h--w- c:\users\sp\appdata\local\{C0D33954-3164-49FB-90B6-5B962DA67CC8}

    2012-07-04 15:22:52 -------- d--h--w- c:\users\sp\appdata\local\{2BC879F2-6069-42DC-BDF0-9F01F489D6AE}

    2012-07-04 15:22:31 -------- d--h--w- c:\users\sp\appdata\local\{C0CBF135-BBB5-4C62-A8D6-1B9EE7CB9854}

    2012-07-04 03:22:04 -------- d--h--w- c:\users\sp\appdata\local\{63EABDBB-EB15-4095-93E9-F8F799CE116E}

    2012-07-04 03:21:42 -------- d--h--w- c:\users\sp\appdata\local\{7C0794D1-B112-4378-A273-C39A3B99F529}

    2012-07-03 15:21:14 -------- d--h--w- c:\users\sp\appdata\local\{EF48F83E-97BE-4019-8C1D-BE30BD0B334D}

    2012-07-03 15:20:52 -------- d--h--w- c:\users\sp\appdata\local\{6F08551B-24EE-41BE-A1E9-89D839E88C2E}

    2012-07-03 03:20:13 -------- d--h--w- c:\users\sp\appdata\local\{88A3D3B7-946F-4055-9422-48D5E07B0875}

    2012-07-03 03:19:49 -------- d--h--w- c:\users\sp\appdata\local\{3429F9C0-3D3A-48CE-8FE9-C568411F9556}

    2012-07-01 18:02:25 -------- d--h--w- c:\users\sp\appdata\local\{297501F1-E60D-4368-9791-9960AB2485F0}

    2012-07-01 18:02:04 -------- d--h--w- c:\users\sp\appdata\local\{A2240C57-CBB7-4E42-B1E3-9D1B19ACC1B9}

    2012-06-30 14:59:46 -------- d--h--w- c:\users\sp\appdata\local\{FA0EE562-905C-4082-BBF0-E62648FCC276}

    2012-06-30 14:59:24 -------- d--h--w- c:\users\sp\appdata\local\{93FB469D-2688-4C74-BE88-2B4E00B0242F}

    2012-06-29 14:40:53 -------- d--h--w- c:\users\sp\appdata\local\{D3483237-4182-4E1B-8D91-4DB1C339BD96}

    2012-06-29 14:40:26 -------- d--h--w- c:\users\sp\appdata\local\{42A5FD40-9A67-440E-8E35-B290B109693B}

    2012-06-28 15:10:23 -------- d--h--w- c:\users\sp\appdata\local\{AEAEA033-1480-4ACE-8172-377FAAB59E91}

    2012-06-28 15:10:02 -------- d--h--w- c:\users\sp\appdata\local\{9907CC72-9CB7-42C6-BB59-54F812A3E918}

    2012-06-26 14:26:10 -------- d--h--w- c:\users\sp\appdata\local\{996B9632-F4AA-495D-9449-D3BDA21D1A7F}

    2012-06-26 14:26:00 -------- d--h--w- c:\users\sp\appdata\local\{82339FF5-B698-4534-8B2C-8FF420DF9A81}

    2012-06-26 01:31:10 -------- d--h--w- c:\users\sp\appdata\local\{4861598B-F83E-476D-A750-42E78C6D140E}

    2012-06-26 01:30:48 -------- d--h--w- c:\users\sp\appdata\local\{EA7690CE-A086-45B4-BB11-F7A3D488CCEB}

    2012-06-25 02:10:27 -------- d--h--w- c:\users\sp\appdata\local\{32A077B5-2EA5-4E31-B4AB-DEC00B93AD69}

    2012-06-23 03:45:02 -------- d--h--w- c:\users\sp\appdata\local\{599BD4B9-4454-4E67-8DB5-1621A284B4C1}

    2012-06-23 03:44:41 -------- d--h--w- c:\users\sp\appdata\local\{310B9E23-1CF7-42A8-ACC9-3A0A21F3310E}

    2012-06-22 15:44:14 -------- d--h--w- c:\users\sp\appdata\local\{79398A62-6B6F-49E5-A92A-9BEA39E06FDD}

    2012-06-22 15:43:49 -------- d--h--w- c:\users\sp\appdata\local\{0306ACA1-F474-4A1E-8838-1BBDC4A4EF35}

    2012-06-22 03:43:19 -------- d--h--w- c:\users\sp\appdata\local\{63473AE9-22A6-42A0-96BE-2F46903A3545}

    2012-06-22 03:42:58 -------- d--h--w- c:\users\sp\appdata\local\{A1B43DB9-19BD-479C-B0C5-8EA9EFF7E001}

    2012-06-21 15:42:31 -------- d--h--w- c:\users\sp\appdata\local\{350D4A3E-EB89-48BB-A2F4-C4FF42A410AA}

    2012-06-21 15:42:09 -------- d--h--w- c:\users\sp\appdata\local\{88BB2E8A-38F1-411F-8EDE-C3087FE17409}

    2012-06-21 03:41:38 -------- d--h--w- c:\users\sp\appdata\local\{06B7D4FC-79A5-4A57-99D5-AAAB9945DFC6}

    2012-06-21 03:41:14 -------- d--h--w- c:\users\sp\appdata\local\{D1841185-2E72-4A1E-B549-AB8362B4C4FB}

    2012-06-20 15:40:41 -------- d--h--w- c:\users\sp\appdata\local\{F22F75CF-5987-4945-88BD-427B9C902283}

    2012-06-20 15:40:17 -------- d--h--w- c:\users\sp\appdata\local\{B797E5AA-CF64-4316-A1D3-15314E030969}

    2012-06-20 03:39:50 -------- d--h--w- c:\users\sp\appdata\local\{9CC6C64F-1D4B-48F1-B32B-37C081D7F283}

    2012-06-20 03:39:29 -------- d--h--w- c:\users\sp\appdata\local\{23132524-34D1-48C5-AC45-BEB514A2DBC5}

    2012-06-19 22:35:14 4967624 ---ha-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll

    2012-06-19 15:39:02 -------- d--h--w- c:\users\sp\appdata\local\{41F88865-C560-4028-8826-3497224DDCF3}

    2012-06-19 15:38:39 -------- d--h--w- c:\users\sp\appdata\local\{D21D7ED2-4596-4FC3-A7F6-DC62AD143DB7}

    2012-06-19 03:37:56 -------- d--h--w- c:\users\sp\appdata\local\{1086CC20-6BFA-454D-BF43-47BEB88D6E57}

    2012-06-19 03:37:24 -------- d--h--w- c:\users\sp\appdata\local\{93198057-5BB3-4251-BA17-AF3331D2C5BD}

    2012-06-18 15:36:37 -------- d--h--w- c:\users\sp\appdata\local\{209D2A9E-1B39-428C-9D3E-8F91BA118A90}

    2012-06-18 15:36:10 770384 ---ha-w- c:\program files\mozilla firefox\msvcr100.dll

    2012-06-18 15:36:10 421200 ---ha-w- c:\program files\mozilla firefox\msvcp100.dll

    2012-06-17 14:41:21 -------- d--h--w- c:\users\sp\appdata\local\{497CF24B-FB60-426A-B481-240DD813E437}

    2012-06-16 04:00:58 -------- d--h--w- c:\users\sp\appdata\local\{FAF83CBB-55B6-4405-B03D-C074270285A3}

    2012-06-15 13:57:12 -------- d--h--w- c:\users\sp\appdata\local\{06358064-5F0F-4500-B9D3-942BEA3959D4}

    .

    ==================== Find3M ====================

    .

    2012-07-13 19:02:06 865022 ----a-w- c:\windows\system32\PerfStringBackup.TMP

    2012-07-12 04:19:19 70344 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl

    2012-07-12 04:19:19 426184 ---ha-w- c:\windows\system32\FlashPlayerApp.exe

    2012-06-25 21:04:24 1394248 ---ha-w- c:\windows\system32\msxml4.dll

    2012-06-06 05:05:52 1390080 ----a-w- c:\windows\system32\msxml6.dll

    2012-06-06 05:05:52 1236992 ----a-w- c:\windows\system32\msxml3.dll

    2012-06-02 04:40:39 225280 ----a-w- c:\windows\system32\schannel.dll

    2012-06-02 04:39:10 219136 ----a-w- c:\windows\system32\ncrypt.dll

    2012-05-30 06:50:44 34768 ---ha-w- c:\windows\xinstaller.exe

    2012-05-30 06:50:42 79824 ---ha-w- c:\windows\xinstaller.dll

    2012-05-01 04:44:12 164352 ----a-w- c:\windows\system32\profsvc.dll

    2012-04-28 03:17:07 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys

    2012-04-26 04:45:55 58880 ----a-w- c:\windows\system32\rdpwsx.dll

    2012-04-26 04:45:54 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

    2012-04-26 04:41:16 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

    2012-04-24 04:36:42 140288 ----a-w- c:\windows\system32\cryptsvc.dll

    2012-04-24 04:36:42 1158656 ----a-w- c:\windows\system32\crypt32.dll

    2012-04-24 04:36:42 103936 ----a-w- c:\windows\system32\cryptnet.dll

    .

    =================== ROOTKIT ====================

    .

    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

    Windows 6.1.7601 Disk: FUJITSU_ rev.0000 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

    .

    device: opened successfully

    user: MBR read successfully

    .

    Disk trace:

    called modules: >>UNKNOWN [0x8384F000]<< >>UNKNOWN [0x8C650000]<< >>UNKNOWN [0x8C63F000]<< >>UNKNOWN [0x8BDA6000]<< >>UNKNOWN [0x83818000]<< >>UNKNOWN [0x8C01B000]<< >>UNKNOWN [0x8BC90000]<< >>UNKNOWN [0xA0F20000]<<

    _asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; }

    1 ntkrnlpa!IofCallDriver[0x8388655A] -> \Device\Harddisk0\DR0[0x861F1700]

    \Driver\Disk[0x861F5668] -> IRP_MJ_CREATE -> 0x8C65439F

    3 [0x8C65459E] -> ntkrnlpa!IofCallDriver[0x8388655A] -> [0x86EEE8C0]

    \Driver\ACPI[0x8615BE40] -> IRP_MJ_CREATE -> 0x8BDAF4CC

    5 [0x8BDAF3D4] -> ntkrnlpa!IofCallDriver[0x8388655A] -> \Device\Ide\IAAStorageDevice-1[0x86EBB028]

    \Driver\iaStor[0x86EEA030] -> IRP_MJ_CREATE -> 0x8C07C830

    kernel: MBR read successfully

    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [bP+0x0], 0x0; }

    user & kernel MBR OK

    Warning: possible TDL3 rootkit infection !

    .

    ============= FINISH: 14:14:13.65 ===============

    TDSSKiller.2.7.45.0_13.07.2012_12.09.27_log.txt

    Infected with System Check, cannot be detected by antivirus

    in Resolved Malware Removal Logs

    Posted

    My laptop has been infected with the System Check virus, or something similar. I found a few solutions online, but I was unable to fix it. This is what I've tried:

    -RKill

    (kills 2 unknown processes with random names and stops the popups, closes the virus program)

    -Unhide

    (successfully unhides all my files)

    -TDSKiller

    (could not run at first, I ran FixTDSS and it could run after, however it found nothing)

    -MBAM free version

    (ran a full scan as well as a few quick scans before and after trying the 3 programs above, but it found nothing)

    I'm currently running in Safe Mode with Networking. The virus appeared only when I booted my laptop today.

    I have attached DDS.txt and Attach.txt as instructed by the pinned topic. I hope someone can help! Thanks!

    Attach.txt

    DDS.txt

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.