Jump to content

stormraider

Members
 View Profile  See their activity

  • Posts

    12

  • Joined

  • Last visited

 Content Type 

Everything posted by stormraider

  1. stormraider
    very well i will go with your recommendations... i will keep this thread readily available for future reference and thank you for your work... donation made
  2. stormraider
    not sure about that one... i dont have anything that is using python language.... can u direct me to the software that uses these files, also as stated i use my phone for tethering and have noticed screen shots showing up under my images on my phone... i believe that this may be a keylogger of some nature...
  3. stormraider
    what are these files for and why does combofix quarantine them?
  4. stormraider
    reran combofix and still finding and quartines the following c:\users\Your\AppData\Local\Temp\_MEI24602\_ctypes.pydc:\users\Your\AppData\Local\Temp\_MEI24602\_elementtree.pydc:\users\Your\AppData\Local\Temp\_MEI24602\_hashlib.pydc:\users\Your\AppData\Local\Temp\_MEI24602\_multiprocessing.pydc:\users\Your\AppData\Local\Temp\_MEI24602\_socket.pydc:\users\Your\AppData\Local\Temp\_MEI24602\_ssl.pydc:\users\Your\AppData\Local\temp\_MEI24602\msvcp100.dllc:\users\Your\AppData\Local\Temp\_MEI24602\msvcr100.dllc:\users\Your\AppData\Local\Temp\_MEI24602\pyexpat.pydc:\users\Your\AppData\Local\Temp\_MEI24602\pysqlite2._sqlite.pydc:\users\Your\AppData\Local\Temp\_MEI24602\python27.dllc:\users\Your\AppData\Local\temp\_MEI24602\pythoncom27.dllc:\users\Your\AppData\Local\Temp\_MEI24602\PyWinTypes27.dllc:\users\Your\AppData\Local\Temp\_MEI24602\select.pydc:\users\Your\AppData\Local\temp\_MEI24602\unicodedata.pydc:\users\Your\AppData\Local\Temp\_MEI24602\win32api.pydc:\users\Your\AppData\Local\Temp\_MEI24602\win32com.shell.shell.pydc:\users\Your\AppData\Local\Temp\_MEI24602\win32crypt.pydc:\users\Your\AppData\Local\temp\_MEI24602\win32event.pydc:\users\Your\AppData\Local\Temp\_MEI24602\win32file.pydc:\users\Your\AppData\Local\Temp\_MEI24602\win32inet.pydc:\users\Your\AppData\Local\temp\_MEI24602\win32pdh.pydc:\users\Your\AppData\Local\Temp\_MEI24602\win32process.pydc:\users\Your\AppData\Local\Temp\_MEI24602\win32profile.pydc:\users\Your\AppData\Local\Temp\_MEI24602\win32security.pydc:\users\Your\AppData\Local\Temp\_MEI24602\win32ts.pydc:\users\Your\AppData\Local\temp\_MEI24602\windows._cacheinvalidation.pydc:\users\Your\AppData\Local\Temp\_MEI24602\wx._controls_.pydc:\users\Your\AppData\Local\Temp\_MEI24602\wx._core_.pydc:\users\Your\AppData\Local\Temp\_MEI24602\wx._gdi_.pydc:\users\Your\AppData\Local\Temp\_MEI24602\wx._html2.pydc:\users\Your\AppData\Local\Temp\_MEI24602\wx._misc_.pydc:\users\Your\AppData\Local\Temp\_MEI24602\wx._windows_.pydc:\users\Your\AppData\Local\temp\_MEI24602\wx._wizard.pydc:\users\Your\AppData\Local\temp\_MEI24602\wxbase294u_net_vc90.dllc:\users\Your\AppData\Local\temp\_MEI24602\wxbase294u_vc90.dllc:\users\Your\AppData\Local\Temp\_MEI24602\wxmsw294u_adv_vc90.dllc:\users\Your\AppData\Local\temp\_MEI24602\wxmsw294u_core_vc90.dllc:\users\Your\AppData\Local\temp\_MEI24602\wxmsw294u_html_vc90.dllc:\users\Your\AppData\Local\Temp\_MEI24602\wxmsw294u_webview_vc90.dll
  5. stormraider
    ok have updated defender... decided not reinstall went with open source. seems to be functioning, but got a freeze the other day and internet connection seems to be intermittent. i am also tethered to droid for internet... is it possible i could have downloaded an app that has infected the phone and the phone is passing the infection into the computer.. i ran avg on the phone and seems cleared...
  6. stormraider
    i have removed microsoft security essentials. microsoft defender wants to update? tea timer was already unchecked? i unchecked the other option as well "SD helper" and rebooted system. my adobe programs are crashing and are asking to be reinstalled now?
  7. stormraider
    7-Zip 9.20 Add or Remove Adobe Creative Suite 3 Master Collection Adobe Acrobat 8 Professional Adobe After Effects CS3 Adobe After Effects CS3 Presets Adobe After Effects CS3 Third Party Content Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe BridgeTalk Plugin CS3 Adobe Camera Raw 4.0 Adobe CMaps Adobe Color - Photoshop Specific Adobe Color Common Settings Adobe Color EU Extra Settings Adobe Color JA Extra Settings Adobe Color NA Recommended Settings Adobe Contribute CS3 Adobe Creative Suite 3 Master Collection Adobe Default Language CS3 Adobe Device Central CS3 Adobe Dreamweaver CS3 Adobe Encore CS3 Adobe Encore CS3 Codecs Adobe ExtendScript Toolkit 2 Adobe Extension Manager CS3 Adobe Fireworks CS3 Adobe Flash CS3 Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Flash Video Encoder Adobe Fonts All Adobe Help Viewer CS3 Adobe Illustrator CS3 Adobe InDesign CS3 Adobe InDesign CS3 Icon Handler Adobe Linguistics CS3 Adobe MotionPicture Color Files Adobe PDF Library Files Adobe Photoshop CS3 Adobe Premiere Pro CS3 Adobe Premiere Pro CS3 Functional Content Adobe Premiere Pro CS3 Third Party Content Adobe Setup Adobe SING CS3 Adobe Soundbooth CS3 Codecs Adobe Stock Photos CS3 Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Adobe Video Profiles Adobe WAS CS3 Adobe WinSoft Linguistics Plugin Adobe XMP DVA Panels CS3 Adobe XMP Panels CS3 AHV content for Acrobat and Flash Android SDK Tools Android Sync Manager WiFi AppInventor Setup Apple Application Support Apple Software Update Autodesk 3ds Max 8 Autodesk DWF Viewer avast! Free Antivirus AVG Anti-Rootkit Free Backburner CCleaner Conexant HDA D110 MDC V.92 Modem Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition DriverTools 1.0 EasyTether EasyTether ADB USB driver Emsisoft Anti-Malware Eraser 6.0.10.2620 ESET Online Scanner v3 FileZilla Client 3.6.0.2 Google Chrome Google Drive Google Gmail Notifier Google Talk Plugin Google Update Helper Intel® Graphics Media Accelerator Driver iWisoft Flash SWF to Video Converter 3.5 Java 7 Update 25 Java Auto Updater Jing Logitech Vid HD Logitech Webcam Software LogMeIn Malwarebytes Anti-Malware version 1.75.0.1300 McAfee Security Scan Plus Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Security Client Microsoft Security Essentials Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Mozilla Firefox 20.0.1 (x86 en-US) Mozilla Maintenance Service Online Armor 6.0 Pazera Free 3GP to AVI Converter 1.5 PdaNet+ for Android 4.12 PDF Settings PHP protect Pika Bot QuickTime Safari Security Task Manager 1.8g Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition Skype Click to Call Skype™ 5.10 Sonic Foundry ACID 4.0 Spybot - Search & Destroy SUPERAntiSpyware Tether TrojanHunter 5.5 UnHackMe 5.99 release Unity Web Player Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2836939) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition Winamp Winamp Detector Plug-in Windows Media Player Firefox Plugin Yahoo! Messenger Yahoo! Software Update Yahoo! Toolbar Zend Guard - 5.5.0
  8. stormraider
    ComboFix 13-08-11.02 - Your 08/15/2013 10:52:59.104.2 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2038.837 [GMT -4:00] Running from: c:\users\Your\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} FW: Online Armor Firewall *Enabled* {BD3F5FCA-866B-1E2E-0A68-58900A751EA1} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Your\AppData\Local\Temp\_MEI7682\_ctypes.pyd c:\users\Your\AppData\Local\Temp\_MEI7682\_elementtree.pyd c:\users\Your\AppData\Local\Temp\_MEI7682\_hashlib.pyd c:\users\Your\AppData\Local\Temp\_MEI7682\_multiprocessing.pyd c:\users\Your\AppData\Local\Temp\_MEI7682\_socket.pyd c:\users\Your\AppData\Local\Temp\_MEI7682\_ssl.pyd c:\users\Your\AppData\Local\temp\_MEI7682\pyexpat.pyd c:\users\Your\AppData\Local\temp\_MEI7682\pysqlite2._sqlite.pyd c:\users\Your\AppData\Local\temp\_MEI7682\python27.dll c:\users\Your\AppData\Local\Temp\_MEI7682\pythoncom27.dll c:\users\Your\AppData\Local\Temp\_MEI7682\PyWinTypes27.dll c:\users\Your\AppData\Local\temp\_MEI7682\select.pyd c:\users\Your\AppData\Local\Temp\_MEI7682\unicodedata.pyd c:\users\Your\AppData\Local\Temp\_MEI7682\win32api.pyd c:\users\Your\AppData\Local\Temp\_MEI7682\win32com.shell.shell.pyd c:\users\Your\AppData\Local\Temp\_MEI7682\win32crypt.pyd c:\users\Your\AppData\Local\temp\_MEI7682\win32event.pyd c:\users\Your\AppData\Local\Temp\_MEI7682\win32file.pyd c:\users\Your\AppData\Local\Temp\_MEI7682\win32inet.pyd c:\users\Your\AppData\Local\temp\_MEI7682\win32pdh.pyd c:\users\Your\AppData\Local\Temp\_MEI7682\win32process.pyd c:\users\Your\AppData\Local\Temp\_MEI7682\win32profile.pyd c:\users\Your\AppData\Local\temp\_MEI7682\win32security.pyd c:\users\Your\AppData\Local\temp\_MEI7682\win32ts.pyd c:\users\Your\AppData\Local\Temp\_MEI7682\windows._cacheinvalidation.pyd c:\users\Your\AppData\Local\Temp\_MEI7682\wx._controls_.pyd c:\users\Your\AppData\Local\Temp\_MEI7682\wx._core_.pyd c:\users\Your\AppData\Local\temp\_MEI7682\wx._gdi_.pyd c:\users\Your\AppData\Local\Temp\_MEI7682\wx._html2.pyd c:\users\Your\AppData\Local\temp\_MEI7682\wx._misc_.pyd c:\users\Your\AppData\Local\Temp\_MEI7682\wx._windows_.pyd c:\users\Your\AppData\Local\Temp\_MEI7682\wx._wizard.pyd c:\users\Your\AppData\Local\Temp\_MEI7682\wxbase294u_net_vc90.dll c:\users\Your\AppData\Local\temp\_MEI7682\wxbase294u_vc90.dll c:\users\Your\AppData\Local\temp\_MEI7682\wxmsw294u_adv_vc90.dll c:\users\Your\AppData\Local\temp\_MEI7682\wxmsw294u_core_vc90.dll c:\users\Your\AppData\Local\Temp\_MEI7682\wxmsw294u_html_vc90.dll c:\users\Your\AppData\Local\Temp\_MEI7682\wxmsw294u_webview_vc90.dll . . ((((((((((((((((((((((((( Files Created from 2013-07-15 to 2013-08-15 ))))))))))))))))))))))))))))))) . . 2013-08-15 15:14 . 2013-08-15 15:20 -------- d-----w- c:\users\Your\AppData\Local\temp 2013-08-15 15:14 . 2013-08-15 15:14 -------- d-----w- c:\users\Public\AppData\Local\temp 2013-08-15 15:14 . 2013-08-15 15:14 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-08-15 15:14 . 2013-08-15 15:14 -------- d-----w- c:\users\Guest\AppData\Local\temp 2013-08-14 17:21 . 2013-08-14 17:21 -------- d-----w- c:\program files\ESET 2013-08-14 03:47 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL 2013-08-14 03:46 . 2013-07-09 05:03 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-08-14 03:46 . 2013-07-09 05:03 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-08-14 03:46 . 2013-07-09 04:53 1289096 ----a-w- c:\windows\system32\ntdll.dll 2013-08-14 03:46 . 2013-07-06 05:05 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-08-14 03:46 . 2013-07-09 04:52 175104 ----a-w- c:\windows\system32\wintrust.dll 2013-08-14 03:46 . 2013-07-09 04:46 140288 ----a-w- c:\windows\system32\cryptsvc.dll 2013-08-14 03:46 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\system32\crypt32.dll 2013-08-14 03:46 . 2013-07-09 04:46 103936 ----a-w- c:\windows\system32\cryptnet.dll 2013-08-14 03:46 . 2013-07-19 01:41 2048 ----a-w- c:\windows\system32\tzres.dll 2013-08-14 03:46 . 2013-06-15 03:38 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys 2013-08-13 20:38 . 2013-07-09 04:50 652800 ----a-w- c:\windows\system32\rpcrt4.dll 2013-08-13 16:20 . 2013-08-13 16:20 -------- d-----w- c:\users\Your\AppData\Roaming\FixZeroAccess 2013-08-13 16:20 . 2013-08-13 16:20 35752 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys 2013-08-13 16:15 . 2013-08-13 16:15 1805736 ----a-w- C:\FixZeroAccess.exe 2013-08-12 13:30 . 2013-08-12 13:30 -------- d-----w- C:\TDSSKiller_Quarantine 2013-08-10 21:56 . 2013-07-02 06:54 7143960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E2A9BE54-EAA1-47B4-B185-1CC7EFDAA524}\mpengine.dll 2013-08-09 13:45 . 2013-07-02 06:54 7143960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-07-30 19:43 . 2013-08-12 13:24 24416 ----a-w- c:\windows\system32\drivers\regguard.sys 2013-07-20 14:38 . 2013-07-20 14:38 -------- d-----w- C:\AppInventor 2013-07-20 13:51 . 2013-07-20 13:51 -------- d-----w- c:\program files\Common Files\Java 2013-07-20 13:50 . 2013-07-20 13:50 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-07-18 07:01 . 2013-08-14 07:11 -------- d-----w- c:\windows\system32\MRT 2013-07-17 12:56 . 2013-07-17 12:56 698504 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{88AA4B22-95F5-44C0-A1DD-B85538ED6C0D}\gapaengine.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-07-20 13:50 . 2012-07-11 01:54 867240 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-07-20 13:50 . 2012-07-11 01:54 789416 ----a-w- c:\windows\system32\deployJava1.dll 2013-06-21 00:34 . 2012-06-12 23:22 724464 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2013-06-19 01:50 . 2013-06-19 01:50 211560 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2013-06-19 01:50 . 2011-04-27 19:25 107392 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys 2013-06-17 17:09 . 2012-05-17 17:28 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-06-17 17:09 . 2012-05-17 17:28 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-06-17 17:09 . 2013-06-17 17:09 9089416 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe 2013-06-10 03:53 . 2013-05-22 22:57 357814 ----a-w- C:\SDK Manager.exe 2013-06-09 19:20 . 2013-06-09 19:20 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys 2013-06-09 19:20 . 2013-06-09 19:20 2 --shatr- c:\windows\winstart.bat 2013-06-06 16:51 . 2013-06-06 16:51 40208 ----a-w- c:\windows\system32\Partizan.exe 2013-06-05 16:08 . 2013-06-09 19:20 12800 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys 2013-06-05 03:05 . 2013-07-13 14:20 2347520 ----a-w- c:\windows\system32\win32k.sys 2013-06-04 04:53 . 2013-07-13 14:20 509440 ----a-w- c:\windows\system32\qedit.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 23:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2013-06-07 03:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}] 2013-06-07 03:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}] 2013-06-07 03:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}] 2013-06-07 03:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2013-06-07 03:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2013-06-07 03:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2013-06-07 19676256] "EasyTether"="c:\program files\Mobile Stream\EasyTether\easytthr.exe" [2013-03-11 49960] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 995176] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136] "@OnlineArmor GUI"="c:\program files\Online Armor\oaui.exe" [2012-10-02 2415104] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] . c:\users\Your\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ PdaNet Desktop.lnk - c:\program files\PdaNet for Android\PdaNetPC.exe [2013-6-18 1054320] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "EnableShellExecuteHooks"= 1 (0x1) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] "{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\ONLINE~1\oaevent.dll" [2012-10-02 366440] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys] @="" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] 2007-05-11 02:46 624248 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2012-02-21 01:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync] 2010-03-13 18:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser] 2012-05-22 12:13 980920 ----a-w- c:\progra~1\Eraser\Eraser.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jing] 2013-01-07 19:56 2909640 ----a-w- c:\program files\TechSmith\Jing\Jing.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] 2009-10-14 17:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI] 2012-10-10 15:22 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)] 2012-05-25 08:25 6595928 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2012-04-19 00:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2012-07-13 17:33 17418928 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] 2009-03-05 20:07 2260480 --s-a-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] 2012-11-01 19:45 4763008 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THGuard] 2011-12-06 15:06 1088280 ----a-w- c:\program files\TrojanHunter 5.5\THGuard.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2012-06-28 15:40 74752 ----a-w- c:\program files\Winamp\winampa.exe . R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-09-14 116648] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-06-07 160944] R3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [2012-04-30 54072] R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\smhwadb.sys [2009-12-24 25728] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-09-14 116648] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-09-03 227232] R3 MFE_RR;MFE_RR;c:\users\Your\AppData\Local\Temp\mfe_rr.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-06-19 107392] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-06-20 295376] R3 RegGuard;RegGuard;c:\windows\system32\Drivers\regguard.sys [2013-08-12 24416] R3 smhwdev;SmartPhone dummy USB PNP Device (Normal);c:\windows\system32\DRIVERS\smhwdev.sys [2010-01-13 100864] R3 smhwser;USB Device for Legacy Serial Communication (Normal);c:\windows\system32\DRIVERS\smhwser.sys [2010-02-04 108032] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-18 1343400] S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [2011-05-19 17904] S1 a2injectiondriver;a2injectiondriver;c:\program files\Emsisoft Anti-Malware\a2dix86.sys [2012-04-30 37856] S1 a2util;a-squared Malware-IDS utility driver;c:\program files\Emsisoft Anti-Malware\a2util32.sys [2010-05-05 11776] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2012-10-02 208320] S1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [2012-10-02 44992] S1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2012-10-02 27648] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664] S2 a2AntiMalware;Emsisoft Anti-Malware 6.6 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2012-12-20 3089320] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 58680] S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2012-10-19 374704] S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2012-08-24 12856] S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512] S2 OAcat;Online Armor Helper Service;c:\program files\Online Armor\OAcat.exe [2012-10-02 216072] S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-07-12 3289472] S2 SvcOnlineArmor;Online Armor;c:\program files\Online Armor\oasrv.exe [2012-10-02 4463864] S3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [2013-03-11 18248] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856] S3 OAnet;OnlineArmor Service;c:\windows\system32\DRIVERS\oanet.sys [2012-10-02 31768] S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2011-11-25 13440] S3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm.sys [2006-09-28 9472] . . Contents of the 'Scheduled Tasks' folder . 2013-08-15 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-17 17:09] . 2013-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-09-14 13:49] . 2013-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-09-14 13:49] . 2013-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3097053523-473510782-61955550-1001Core.job - c:\users\Your\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-18 14:54] . 2013-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3097053523-473510782-61955550-1001UA.job - c:\users\Your\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-18 14:54] . 2013-06-09 c:\windows\Tasks\UnHackMe Task Scheduler.job - c:\program files\UnHackMe\hackmon.exe [2013-06-09 16:08] . . ------- Supplementary Scan ------- . TCP: Interfaces\{0FA4536C-5362-43AF-9C7A-0F8687676AC1}: NameServer = 8.8.8.8,8.8.4.4 FF - ProfilePath - c:\users\Your\AppData\Roaming\Mozilla\Firefox\Profiles\p59bolky.default-1359738013182\ . - - - - ORPHANS REMOVED - - - - . SafeBoot-02777654.sys . . . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(2172) c:\windows\system32\dhcpcsvc.DLL c:\windows\system32\dhcpcsvc6.DLL c:\program files\SUPERAntiSpyware\SASSEH.DLL . ------------------------ Other Running Processes ------------------------ . c:\program files\Microsoft Security Client\MsMpEng.exe c:\program files\AVAST Software\Avast\AvastSvc.exe c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\windows\System32\WUDFHost.exe c:\windows\system32\taskhost.exe c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe c:\windows\system32\conhost.exe c:\program files\Windows Media Player\wmpnetwk.exe . ************************************************************************** . Completion time: 2013-08-15 11:26:36 - machine was rebooted ComboFix-quarantined-files.txt 2013-08-15 15:26 ComboFix2.txt 2013-08-13 15:54 ComboFix3.txt 2013-08-13 15:02 ComboFix4.txt 2013-08-13 03:38 ComboFix5.txt 2013-08-15 14:50 . Pre-Run: 33,398,194,176 bytes free Post-Run: 33,646,960,640 bytes free . - - End Of File - - 21C508602D81B521B86AE50F15E1DA80 A36C5E4F47E84449FF07ED3517B43A31
  9. stormraider
    C:\Users\All Users\Codec\runtime.dll Win32/GenUpdater application C:\ProgramData\Codec\runtime.dll Win32/GenUpdater application cleaned by deleting - quarantined C:\Users\Your\Downloads\adt\PDAnet_For_Android_+_Crack_secure.exe Win32/TopMedia.B application cleaned by deleting - quarantined
  10. stormraider
    mbar-log.txt Malwarebytes Anti-Rootkit BETA 1.06.1.1005www.malwarebytes.org Database version: v2013.08.14.04 Windows 7 Service Pack 1 x86 NTFSInternet Explorer 10.0.9200.16660Your :: YOUR-PC [administrator] 8/14/2013 10:30:54 AMmbar-log-2013-08-14 (10-30-54).txt Scan type: Quick scanScan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2PScan options disabled: PUPObjects scanned: 257748Time elapsed: 24 minute(s), 32 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) Physical Sectors Detected: 0(No malicious items detected) (end) ------------------------------------------------------------------system-log.txt ---------------------------------------Malwarebytes Anti-Rootkit BETA 1.06.1.1005 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x86 Account is Administrative Internet Explorer version: 10.0.9200.16660 File system is: NTFSDisk drives: C:\ DRIVE_FIXEDCPU speed: 1.828000 GHzMemory total: 2137460736, free: 487149568 ======================================= ---------------------------------------Malwarebytes Anti-Rootkit BETA 1.06.1.1005 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x86 Account is Administrative Internet Explorer version: 10.0.9200.16660 File system is: NTFSDisk drives: C:\ DRIVE_FIXEDCPU speed: 1.828000 GHzMemory total: 2137460736, free: 542674944 Downloaded database version: v2013.08.14.04Initializing...------------ Kernel report ------------ 08/14/2013 10:30:46------------ Loaded modules -----------\SystemRoot\system32\ntkrnlpa.exe\SystemRoot\system32\halmacpi.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_GenuineIntel.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\BOOTVID.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\drivers\ACPI.sys\SystemRoot\system32\drivers\WMILIB.SYS\SystemRoot\system32\drivers\msisadrv.sys\SystemRoot\system32\drivers\pci.sys\SystemRoot\system32\drivers\vdrvroot.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\DRIVERS\compbatt.sys\SystemRoot\system32\DRIVERS\BATTC.SYS\SystemRoot\system32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\system32\drivers\intelide.sys\SystemRoot\system32\drivers\PCIIDEX.SYS\SystemRoot\system32\DRIVERS\pcmcia.sys\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\drivers\atapi.sys\SystemRoot\system32\drivers\ataport.SYS\SystemRoot\system32\drivers\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\system32\DRIVERS\MpFilter.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\msrpc.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\DRIVERS\disk.sys\SystemRoot\system32\DRIVERS\CLASSPNP.SYS\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\System32\Drivers\aswSnx.SYS\??\C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\system32\drivers\rdprefmp.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\??\C:\Windows\system32\drivers\OAmon.sys\SystemRoot\System32\Drivers\aswTdi.SYS\SystemRoot\system32\drivers\afd.sys\SystemRoot\System32\Drivers\aswrdr2.sys\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\drivers\ws2ifsl.sys\SystemRoot\system32\DRIVERS\wfplwf.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\vwififlt.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\serial.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\drivers\termdd.sys\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS\SystemRoot\system32\DRIVERS\rdbss.sys\??\C:\Windows\system32\drivers\oahlp32.sys\??\C:\Windows\system32\drivers\OADriver.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\system32\drivers\mssmbios.sys\SystemRoot\System32\drivers\discache.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\DRIVERS\blbdrive.sys\SystemRoot\System32\Drivers\aswSP.SYS\??\C:\Program Files\Emsisoft Anti-Malware\a2util32.sys\??\C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\DRIVERS\easytthr.sys\SystemRoot\system32\DRIVERS\intelppm.sys\SystemRoot\system32\drivers\wmiacpi.sys\SystemRoot\system32\DRIVERS\CmBatt.sys\SystemRoot\system32\DRIVERS\igdkmd32.sys\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\dxgmms1.sys\SystemRoot\system32\drivers\HDAudBus.sys\SystemRoot\system32\DRIVERS\bcmwl6.sys\SystemRoot\system32\DRIVERS\vwifibus.sys\SystemRoot\system32\DRIVERS\usbuhci.sys\SystemRoot\system32\DRIVERS\USBPORT.SYS\SystemRoot\system32\DRIVERS\usbehci.sys\SystemRoot\system32\DRIVERS\bcm4sbxp.sys\SystemRoot\system32\drivers\1394ohci.sys\SystemRoot\system32\drivers\i8042prt.sys\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\serenum.sys\SystemRoot\system32\drivers\CompositeBus.sys\SystemRoot\system32\DRIVERS\lmimirr.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\DRIVERS\tap0901.sys\SystemRoot\system32\DRIVERS\oanet.sys\SystemRoot\system32\DRIVERS\pneteth.sys\SystemRoot\system32\DRIVERS\pnetmdm.sys\SystemRoot\system32\drivers\modem.sys\SystemRoot\system32\drivers\swenum.sys\SystemRoot\system32\drivers\ks.sys\SystemRoot\system32\drivers\umbus.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\drivers\HdAudio.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\DRIVERS\HSXHWAZL.sys\SystemRoot\system32\DRIVERS\HSX_DPV.sys\SystemRoot\system32\DRIVERS\HSX_CNXT.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\system32\DRIVERS\monitor.sys\SystemRoot\system32\DRIVERS\udfs.sys\SystemRoot\system32\DRIVERS\USBSTOR.SYS\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\system32\drivers\LVUSBSta.sys\SystemRoot\system32\drivers\usbaudio.sys\SystemRoot\system32\DRIVERS\hidusb.sys\SystemRoot\system32\DRIVERS\HIDCLASS.SYS\SystemRoot\system32\DRIVERS\HIDPARSE.SYS\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\Drivers\dump_dumpata.sys\SystemRoot\System32\Drivers\dump_atapi.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\System32\cdd.dll\SystemRoot\system32\DRIVERS\mouhid.sys\SystemRoot\System32\ATMFD.DLL\SystemRoot\system32\DRIVERS\kbdhid.sys\SystemRoot\system32\drivers\luafv.sys\??\C:\Windows\system32\drivers\aswMonFlt.sys\??\C:\Windows\system32\drivers\mbam.sys\SystemRoot\System32\Drivers\aswFsBlk.SYS\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\nwifi.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\DRIVERS\cdfs.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\SystemRoot\System32\Drivers\fastfat.SYS\??\C:\Program Files\LogMeIn\x86\RaInfo.sys\??\C:\Windows\system32\drivers\LMIRfsDriver.sys\SystemRoot\system32\DRIVERS\mdmxsdk.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\system32\DRIVERS\LVPr2Mon.sys\SystemRoot\system32\drivers\WudfPf.sys\SystemRoot\system32\DRIVERS\WUDFRd.sys\??\C:\Users\Your\Downloads\virus-removal\cce_2.3.219500.176_x32\CCE\ccekrnl.dat\SystemRoot\system32\DRIVERS\asyncmac.sys\SystemRoot\system32\DRIVERS\usb8023x.sys\SystemRoot\system32\DRIVERS\RNDISMPX.SYS\SystemRoot\system32\DRIVERS\WinUsb.sys\??\C:\Windows\system32\drivers\mbamchameleon.sys\??\C:\Windows\system32\drivers\mbamswissarmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk2\DR4Upper Device Object: 0xffffffff84e5f5a8Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\000000c5\Lower Device Object: 0xffffffff84c2fca8Lower Device Driver Name: \Driver\USBSTOR\<<<1>>>Upper Device Name: \Device\Harddisk1\DR1Upper Device Object: 0xffffffff85c54600Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\0000008d\Lower Device Object: 0xffffffff861f7498Lower Device Driver Name: \Driver\USBSTOR\<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xffffffff85a3e440Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\Lower Device Object: 0xffffffff85587030Lower Device Driver Name: \Driver\atapi\<<<2>>>Device number: 0, partition: 2Physical Sector Size: 512Drive: 0, DevicePointer: 0xffffffff85a3e440, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff85a3f020, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xffffffff85a3e440, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff84ca4608, DeviceName: Unknown, DriverName: \Driver\ACPI\DevicePointer: 0xffffffff85587030, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>>Device number: 0, partition: 2<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\Windows\system32\drivers...<<<2>>>Device number: 0, partition: 2<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesDone!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 41AB2316 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 204800 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 206848 Numsec = 156092416 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 80026361856 bytesSector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-156281488-156301488)...Done!Physical Sector Size: 512Drive: 1, DevicePointer: 0xffffffff85c54600, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff861fd500, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xffffffff85c54600, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff861f7498, DeviceName: \Device\0000008d\, DriverName: \Driver\USBSTOR\------------ End ----------Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0Drive 1Scanning MBR on drive 1...Inspecting partition table:MBR Signature: 55AADisk Signature: C3072E18 Partition information: Partition 0 type is Other (0xb) Partition is ACTIVE. Partition starts at LBA: 32 Numsec = 7831520 Partition file system is FAT32 Partition is not bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 4026531840 bytesSector size: 512 bytes Done!Physical Sector Size: 0Drive: 2, DevicePointer: 0xffffffff84e5f5a8, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xffffffff85e2c708, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xffffffff84e5f5a8, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\DevicePointer: 0xffffffff84c2fca8, DeviceName: \Device\000000c5\, DriverName: \Driver\USBSTOR\------------ End ----------Scan finished======================================= Removal queue found; removal startedRemoving c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_i.mbam...Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_1_0_32_i.mbam...Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_r.mbam...Removal finished
  11. stormraider
    i know currently it does not show anything, but im telling ya things keep appearing??? last time i ran combofix Infected copy of c:\windows\system32\Services.exe was found and disinfected Restored copy from - c:\windows\erdnt\cache\services.exe further it keeps having to delete and quarantine the following:2013-08-13 15:14:20 . 2013-08-13 15:14:20 154,112 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\wxbase294u_net_vc90.dll.vir2013-08-13 15:14:20 . 2013-08-13 15:14:20 91,648 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\wxmsw294u_webview_vc90.dll.vir2013-08-13 15:14:20 . 2013-08-13 15:14:20 595,968 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\wxmsw294u_html_vc90.dll.vir2013-08-13 15:14:20 . 2013-08-13 15:14:20 1,234,944 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\wxmsw294u_adv_vc90.dll.vir2013-08-13 15:14:20 . 2013-08-13 15:14:20 4,598,272 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\wxmsw294u_core_vc90.dll.vir2013-08-13 15:14:20 . 2013-08-13 15:14:20 1,985,024 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\wxbase294u_vc90.dll.vir2013-08-13 15:14:20 . 2013-08-13 15:14:20 2,436,608 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\python27.dll.vir2013-08-13 15:14:20 . 2013-08-13 15:14:20 98,816 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\win32api.pyd.vir2013-08-13 15:14:20 . 2013-08-13 15:14:20 128,512 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\_elementtree.pyd.vir2013-08-13 15:14:20 . 2013-08-13 15:14:20 44,032 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\_socket.pyd.vir2013-08-13 15:14:20 . 2013-08-13 15:14:20 557,056 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\pysqlite2._sqlite.pyd.vir2013-08-13 15:14:20 . 2013-08-13 15:14:20 22,528 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\win32ts.pyd.vir2013-08-13 15:14:20 . 2013-08-13 15:14:20 320,512 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\win32com.shell.shell.pyd.vir2013-08-13 15:14:20 . 2013-08-13 15:14:20 26,624 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\_multiprocessing.pyd.vir2013-08-13 15:14:20 . 2013-08-13 15:14:20 70,656 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\wx._html2.pyd.vir2013-08-13 15:14:20 . 2013-08-13 15:14:20 11,264 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\win32crypt.pyd.vir2013-08-13 15:14:20 . 2013-08-13 15:14:20 805,888 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\wx._gdi_.pyd.vir2013-08-13 15:14:20 . 2013-08-13 15:14:20 1,022,416 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\windows._cacheinvalidation.pyd.vir2013-08-13 15:14:20 . 2013-08-13 15:14:20 17,408 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\win32profile.pyd.vir2013-08-13 15:14:20 . 2013-08-13 15:14:20 364,544 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\pythoncom27.dll.vir2013-08-13 15:14:20 . 2013-08-13 15:14:20 87,040 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\_ctypes.pyd.vir2013-08-13 15:14:20 . 2013-08-13 15:14:20 735,232 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\wx._misc_.pyd.vir2013-08-13 15:14:20 . 2013-08-13 15:14:20 110,080 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\PyWinTypes27.dll.vir2013-08-13 15:14:20 . 2013-08-13 15:14:20 108,544 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\win32security.pyd.vir2013-08-13 15:14:20 . 2013-08-13 15:14:20 1,175,040 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\wx._core_.pyd.vir2013-08-13 15:14:20 . 2013-08-13 15:14:20 1,153,024 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\_ssl.pyd.vir2013-08-13 15:14:20 . 2013-08-13 15:14:20 25,600 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\win32pdh.pyd.vir2013-08-13 15:14:20 . 2013-08-13 15:14:20 35,840 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\win32process.pyd.vir2013-08-13 15:14:20 . 2013-08-13 15:14:20 711,680 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\_hashlib.pyd.vir2013-08-13 15:14:20 . 2013-08-13 15:14:20 811,008 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\wx._windows_.pyd.vir2013-08-13 15:14:20 . 2013-08-13 15:14:20 119,808 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\win32file.pyd.vir2013-08-13 15:14:20 . 2013-08-13 15:14:20 122,368 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\wx._wizard.pyd.vir2013-08-13 15:14:19 . 2013-08-13 15:14:20 38,912 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\win32inet.pyd.vir2013-08-13 15:14:19 . 2013-08-13 15:14:19 1,062,400 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\wx._controls_.pyd.vir2013-08-13 15:14:19 . 2013-08-13 15:14:19 18,432 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\win32event.pyd.vir2013-08-13 15:14:19 . 2013-08-13 15:14:19 127,488 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\pyexpat.pyd.vir2013-08-13 15:14:19 . 2013-08-13 15:14:19 686,080 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\unicodedata.pyd.vir2013-08-13 15:14:19 . 2013-08-13 15:14:19 10,240 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\select.pyd.vir2013-08-13 03:37:37 . 2013-08-13 03:37:37 558 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-70396446.sys.reg.dat2013-08-09 13:31:14 . 2013-08-09 13:31:14 73 ----a-w- C:\Qoobox\Quarantine\C\Windows\wininit.ini.vir2013-08-08 15:52:51 . 2013-08-08 15:52:51 91,648 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\wxmsw294u_webview_vc90.dll.vir2013-08-08 15:52:51 . 2013-08-08 15:52:51 154,112 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\wxbase294u_net_vc90.dll.vir2013-08-08 15:52:51 . 2013-08-08 15:52:51 595,968 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\wxmsw294u_html_vc90.dll.vir2013-08-08 15:52:51 . 2013-08-08 15:52:51 1,234,944 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\wxmsw294u_adv_vc90.dll.vir2013-08-08 15:52:51 . 2013-08-08 15:52:51 4,598,272 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\wxmsw294u_core_vc90.dll.vir2013-08-08 15:52:51 . 2013-08-08 15:52:51 1,985,024 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\wxbase294u_vc90.dll.vir2013-08-08 15:52:50 . 2013-08-08 15:52:50 2,436,608 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\python27.dll.vir2013-08-08 15:52:50 . 2013-08-08 15:52:50 128,512 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\_elementtree.pyd.vir2013-08-08 15:52:50 . 2013-08-08 15:52:50 557,056 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\pysqlite2._sqlite.pyd.vir2013-08-08 15:52:50 . 2013-08-08 15:52:50 98,816 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\win32api.pyd.vir2013-08-08 15:52:50 . 2013-08-08 15:52:50 22,528 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\win32ts.pyd.vir2013-08-08 15:52:50 . 2013-08-08 15:52:50 44,032 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\_socket.pyd.vir2013-08-08 15:52:50 . 2013-08-08 15:52:50 320,512 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\win32com.shell.shell.pyd.vir2013-08-08 15:52:50 . 2013-08-08 15:52:50 26,624 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\_multiprocessing.pyd.vir2013-08-08 15:52:50 . 2013-08-08 15:52:50 11,264 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\win32crypt.pyd.vir2013-08-08 15:52:50 . 2013-08-08 15:52:50 70,656 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\wx._html2.pyd.vir2013-08-08 15:52:50 . 2013-08-08 15:52:50 1,022,416 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\windows._cacheinvalidation.pyd.vir2013-08-08 15:52:50 . 2013-08-08 15:52:50 805,888 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\wx._gdi_.pyd.vir2013-08-08 15:52:50 . 2013-08-08 15:52:50 17,408 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\win32profile.pyd.vir2013-08-08 15:52:50 . 2013-08-08 15:52:50 87,040 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\_ctypes.pyd.vir2013-08-08 15:52:50 . 2013-08-08 15:52:50 364,544 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\pythoncom27.dll.vir2013-08-08 15:52:50 . 2013-08-08 15:52:50 735,232 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\wx._misc_.pyd.vir2013-08-08 15:52:50 . 2013-08-08 15:52:50 110,080 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\PyWinTypes27.dll.vir2013-08-08 15:52:50 . 2013-08-08 15:52:50 108,544 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\win32security.pyd.vir2013-08-08 15:52:50 . 2013-08-08 15:52:50 1,175,040 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\wx._core_.pyd.vir2013-08-08 15:52:50 . 2013-08-08 15:52:50 1,153,024 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\_ssl.pyd.vir2013-08-08 15:52:49 . 2013-08-08 15:52:49 25,600 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\win32pdh.pyd.vir2013-08-08 15:52:49 . 2013-08-08 15:52:49 35,840 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\win32process.pyd.vir2013-08-08 15:52:49 . 2013-08-08 15:52:49 711,680 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\_hashlib.pyd.vir2013-08-08 15:52:49 . 2013-08-08 15:52:49 811,008 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\wx._windows_.pyd.vir2013-08-08 15:52:49 . 2013-08-08 15:52:49 122,368 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\wx._wizard.pyd.vir2013-08-08 15:52:49 . 2013-08-08 15:52:49 119,808 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\win32file.pyd.vir2013-08-08 15:52:49 . 2013-08-08 15:52:49 38,912 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\win32inet.pyd.vir2013-08-08 15:52:49 . 2013-08-08 15:52:49 1,062,400 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\wx._controls_.pyd.vir2013-08-08 15:52:49 . 2013-08-08 15:52:49 127,488 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\pyexpat.pyd.vir2013-08-08 15:52:49 . 2013-08-08 15:52:49 10,240 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\select.pyd.vir2013-08-08 15:52:49 . 2013-08-08 15:52:49 686,080 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\unicodedata.pyd.vir2013-08-08 15:52:49 . 2013-08-08 15:52:49 18,432 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\win32event.pyd.vir2013-08-06 15:42:54 . 2013-08-06 15:42:54 91,648 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\wxmsw294u_webview_vc90.dll.vir2013-08-06 15:42:54 . 2013-08-06 15:42:54 154,112 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\wxbase294u_net_vc90.dll.vir2013-08-06 15:42:53 . 2013-08-06 15:42:53 595,968 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\wxmsw294u_html_vc90.dll.vir2013-08-06 15:42:52 . 2013-08-06 15:42:53 1,234,944 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\wxmsw294u_adv_vc90.dll.vir2013-08-06 15:42:51 . 2013-08-06 15:42:52 4,598,272 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\wxmsw294u_core_vc90.dll.vir2013-08-06 15:42:51 . 2013-08-06 15:42:51 1,985,024 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\wxbase294u_vc90.dll.vir2013-08-06 15:42:51 . 2013-08-06 15:42:51 2,436,608 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\python27.dll.vir2013-08-06 15:42:51 . 2013-08-06 15:42:51 128,512 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\_elementtree.pyd.vir2013-08-06 15:42:51 . 2013-08-06 15:42:51 44,032 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\_socket.pyd.vir2013-08-06 15:42:51 . 2013-08-06 15:42:51 98,816 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\win32api.pyd.vir2013-08-06 15:42:51 . 2013-08-06 15:42:51 22,528 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\win32ts.pyd.vir2013-08-06 15:42:50 . 2013-08-06 15:42:51 557,056 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\pysqlite2._sqlite.pyd.vir2013-08-06 15:42:50 . 2013-08-06 15:42:50 26,624 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\_multiprocessing.pyd.vir2013-08-06 15:42:50 . 2013-08-06 15:42:50 320,512 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\win32com.shell.shell.pyd.vir2013-08-06 15:42:49 . 2013-08-06 15:42:50 70,656 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\wx._html2.pyd.vir2013-08-06 15:42:49 . 2013-08-06 15:42:49 11,264 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\win32crypt.pyd.vir2013-08-06 15:42:49 . 2013-08-06 15:42:49 805,888 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\wx._gdi_.pyd.vir2013-08-06 15:42:49 . 2013-08-06 15:42:49 1,022,416 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\windows._cacheinvalidation.pyd.vir2013-08-06 15:42:48 . 2013-08-06 15:42:48 17,408 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\win32profile.pyd.vir2013-08-06 15:42:48 . 2013-08-06 15:42:48 87,040 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\_ctypes.pyd.vir2013-08-06 15:42:48 . 2013-08-06 15:42:48 364,544 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\pythoncom27.dll.vir2013-08-06 15:42:47 . 2013-08-06 15:42:48 735,232 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\wx._misc_.pyd.vir2013-08-06 15:42:47 . 2013-08-06 15:42:47 110,080 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\PyWinTypes27.dll.vir2013-08-06 15:42:47 . 2013-08-06 15:42:47 108,544 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\win32security.pyd.vir2013-08-06 15:42:47 . 2013-08-06 15:42:47 1,175,040 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\wx._core_.pyd.vir2013-08-06 15:42:46 . 2013-08-06 15:42:46 1,153,024 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\_ssl.pyd.vir2013-08-06 15:42:45 . 2013-08-06 15:42:46 25,600 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\win32pdh.pyd.vir2013-08-06 15:42:45 . 2013-08-06 15:42:45 35,840 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\win32process.pyd.vir2013-08-06 15:42:45 . 2013-08-06 15:42:45 711,680 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\_hashlib.pyd.vir2013-08-06 15:42:45 . 2013-08-06 15:42:45 811,008 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\wx._windows_.pyd.vir2013-08-06 15:42:45 . 2013-08-06 15:42:45 122,368 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\wx._wizard.pyd.vir2013-08-06 15:42:45 . 2013-08-06 15:42:45 119,808 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\win32file.pyd.vir2013-08-06 15:42:44 . 2013-08-06 15:42:44 38,912 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\win32inet.pyd.vir2013-08-06 15:42:43 . 2013-08-06 15:42:43 1,062,400 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\wx._controls_.pyd.vir2013-08-06 15:42:42 . 2013-08-06 15:42:42 18,432 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\win32event.pyd.vir2013-08-06 15:42:42 . 2013-08-06 15:42:42 127,488 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\pyexpat.pyd.vir2013-08-06 15:42:42 . 2013-08-06 15:42:42 686,080 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\unicodedata.pyd.vir2013-08-06 15:42:41 . 2013-08-06 15:42:42 10,240 ----a-w- C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\select.pyd.vir2013-08-02 23:04:53 . 2013-08-13 15:36:06 22,849 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg2013-08-02 22:59:51 . 2013-08-13 15:23:46 512 ----a-w- C:\Qoobox\Quarantine\MBR_HardDisk0.mbr2013-08-02 22:58:11 . 2013-08-13 15:24:03 629 ----a-w- C:\Qoobox\Quarantine\catchme.log2013-04-24 12:31:07 . 2013-04-12 13:45:29 1,211,752 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\drivers\ntfs.sys.vir2012-05-18 16:13:27 . 2010-11-20 12:21:04 551,424 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\samsrv.dll.vir2009-07-13 23:11:26 . 2009-07-14 01:14:36 259,072 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\Services.exe.vir
  12. stormraider
    i have used combofix, malewarebytes and other tools to clean system, but gmer still states something wrong. please advise pasted results below GMER 2.1.19155 - http://www.gmer.netRootkit quick scan 2013-08-13 13:57:31Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST980813AS rev.3.ADB 74.53GBRunning: kziy15r3.exe; Driver: C:\Users\Your\AppData\Local\Temp\kgldrpoc.sys ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys Device \Driver\tdx \Device\Ip OAmon.sysDevice \Driver\tdx \Device\Tcp OAmon.sysDevice \Driver\tdx \Device\Udp OAmon.sysDevice \Driver\tdx \Device\RawIp OAmon.sys ---- EOF - GMER 2.1 ----
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.