Jump to content

mjavor

Members
  • Posts

    4
  • Joined

  • Last visited

Everything posted by mjavor

  1. Hello, here is the last log. Thanks again so much! Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2014.01.25.06 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 8.0.7601.17514Administrator :: JOANNA-PC [administrator] 30/01/2014 11:25:58 PMmbam-log-2014-01-30 (23-25-58).txt Scan type: Full scan (C:\|E:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 350834Time elapsed: 1 hour(s), 14 minute(s), 54 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end)
  2. Hello! You did it! My computer is completely virus free! Thank you so much for your help!! =)) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.1.0 (01.07.2014:1)OS: Windows 7 Home Premium x64Ran by Administrator on 27/01/2014 at 12:21:55.39~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URLSuspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B? Value Name Type Value Data ======================================================================================== BackgroundContainer REG_SZ "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Administrator\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\scripthelper.exeSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\secman.dllSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegongSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\search settingsSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbarSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\utorrentbarSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbarSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduitSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\conduit.engineSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajam_install_rasapi32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajam_install_rasmancsSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajamupdater_rasapi32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajamupdater_rasmancs ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\tarma installer"Successfully deleted: [Folder] "C:\Users\Administrator\appdata\local\conduit"Successfully deleted: [Folder] "C:\Users\Administrator\appdata\locallow\conduit"Successfully deleted: [Folder] "C:\Users\Administrator\appdata\locallow\conduitengine"Successfully deleted: [Folder] "C:\Users\Administrator\appdata\locallow\pricegong"Successfully deleted: [Folder] "C:\Users\Administrator\appdata\locallow\utorrentbar"Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"Successfully deleted: [Folder] "C:\Program Files (x86)\utorrentbar" ~~~ FireFox Emptied folder: C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\wcg957vj.default\minidumps [8 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on 27/01/2014 at 12:30:18.07End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.1.0 (01.07.2014:1)OS: Windows 7 Home Premium x64Ran by Administrator on 27/01/2014 at 12:21:55.39~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URLSuspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B? Value Name Type Value Data ======================================================================================== BackgroundContainer REG_SZ "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Administrator\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\scripthelper.exeSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\secman.dllSuccessfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegongSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\search settingsSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbarSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\utorrentbarSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbarSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduitSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\conduit.engineSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajam_install_rasapi32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajam_install_rasmancsSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajamupdater_rasapi32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajamupdater_rasmancs ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\tarma installer"Successfully deleted: [Folder] "C:\Users\Administrator\appdata\local\conduit"Successfully deleted: [Folder] "C:\Users\Administrator\appdata\locallow\conduit"Successfully deleted: [Folder] "C:\Users\Administrator\appdata\locallow\conduitengine"Successfully deleted: [Folder] "C:\Users\Administrator\appdata\locallow\pricegong"Successfully deleted: [Folder] "C:\Users\Administrator\appdata\locallow\utorrentbar"Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"Successfully deleted: [Folder] "C:\Program Files (x86)\utorrentbar" ~~~ FireFox Emptied folder: C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\wcg957vj.default\minidumps [8 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on 27/01/2014 at 12:30:18.07End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  3. Hello Borislav, I have a Trojan virus on my computer. When I run Malwarebytes, it removes the infected file from my computer, but after a reboot, the file comes back. I appreciate your help. Per your request, please find the logs pasted below: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 18/02/2011 6:32:59 PM System Uptime: 26/01/2014 6:37:00 PM (0 hours ago) . Motherboard: Dell Inc. | | 0G848F Processor: Pentium® Dual-Core CPU T4400 @ 2.20GHz | Microprocessor | 2200/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 298 GiB total, 242.931 GiB free. D: is CDROM () E: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP178: 22/01/2014 3:35:16 AM - Scheduled Checkpoint RP179: 22/01/2014 7:42:39 PM - Windows Update RP180: 24/01/2014 1:41:37 AM - Malwarebytes Anti-Rootkit Restore Point . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.0) AVG Security Toolbar Battle.net Dell Resource CD Google Chrome Google Update Helper Hearthstone Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678) Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft .NET Framework 4 Client Profile Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Office XP Professional with FrontPage Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft Sync Framework 2.0 Core Components (x64) ENU Microsoft Sync Framework 2.0 Provider Services (x64) ENU Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Mozilla Firefox 26.0 (x86 en-GB) Mozilla Maintenance Service QuickTime Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2) Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition Spybot - Search & Destroy SyncToy 2.1 (x64) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) uTorrentBar Toolbar Visual Studio 2008 x64 Redistributables Visual Studio 2010 x64 Redistributables . ==== Event Viewer Messages From Past Week ======== . 22/01/2014 3:34:35 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. 22/01/2014 12:25:08 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied. 20/01/2014 8:02:33 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Internet Explorer 11 for Windows 7 for x64-based Systems. . ==== End Of File =========================== DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: Run by Administrator at 18:41:30 on 2014-01-26 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.4056.2975 [GMT -5:00] . AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\SysWOW64\Rundll32.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe C:\Program Files (x86)\AVG Secure Search\vprot.exe C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe C:\Windows\system32\SearchIndexer.exe c:\Program Files\Microsoft Security Client\NisSrv.exe C:\Windows\System32\WUDFHost.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\sppsvc.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . mWinlogon: Userinit = userinit.exe, BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file> TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll uRun: [backgroundContainer] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Administrator\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime dRunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . . INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . TCP: NameServer = 64.71.255.204 64.71.255.198 192.168.1.1 TCP: Interfaces\{4380CC8A-CED4-4FF2-A446-3ABBFB0EA386} : DHCPNameServer = 64.71.255.204 64.71.255.198 192.168.1.1 TCP: Interfaces\{4380CC8A-CED4-4FF2-A446-3ABBFB0EA386}\052796D656475747F62737E23616 : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{4380CC8A-CED4-4FF2-A446-3ABBFB0EA386}\072796D656475747F62737 : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{4380CC8A-CED4-4FF2-A446-3ABBFB0EA386}\361627D616274723 : DHCPNameServer = 10.0.1.1 TCP: Interfaces\{4380CC8A-CED4-4FF2-A446-3ABBFB0EA386}\365737B65627 : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{4380CC8A-CED4-4FF2-A446-3ABBFB0EA386}\443374E4F53535944403 : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{4380CC8A-CED4-4FF2-A446-3ABBFB0EA386}\E6567702E616D656 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{D306F202-7C81-4F5A-9CE9-E97D9D742D58} : DHCPNameServer = 64.71.255.205 64.71.255.253 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey . INFO: x64-HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> x64-mASetup: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\Windows\System32\ieudinit.exe Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\wcg957vj.default\ FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\npsitesafety.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll FF - ExtSQL: 2013-12-28 13:06; avg@toolbar; C:\ProgramData\AVG Secure Search\FireFoxExt\17.2.0.38 . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240] R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-1-20 46368] R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-9-27 134944] R2 vToolbarUpdater17.3.0;vToolbarUpdater17.3.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [2014-1-20 1771544] R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2012-3-26 22528] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-6 59392] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-3-5 1255736] . =============== Created Last 30 ================ . 2014-01-25 23:27:09 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy 2014-01-25 23:27:09 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2014-01-25 08:06:11 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1C3AC58C-3D2B-4333-B836-07DCEBA08D4C}\mpengine.dll 2014-01-24 21:27:50 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0 2014-01-24 06:00:38 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2014-01-24 05:35:10 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1F2CE457-9353-4451-9838-1074E3BC45A6}\gapaengine.dll 2014-01-24 05:34:47 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2014-01-23 01:00:31 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2014-01-22 23:24:06 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2014-01-22 23:24:06 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2014-01-22 23:24:04 609792 ----a-w- C:\Windows\System32\vbscript.dll 2014-01-22 23:24:03 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll 2014-01-22 23:24:02 760320 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2014-01-22 23:24:02 1111040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll 2014-01-22 06:12:02 -------- d-----w- C:\Users\Administrator\AppData\Local\Blizzard 2014-01-22 06:03:43 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Malwarebytes 2014-01-22 06:03:18 -------- d-----w- C:\ProgramData\Malwarebytes 2014-01-22 06:03:15 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2014-01-22 06:03:14 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-01-22 06:02:58 -------- d-----w- C:\Users\Administrator\AppData\Local\Programs 2014-01-22 05:58:32 -------- d-----w- C:\Program Files (x86)\Hearthstone 2014-01-22 05:54:07 -------- d-----w- C:\Users\Administrator\AppData\Local\Blizzard Entertainment 2014-01-22 05:53:56 -------- d-----w- C:\Users\Administrator\AppData\Roaming\Battle.net 2014-01-22 05:53:56 -------- d-----w- C:\Users\Administrator\AppData\Local\Battle.net 2014-01-22 05:53:35 -------- d-----w- C:\ProgramData\Blizzard Entertainment 2014-01-22 05:53:35 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment 2014-01-22 05:53:35 -------- d-----w- C:\Program Files (x86)\Battle.net 2014-01-22 05:52:28 -------- d-----w- C:\ProgramData\Battle.net 2014-01-22 05:40:17 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client 2014-01-22 05:40:10 -------- d-----w- C:\Program Files\Microsoft Security Client 2014-01-22 05:34:39 -------- d-----w- C:\Users\Administrator\AppData\Local\Avg2013 2014-01-22 05:33:49 49940480 ----a-w- C:\Program Files (x86)\GUTF373.tmp 2014-01-22 05:33:49 -------- d-----w- C:\Program Files (x86)\GUMF372.tmp 2014-01-22 05:31:04 -------- d-----w- C:\Users\Administrator\AppData\Local\MFAData 2014-01-22 05:27:53 -------- d-----w- C:\Users\Administrator\AppData\Local\Google 2014-01-22 04:06:31 -------- d-----w- C:\Users\Administrator\AppData\Roaming\MediaMonkey 2014-01-22 03:58:50 -------- d-----w- C:\Users\Administrator\AppData\Local\Apple Computer 2014-01-22 03:35:37 -------- d-----w- C:\Windows\System32\MRT 2014-01-21 01:13:56 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys 2014-01-21 01:13:56 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys 2014-01-21 01:13:56 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys 2014-01-21 01:13:55 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys 2014-01-21 01:13:55 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys 2014-01-21 01:13:55 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys 2014-01-21 01:13:55 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys 2014-01-21 01:13:53 3156480 ----a-w- C:\Windows\System32\win32k.sys 2014-01-21 01:13:50 376768 ----a-w- C:\Windows\System32\drivers\netio.sys 2014-01-21 01:08:03 -------- d-----w- C:\Users\Administrator\AppData\Local\Conduit 2014-01-21 00:59:20 -------- d-----w- C:\Users\Administrator\AppData\Local\Apple 2013-12-30 17:23:04 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe 2013-12-30 17:23:04 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe 2013-12-30 17:23:02 12625920 ----a-w- C:\Windows\System32\wmploc.DLL 2013-12-30 17:23:01 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL 2013-12-30 01:03:16 465920 ----a-w- C:\Windows\System32\WMPhoto.dll 2013-12-30 01:03:16 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll 2013-12-30 00:54:10 335360 ----a-w- C:\Windows\System32\msieftp.dll 2013-12-30 00:54:09 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll 2013-12-30 00:49:12 81408 ----a-w- C:\Windows\System32\imagehlp.dll 2013-12-30 00:49:12 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll 2013-12-30 00:49:06 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2013-12-30 00:49:06 2048 ----a-w- C:\Windows\System32\tzres.dll 2013-12-30 00:47:05 497152 ----a-w- C:\Windows\System32\drivers\afd.sys 2013-12-30 00:32:49 100864 ----a-w- C:\Windows\System32\drivers\usbcir.sys 2013-12-30 00:31:59 124112 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll 2013-12-30 00:31:59 102608 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll 2013-12-30 00:31:58 983488 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2013-12-30 00:31:57 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL 2013-12-30 00:31:57 830464 ----a-w- C:\Windows\System32\nshwfp.dll 2013-12-30 00:31:57 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll 2013-12-30 00:31:57 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL 2013-12-30 00:31:57 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL 2013-12-30 00:31:55 461312 ----a-w- C:\Windows\System32\scavengeui.dll 2013-12-30 00:17:47 -------- d-----w- C:\Users\Administrator\AppData\Local\Macromedia 2013-12-30 00:15:02 -------- d-----w- C:\Users\Administrator\AppData\Local\AVG Secure Search 2013-12-30 00:13:47 -------- d-----w- C:\Users\Administrator\AppData\Local\Mozilla . ==================== Find3M ==================== . 2014-01-19 07:33:29 270496 ------w- C:\Windows\System32\MpSigStub.exe 2013-12-30 00:49:37 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-12-30 00:49:37 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe . ============= FINISH: 18:44:25.62 ===============
  4. Hello Team, I can't seem to get rid of this one virus, no matter how many times I run your program. Is there any chance you can help me? Thanks in advance. Kind Regards, Martin attach.txt dds.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.