Jump to content

Search the Community

Showing results for tags 'rootkits'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Nebula
    • Malwarebytes Nebula Modules
    • Malwarebytes Endpoint Security
    • Other Malwarebytes Business Products
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

  1. Me again with the same problem, but more cautious with this situation Well, it turns out that this rootkit has changed the access logic to a file/folder location Going from this F:\Los archivos\Shiro\Error1\Nueva carpeta 2\Nueva carpeta 1\Nueva carpeta 2\Nueva carpetads 1\Nueva carpeta 2\Nueva carpeta 3\Nueva carpeta 1\Respaldo\Escritorio\ \jjjjjjjjjjjjjjjjjjjjjjjj\beat\things\johnis\got_the.htm\Nueva carpeta 1\todooo\1\Nueva carpeta\15.1.2022 To this F:\LOSARC~1\Shiro\ERRORN~1\NUEVAC~2\NUEVAC~1\NUEVAC~2\NU3CD5~1\NUEVAC~2\NUEVAC~3\NUEVAC~1\Respaldo\ESCRIT~1\9DEC~1\JJJJJJ~1\BEA157~1\things\JOHNIS~1\GOTHER~1.HTM\NUEVAC~1\todooo\1\Nueva carpeta\15.1.2022 Well, knowing this, I would like to clarify the following I have this problem on a removable hard disk The hard disk has damaged physical sectors, so the maximum that can be done and allows, is to move, copy and delete files, but being damaged, such a simple process of copying 1GB to another location, instead of taking 20 or 40 minutes which is normal, it can take up to 15 hours or even a whole day That said, doing a scan with the programs that are always mentioned in these situations, is impossible due to the deteriorating processing of the hard drive I know that the hard disk is infected, but the malfunction is not due to this rootkit and I know that I should not run any .exe as it is infected, the rest of the files are not and can be saved. By the way, this problem is only the file location path, but the name of those folders are normal. While the folder is named "Los archivos", in the path it comes out as "LOSARC~1" The question I have is, how to fix the file location logic? I have this problem on my PC, but in a smaller amount I am making a backup to clean the files, the malware is always contained in a process that I suspend, so it avoids contaminating other processes and neither propagate In these years I have understood how this malware works, how it works, what it does, how it spreads and how it acts, so I can contain it, but currently, it is impossible to destroy it since the windows logic is damaged I will reinstall windows with the patches that AdvancedSetup told me and I will take many precautions to avoid another infection Here is a brief introduction to this topic in my previous topics: https://forums.malwarebytes.com/topic/280985-the-powerful-trojan-sality-sinkhole-v2
  2. Hi, I have some problems with my PC so I decided to run Malwarebytes to see if it could find something. It didn't find anything at first so I went for a personalized scan than would detect rootkits but it crashes mid-exam, I get the BSOD with KERNEL_DATA_INPAGE_ERROR and I get the to the BIOS. I have to force my PC to shut down because restart won't get me out of the BIOS. So far I have attempted three scans with the rootkits option enabled in with different hard drives and everytime it crashes. I did have virus a long time ago and I fear I might have not delete everything which could cause me other PC problems. What can I do to finally be able to finish the scan? All other scans show nothing.
  3. So is the 'Scan for rootkits' options in my settings actually enabled, or disabled? And how do I fix this? [screenshot attached]
  4. could you tell me please how can i remove any rootkits after wiping my hard drive or ssd ? and what if the malware had infect my motherboard how can i remove it ? does resetting my laptop bios could remove the rootkits or bootkits
  5. Anybody have any suggestions? This thing is altering all antivirus and malware removal or blocking downloads. Factory reset doesn't get rid of it. These are from Farbar but nothing else will get rid of it. Addition.txt FRST.txt
  6. I am running the latest version of Malwarebytes Premium 3.7.1 and under the scan options, I have "Scan for Rootkits" turned on/enabled. BUT......when I read a scan report and view the Advanced report, under the Scan Options section of the report, the Rootkits option is listed as "Disabled" Why is there this discrepancy? Are rootkits being scanned or not? Win7 SP1. Thank you in advance for your bot replies!
  7. Posted Yesterday, 01:59 PM I'm a completely novice computer user. Recently, I have been having some malware issues on my PC which is Windows 10. I already have an antivirus, Quick Heal Total Security, and recently, it detected a Coinhive mining malware on my computer, plus, it keeps showing pop up windows that it has blocked access to multiple harmful websites even when I'm accessing reliable websites like Amazon and others. I researched a bit on the Coinhive virus and found out some serious things, and so I'm currently scanning my computer for all kinds of malware, spyware, adware, rootkits using a variety of tools just to be safe. I know I'm being paranoid, but better be paranoid than have my personal data compromised. So far, I've used Malwarebytes to run a full system scan, TDSSKiller for rootkits, and a full system scan by my installed antivirus. All three of them came up clean after that one Coinhive virus was removed. I'm also planning to use more scanners like AdW, ESET, Rkill, as many as I have found to be on the safe side. Now, I started running a scan with GMER for rootkits today, in safe mode, however, the first time, mid-scan, the window just disappeared off the screen. I ran it a second time, and it only showed two entries in the log list before a message was displayed that my system had run into an error and needed to restart. I booted the computer into safe mode once again and started GMER for the third time, and same thing happened. Two logs, then mid-scan, same error message and restart. So, now I'm thinking I do have a rootkit that is stopping GMER from running a scan. I really don't know what to do right now. I also know that GMER is supposed to be for advanced users only, but my plan was to just get the results, save them and then show them to an expert, either here or if not possible, then to someone I know. However, given the fact that the scan won't even get halfway through, I don't know what to do. Would be grateful if someone could point me in the right direction. GMER not being able to complete the scan does mean that I have some kind of rootkit stopping it from working, right? Or could there be any other reasons for that? Thank you very much. P.S. I know I need to backup my data before I run any tools recommended by experts here, but I'm actually worried about infecting my backup as well. As I have already mentioned before, my computer was infected by a coinhive mining virus before, and even though it's removed now, I haven't deleted any old system restore points or registry files so it's possible the virus still persists. Plus, since my computer may have other kinds of malware right now including rootkits, if I try to back up my data now, isn't there a good possibility that I'm also infecting my back up? I back up all my data on an external hard drive, and they are even more susceptible to infection, just by plugging it in to my computer right now could transmit the malware. So, if in the end of the malware removal process, I lose some of my data and have to restore it from my backup, am I facing a chance of re-infection and also damage to my external hard drive? If so, then could you please suggest a safe way to backup all of my data? My data does not contain any applications or program files, it's only composed of documents, videos, music and images which are all stored in D and E drives, I'm not going to be backing up anything from C drive. Is there no way to safely backup, or backup in a way so that when I restore it back on the clean PC, it does not reinfect? Because I currently have some important files on my computer that I can't lose, I know there is no 100% guaranteed way that if I backup it won't be infected, but how should I reduce the risks? I don't want to lose any files by running scans with the anti-malware tools, so please point me in the right direction of backing up my files relatively safely before I can use the suggested tools and post the logs. Please suggest a safe backup method so I can proceed with the removal process.
  8. 3.2.2 beta? issues. Purchased Premium version. Updates not occurring. Stays in "checking" status. Also from time to time "ransomware protection" and "scan for rootkits" shuts off. Since updates are not available what is the fix for these failures. Please redirect. tks.
  9. Hello malware bytes just detected a file known as: Unknown.rootkit.driver which seemed to have infected: C:\WINDOWS\System32\drivers\agilevpn.sys i am wondering if this is a false positive? These are the logs: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 3/20/17 Scan Time: 11:27 PM Logfile: Administrator: Yes -Software Information- Version: 3.0.6.1469 Components Version: 1.0.75 Update Package Version: 1.0.1549 License: Free -System Information- OS: Windows 10 CPU: x64 File System: NTFS User: LAURIDS-PC\LauridsFrej -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 380961 Time Elapsed: 23 min, 53 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 Unknown.Rootkit.Driver, C:\WINDOWS\System32\drivers\agilevpn.sys, Replace-on-Reboot, [0], [0],0.0.0 Physical Sector: 0 (No malicious items detected) (end)
  10. Hello, I am suspecting that my malwarebytes is not working properly on preventing malicious websites, since I updated the windows >>> / windows malicious software removal tool for Windows 8, 8.1, 10 and Windows Server 2012, 2012 R2, 2016 x64 Edition - February 2017 (KB890830) Installation date: 28/02/2017 11:45 After updating it was necessary to reboot... and when it returned malwarebyte did not work, it was frozen and service unprotected ... reinstal....l:( , and since then stopped sending website blocking notification as it happened. Does anyone help me test?
  11. Although I've turned Rootkits on, I get the following message in my reports: Memory: Enabled, Startup: Enabled, Filesystem: Enabled, Archives: Enabled, Rootkits: Disabled, Heuristics: Enabled, PUP: Enabled, PUM: Enabled. I would like to know why Malwarebytes Premium is not scanning Rootkits on my computer. Any suggestions?
  12. I just purchased a second license for Malwarebytes Premium 3.0 so I have it on both of my computers. But I'm having a problem with the new computer when scanning with Rootkits enabled. I was running a scan today for about 8 hours and it just wouldn't finish. The screenshot tells the story better than my writing. Does anyone have any suggestions?
  13. I had version 2.2.1.1043 and was not notified and updated with 3 like I have been in the the past with other new versions. Why is that and will I not be notified of new versions in the future? Is "Scan for Rootkits" not a default setting because it's not really necessary or does it have to with scan time as well? Thanks, NVF
  14. Hello, I suspect my PC to be infected by some malware as it had turned Avast service off and I could not turn it back on. I did a custom scan with Malwarebytes with Scan for rootkits options ON in both scan settings and malwarebytes general settings. The scan also showed scanning for rootkits (rotating curved arrows and hourglass inside a circle) and completed without any infections. However when i look inside the reports, it says that the Scanning for rootkits disbaled . I have repeated this many times now and get the result same. Do you have any idea how this happens ? I also see a file called 'abtsvchost.exe' which seems suspicious (but shown harmless on virustotal.com). Do you know if this is a known rootkit and causing the above problem ?
  15. Hi, basically I have ran a threat scan and found no problems, but when I look at the logs it always says deep rootkit disabled, even though I have checked the box in 'detection and protection' section. <options> <memory>enabled</memory> <startup>enabled</startup> <filesystem>enabled</filesystem> <archives>enabled</archives> <rootkits>disabled</rootkits> <deeprootkit>disabled</deeprootkit> <heuristics>enabled</heuristics> <pup>enabled</pup> <pum>enabled</pum> </options> Have I done something wrong or is this the same for everyone? Thanks
  16. My Windows 10 Pro system recently began an issue upon resuming from sleep. The system never recovers from sleep (blank display). After a short time, the system shares the error "Driver Power State Failure" just before automatically rebooting. After much troubleshooting it appears the issue is with selecting the "Scan for rootkits" in the Detection and Protection Settings. Turn it on, the resume from sleep issue occurs. Turn it off, issue goes away. All other settings are checked in the Detection and Protection section. The version of Malwarebytes is Home Premium 2.1.8.1057.
  17. Hello! This Is My First Post About Having Problems With MBAM. Well, I Turned On My PC.... First Message Was From ESET Saying That I Have To Renew My License Because It Will End Within 12 Days... Ok.... So Far I Think It Is Good... I Closed The Message From The OK Button.. Then MBAM Started As Usual As A Task.. After A Few Seconds A Message Came Up Saying That Driver RootkitDDA Could Not Be Loaded and That It Is A Common Phenomenon (or something) Caused By Rootkits. I Selected To Restart... Before Windows Shutting Down Screen Another Message Came Up Saying SDKCreate Failed With Code 20025 Then It Restarted... When It Logged To My Windows User Account There Was Just A Black Screen And MBAM Scanning.. I Accidentally Hit The Minimize Button And I Couldn't See Scanning Process.. I Was Unable To Bring It Up Because There Was No Taskbar... I Tried To Start explorer.exe From TaskManager (Ctrl+Shift+Esc) But It Wouldn't I turned It Off From The Power Button.. Turned It On Again But Now The Driver That Couldn't Be Loaded Was Anti-Rootkit (Same Error Code: 20025) It Was Asking Me To Continue Scanning Without This Driver But I Clicked The Close Button. After A Minute or so, A Message Came Up Saying That There Is A New Update For MBAM and I don't Think That There Is A New Update Because Yesterday I Was Running The Latest Version (Both GUI and Database) Any Help Would Be Appreciated My System Is: Dell Optiplex GX620 SFF Pentium D 820 @ 2.79Ghz (Not Overclocked) 1GB RAM VGA 250MB (224 When I Had XP Installed) DirectX11 (DirectX 9 When XP Was Installed) Windows 7 Ultimate 32 Bit Activated Antivirus Software: NOD32 & Malwarebytes AntiMalware Other Software: Visual Studio, CCleaner, CS 1.6 NON-VALVE,VLC, μΤοrrent, Guitar Pro 5, Paint.NET, Firefox
  18. Please help! My 4-year old HP laptop (XP sp3) started acting out 2 weeks ago after a Comodo Firewall update. After the reboot, my pc would either be super slow, the wi-fi won't connect although my network is displayed, or take forever to power off. It never occurred to me that malware might be involved since my AVG and Comodo firewall were always on and updated. I also never click on suspicious links or email attachments. Thinking the culprit was the Comodo update, I uninstalled & reinstalled the firewall twice. The final time I did it, I thought everything was fine, but when I tried a new feature of Comodo (opening Chrome browser thru the sandbox), I promptly get the blue screen of death. That happened twice and after that my pc went back to being agonizingly slow. I installed Malwarebytes and it detected 3 items: a Worm.autorun and 2 entries that start with PUM.Hijack.Startmenu. I removed all 3 and thought that my pc would be back to normal. However, there's no improvement at all and it looks like the system got tweaked. I uninstalled Comodo firewall and the computer wouldn't freeze as much as it used to but now AVG shows and an exclamation mark (!) icon all the time. I tried doing system restore with command prompt several times but no luck. I even tried the earliest restore point which is Jan.14th. After the reboot ts says Restoration Incomplete. What should I do? Some people I talk to tell me to reinstall Windows but my pc did not come with a Windows installer when I bought it. I've been googling possible solutions and I've been reading stuff about rootkits and the TDSS killer. I thought I might as well ask somebody first before installing more programs on my pc. Please help! I'm at my wit's end. I also have no idea when the problem really started. Around January I turned on my pc to a message telling me that my user profile could not be opened because it has been corrupted. I was eventually able to fix that (I deleted the backup user profile created and that action enabled my user profile to load). I am just not sure if that user profile corruption was related to this problem.
  19. Hi, i just installed AVG 2014 (30 day free trial) to my laptop and did a scan. It found 3 rootkits. I was told to come here and post these . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1Install Date: 25/02/2010 4:30:28 PMSystem Uptime: 4/01/2014 12:07:20 AM (0 hours ago).Motherboard: TOSHIBA | | KSWAAProcessor: Pentium® Dual-Core CPU T4400 @ 2.20GHz | U2E1 | 2200/mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 286 GiB total, 113.447 GiB free.D: is CDROM ()E: is CDROM (CDFS)F: is Removable.==== Disabled Device Manager Items =============.Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}Description: USB Video DeviceDevice ID: USB\VID_04F2&PID_B128&MI_00\6&191461A9&0&0000Manufacturer: MicrosoftName: USB2.0 UVC WebCamPNP Device ID: USB\VID_04F2&PID_B128&MI_00\6&191461A9&0&0000Service: usbvideo.==== System Restore Points ===================.RP160: 5/12/2013 6:46:00 PM - Avg UpdateRP161: 12/12/2013 2:54:03 AM - Windows UpdateRP162: 23/12/2013 1:13:59 AM - Installed Java 7 Update 45RP163: 30/12/2013 9:50:59 PM - Scheduled CheckpointRP164: 3/01/2014 5:29:42 PM - Installed AVG 2014RP165: 3/01/2014 5:31:31 PM - Removed AVG Free 9.0RP166: 3/01/2014 5:36:05 PM - Installed AVG 2014.==== Installed Programs ======================. Update for Microsoft Office 2007 (KB2508958)Acrobat.comAdobe AIRAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader 9.1Adobe Shockwave Player 11.6Akamai NetSession InterfaceAkamai NetSession Interface ServiceAVG 2014Business Contact Manager for Outlook 2007 SP2Direct DiscRecorderDodo Wireless BroadbandDVD MovieFactory for TOSHIBAGIMP 2.6.11Google ChromeGoogle EarthGoogle Toolbar for Internet ExplorerGoogle Update HelperHiddenWorldOfArt2Intel® Graphics Media Accelerator DriverIntel® Matrix Storage ManagerJava 7 Update 45Java Auto UpdaterJava 6 Update 14JavaFX 2.1.1Junk Mail filter updateLSI V92 MOH ApplicationMalwarebytes Anti-Malware version 1.75.0.1300McAfee Security Scan PlusMicrosoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Application Error ReportingMicrosoft Choice GuardMicrosoft Office 2003 Web ComponentsMicrosoft Office 2007 Primary Interop AssembliesMicrosoft Office 2007 Service Pack 3 (SP3)Microsoft Office Excel MUI (English) 2007Microsoft Office Home and Student 2007Microsoft Office OneNote MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Small Business Connectivity ComponentsMicrosoft Office Suite Activation AssistantMicrosoft Office Word MUI (English) 2007Microsoft SilverlightMicrosoft SQL Server 2005Microsoft SQL Server 2005 Compact Edition [ENU]Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)Microsoft SQL Server 2005 Tools Express EditionMicrosoft SQL Server Native ClientMicrosoft SQL Server Setup Support Files (English)Microsoft SQL Server VSS WriterMicrosoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Mozilla Firefox 25.0.1 (x86 en-GB)Mozilla Maintenance ServiceMSVCRTMSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)Norton Internet SecurityOGA Notifier 2.0.0048.0Optus Wireless BroadbandPaintTool SAI Ver.1PC Connectivity SolutionPlayReady PC Runtime x86Realtek 8136 8168 8169 Ethernet DriverRealtek High Definition Audio DriverRealtek USB 2.0 Card ReaderRealtek WLAN DriverSAMSUNG Mobile Composite Device SoftwareSamsung Mobile Modem Device SoftwareSAMSUNG Mobile Modem Driver SetSamsung Mobile phone USB driver Drive SoftwareSAMSUNG Mobile USB Modem 1.0 SoftwareSAMSUNG Mobile USB Modem SoftwareSamsung New PC StudioSAMSUNG USB Mobile Device SoftwareSamsungConnectivityCableDriverSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)Security Update for Microsoft .NET Framework 4 Extended (KB2736428)Security Update for Microsoft .NET Framework 4 Extended (KB2742595)Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597969) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit EditionSecurity Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition Serif DrawPlus Starter EditionswMSMSynaptics Pointing Device DriverTOSHIBA AssistTOSHIBA Bulletin BoardTOSHIBA ConfigFreeTOSHIBA Disc CreatorTOSHIBA DVD PLAYERTOSHIBA eco UtilityTOSHIBA Extended Tiles for Windows Mobility CenterTOSHIBA Face RecognitionTOSHIBA Flash Cards Support UtilityTOSHIBA Hardware SetupTOSHIBA HDD/SSD AlertTOSHIBA Internal Modem Region Select UtilityTOSHIBA PC Health MonitorTOSHIBA Recovery Media CreatorTOSHIBA ReelTimeTOSHIBA SD Memory UtilitiesTOSHIBA Service StationTOSHIBA Software ModemTOSHIBA Speech System ApplicationsTOSHIBA Speech System SR Engine(U.S.) Version1.0TOSHIBA Speech System TTS Engine(U.S.) Version1.0TOSHIBA Supervisor PasswordTOSHIBA Value Added PackageTOSHIBA Web Camera ApplicationUnity Web PlayerUpdate for 2007 Microsoft Office System (KB967642)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767849) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767916) 32-Bit EditionUtility Common DriverVisual Studio 2012 x86 RedistributablesWindows Driver Package - MobileTop (sshpmdm) Modem (01/26/2008 2.6.0.0)Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)Windows Live CallWindows Live Communications PlatformWindows Live EssentialsWindows Live MailWindows Live MessengerWindows Live Photo GalleryWindows Live Sign-in AssistantWindows Live SyncWindows Live Upload ToolWindows Live WriterYahoo! Software UpdateYahoo! ToolbarYahoo!7 Messenger.==== Event Viewer Messages From Past Week ========.4/01/2014 12:08:15 AM, Error: Service Control Manager [7024] - The Norton Internet Security service terminated with service-specific error %%-1.4/01/2014 12:08:11 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0x80000004, 0x82c7df3c, 0x8ad1bb34, 0x8ad1b710). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 010414-39655-01.30/12/2013 7:00:30 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x00000004, 0x00000258, 0x851dda70, 0x82d60b24). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 123013-29624-01.30/12/2013 6:49:00 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avg9wd service.30/12/2013 6:48:30 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.3/01/2014 5:43:32 PM, Error: Service Control Manager [7024] - The AVG Firewall service terminated with service-specific error %%-536805289.3/01/2014 5:42:19 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting..==== End Of File =========================== DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.45.2Run by Home at 0:11:44 on 2014-01-04Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.1913.730 [GMT 11:00].AV: AVG Internet Security 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: AVG Internet Security 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}FW: AVG Internet Security 2014 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}.============== Running Processes ================.C:\PROGRA~1\AVG\AVG2014\avgrsx.exeC:\Program Files\AVG\AVG2014\avgcsrvx.exeC:\windows\system32\wininit.exeC:\windows\system32\lsm.exeC:\windows\System32\spoolsv.exeC:\windows\system32\Dwm.exeC:\windows\Explorer.EXEC:\Program Files\AVG\AVG2014\avgfws.exeC:\Program Files\AVG\AVG2014\avgidsagent.exeC:\Program Files\AVG\AVG2014\avgwdsvc.exeC:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exeC:\windows\system32\FsUsbExService.ExeC:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exec:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files\AVG\AVG2014\avgnsx.exeC:\Program Files\AVG\AVG2014\avgemcx.exec:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exec:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\windows\system32\taskhost.exeC:\windows\system32\taskeng.exeC:\windows\system32\TODDSrv.exeC:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exeC:\Program Files\TOSHIBA\TECO\TecoService.exeC:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\windows\system32\taskeng.exeC:\Program Files\TOSHIBA\ConfigFree\NDSTray.exeC:\Windows\system32\WUDFHost.exeC:\windows\system32\wbem\wmiprvse.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\windows\system32\igfxsrvc.exeC:\Program Files\TOSHIBA\Utilities\KeNotify.exeC:\Program Files\TOSHIBA\Power Saver\TPwrMain.exeC:\Program Files\TOSHIBA\SmoothView\SmoothView.exeC:\Program Files\TOSHIBA\FlashCards\TCrdMain.exeC:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\TOSHIBA\TECO\TEco.exeC:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exeC:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exeC:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exeC:\windows\system32\SearchIndexer.exeC:\windows\system32\igfxext.exeC:\Program Files\Synaptics\SynTP\SynTPHelper.exeC:\windows\system32\SearchProtocolHost.exeC:\windows\system32\SearchFilterHost.exeC:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exeC:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exeC:\Program Files\AVG\AVG2014\avgui.exeC:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exeC:\Users\Home\AppData\Local\Akamai\netsession_win.exeC:\Windows\System32\StikyNot.exeC:\Users\Home\AppData\Local\Google\Update\GoogleUpdate.exeC:\Users\Home\AppData\Local\Akamai\netsession_win.exeC:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exeC:\Program Files\Dodo Wireless Broadband\Dodo Wireless Broadband.exeC:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exeC:\Program Files\AVG\AVG2014\avgcsrvx.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exeC:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exeC:\Users\Home\AppData\Local\Google\Chrome\Application\chrome.exeC:\Program Files\LSI SoftModem\agrsmsvc.exeC:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exeC:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeC:\Program Files\Google\Update\GoogleUpdate.exeC:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exeC:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exeC:\Program Files\TOSHIBA\TPHM\TPCHSrv.exeC:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exeC:\windows\system32\conhost.exeC:\Program Files\TOSHIBA\RSelect\RSelSvc.exeC:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exeC:\windows\system32\sppsvc.exeC:\windows\system32\svchost.exe -k DcomLaunchC:\windows\system32\svchost.exe -k RPCSSC:\windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\windows\system32\svchost.exe -k LocalServiceC:\windows\system32\svchost.exe -k netsvcsC:\windows\system32\svchost.exe -k NetworkServiceC:\windows\system32\svchost.exe -k LocalServiceNoNetworkC:\windows\System32\svchost.exe -k AkamaiC:\windows\system32\svchost.exe -k imgsvcC:\windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation.============== Pseudo HJT Report ===============.uProxyOverride = <local>uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn2\yt.dlldURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.8.130\McAfeeMSS_IE.dllBHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dllBHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dllBHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dllTB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dllTB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dlluRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"uRun: [AutoStartNPSAgent] c:\program files\samsung\samsung new pc studio\NPSAgent.exeuRun: [Akamai NetSession Interface] "c:\users\home\appdata\local\akamai\netsession_win.exe"uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exeuRun: [Google Update] "c:\users\home\appdata\local\google\update\GoogleUpdate.exe" /cuRun: [msnmsgr] ~"c:\program files\windows live\messenger\msnmsgr.exe" /backgrounduRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quietmRun: [igfxTray] c:\windows\system32\igfxtray.exemRun: [HotKeysCmds] c:\windows\system32\hkcmd.exemRun: [Persistence] c:\windows\system32\igfxpers.exemRun: [sVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTILmRun: [HWSetup] "c:\program files\toshiba\utilities\HWSetup.exe" hwSetUPmRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exemRun: [TPwrMain] c:\program files\toshiba\power saver\TPwrMain.EXEmRun: [smoothView] c:\program files\toshiba\smoothview\SmoothView.exemRun: [00TCrdMain] c:\program files\toshiba\flashcards\TCrdMain.exemRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exemRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exemRun: [smartFaceVWatcher] c:\program files\toshiba\smartfacev\SmartFaceVWatcher.exemRun: [Teco] "c:\program files\toshiba\teco\Teco.exe" /rmRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exemRun: [ToshibaServiceStation] c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe /hide:60mRun: [TosWaitSrv] c:\program files\toshiba\tphm\TosWaitSrv.exemRun: [TWebCamera] "c:\program files\toshiba\toshiba web camera application\TWebCamera.exe" autorunmRun: [TosNC] c:\program files\toshiba\bulletinboard\TosNcCore.exemRun: [TosReelTimeMonitor] c:\program files\toshiba\reeltime\TosReelTimeMonitor.exemRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"mRun: [NPSStartup] <no file>dRunOnce: [sPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.8.130\SSScheduler.exemPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}TCP: Interfaces\{30B3C338-479C-4F2D-866D-BF2D0AA98202} : DHCPNameServer = 198.142.0.51 61.88.88.88TCP: Interfaces\{962D3D3D-5450-4827-8538-DEC87B6177C4} : DHCPNameServer = 198.142.0.51 61.88.88.88TCP: Interfaces\{BA6B8F64-9C6C-4967-8DE8-3AE4B784E92C} : NameServer = 202.136.43.208 202.136.42.208Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - Notify: igfxcui - igfxdev.dllSSODL: WebCheck - <orphaned>.================= FIREFOX ===================.FF - ProfilePath - c:\users\home\appdata\roaming\mozilla\firefox\profiles\t263i4zc.default\FF - prefs.js: network.proxy.type - 0FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dllFF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dllFF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dllFF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dllFF - plugin: c:\program files\mcafee security scan\3.8.130\npMcAfeeMSS.dllFF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dllFF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dllFF - plugin: c:\users\home\appdata\local\google\update\1.3.22.3\npGoogleUpdate3.dllFF - plugin: c:\users\home\appdata\locallow\unity\webplayer\loader\npUnity3D32.dllFF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll.============= SERVICES / DRIVERS ===============.R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-10-24 147768]R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-10-31 222520]R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-10-1 102712]R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-9-10 27448]R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1008030.006\SymEFA.sys [2011-11-12 310320]R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2013-11-5 120600]R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2013-9-26 47928]R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-11-4 209176]R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-9-17 22840]R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-10-31 176952]R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-8-1 193848]R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-9-3 33112]R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1008030.006\BHDrvx86.sys [2011-11-12 259632]R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1008030.006\cchpx86.sys [2011-11-12 467592]R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100310.001\IDSvix86.sys [2010-3-11 343088]R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-14 20992]R2 avgfws;AVG Firewall;c:\program files\avg\avg2014\avgfws.exe [2013-9-24 1358944]R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2013-11-11 3478544]R2 avgwd;AVG WatchDog;c:\program files\avg\avg2014\avgwdsvc.exe [2013-9-24 348008]R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-7-18 181616]R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-11 46448]R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-9-4 233472]R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-4-11 418376]R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-4-11 701512]R2 RSELSVC;TOSHIBA Modem region select service;c:\program files\toshiba\rselect\RSelSvc.exe [2009-7-8 62832]R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2009-8-11 181616]R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-6-20 12920]R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-9-4 36608]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-4-11 22856]R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-2-10 167936]R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2010-2-10 859136]R3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2010-2-10 51512]R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-8-4 111960]R3 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2009-8-7 685424]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.8.3.6\ccSvcHst.exe [2011-11-12 117648]S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2011-11-12 100864]S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2013-12-12 108032]S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.8.130\McCHSvc.exe [2013-9-7 235216]S3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2010-2-10 24064]S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-2-10 171520]S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2010-9-4 90112]S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2010-9-4 14976]S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2010-9-4 121856]S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-11-16 52224]S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-26 1343400]S3 zghsmdm;ZTE General Handset USB Modem Proprietary;c:\windows\system32\drivers\zghsmdm.sys [2011-1-13 106752].=============== Created Last 30 ================.2014-01-03 06:43:43 -------- d-----w- c:\users\home\appdata\roaming\AVG20142014-01-03 06:43:09 -------- d-----w- c:\users\home\appdata\roaming\TuneUp Software2014-01-03 06:37:13 -------- d-----w- c:\programdata\AVG20142014-01-03 06:12:33 -------- d-----w- c:\users\home\appdata\local\MFAData2014-01-03 06:12:33 -------- d-----w- c:\users\home\appdata\local\Avg20142013-12-22 14:16:34 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll2013-12-11 13:35:40 159232 ----a-w- c:\windows\system32\imagehlp.dll2013-12-11 13:35:39 163840 ----a-w- c:\windows\system32\scrrun.dll2013-12-11 13:35:39 141824 ----a-w- c:\windows\system32\wscript.exe2013-12-11 13:35:39 126976 ----a-w- c:\windows\system32\cscript.exe2013-12-11 13:35:39 121856 ----a-w- c:\windows\system32\wshom.ocx2013-12-11 13:35:37 2048 ----a-w- c:\windows\system32\tzres.dll2013-12-11 13:35:33 2349056 ----a-w- c:\windows\system32\win32k.sys2013-12-11 13:35:32 81408 ----a-w- c:\windows\system32\drivers\drmk.sys2013-12-11 13:35:32 177152 ----a-w- c:\windows\system32\drivers\portcls.sys.==================== Find3M ====================.2013-11-26 09:23:02 2724864 ----a-w- c:\windows\system32\mshtml.tlb2013-11-26 09:22:11 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll2013-11-26 08:53:56 61952 ----a-w- c:\windows\system32\iesetup.dll2013-11-26 08:52:26 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll2013-11-26 08:29:55 112128 ----a-w- c:\windows\system32\ieUnatt.exe2013-11-26 08:29:52 108032 ----a-w- c:\windows\system32\ieetwcollector.exe2013-11-26 08:28:16 553472 ----a-w- c:\windows\system32\jscript9diag.dll2013-11-26 08:16:12 4243968 ----a-w- c:\windows\system32\jscript9.dll2013-11-26 07:32:06 1928192 ----a-w- c:\windows\system32\inetcpl.cpl2013-11-26 06:33:33 1820160 ----a-w- c:\windows\system32\wininet.dll2013-11-20 23:44:03 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe2013-11-20 23:44:03 645120 ----a-w- c:\windows\system32\jsIntl.dll2013-11-20 23:44:03 194048 ----a-w- c:\windows\system32\elshyph.dll2013-11-20 23:44:02 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe2013-11-20 23:44:01 182272 ----a-w- c:\windows\system32\msls31.dll2013-11-20 23:44:00 62464 ----a-w- c:\windows\system32\tdc.ocx2013-11-20 23:44:00 34816 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll2013-11-20 23:42:40 640512 ----a-w- c:\windows\system32\advapi32.dll2013-11-20 23:42:40 619520 ----a-w- c:\windows\system32\tdh.dll2013-11-20 23:42:40 3969472 ----a-w- c:\windows\system32\ntkrnlpa.exe2013-11-20 23:42:40 3914176 ----a-w- c:\windows\system32\ntoskrnl.exe2013-11-20 23:42:40 1289096 ----a-w- c:\windows\system32\ntdll.dll2013-11-20 23:42:24 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys2013-11-20 23:42:23 338944 ----a-w- c:\windows\system32\drivers\afd.sys2013-11-20 23:42:23 231424 ----a-w- c:\windows\system32\mswsock.dll2013-11-20 23:42:11 1505280 ----a-w- c:\windows\system32\d3d11.dll2013-11-05 10:50:48 120600 ----a-w- c:\windows\system32\drivers\avgdiskx.sys2013-11-04 10:57:30 209176 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys2013-10-31 12:00:28 176952 ----a-w- c:\windows\system32\drivers\avgldx86.sys2013-10-31 11:30:08 222520 ----a-w- c:\windows\system32\drivers\avglogx.sys2013-10-24 11:28:32 147768 ----a-w- c:\windows\system32\drivers\avgidshx.sys2013-10-12 02:03:08 656896 ----a-w- c:\windows\system32\nshwfp.dll2013-10-12 02:01:41 679424 ----a-w- c:\windows\system32\IKEEXT.DLL2013-10-12 02:01:25 216576 ----a-w- c:\windows\system32\FWPUCLNT.DLL2013-10-05 19:57:25 1168384 ----a-w- c:\windows\system32\crypt32.dll.============= FINISH: 0:14:10.83 =============== Thanks for your time.
  20. I have downloaded and ran the programme Rootkit Hunter and the results are worrying. I don't know much about malware other than a malicious individual has persistently been installing it onto my machines via malicious emails - this time targeting my iPhone 4 (which I promptly got rid of upon discovering this individual's presence and replaced with a new Samsung S4, which is probably infected as well now) first; and from there using my house Wifi network to get onto my Macbook Pro 10.8.3 (which is the machine I am on now, and the machine the results refer to); and also my Samsung Galaxy Tab 10.1; and most likely the phones and computers belonging to other members of my family are compromised as well. The following are the worrying results identified by Rootkit Hunter: For "Checking LD_LIBRARY_PATH variable", it says in yellow "skipped". For "Checking for hidden processes", it also says in yellow "skipped". I also have red warning notices in relation to system configuration file checks and filesystem checks alerting me to the following: "Checking if SSH protocol v1 in allowed The SSH configuration option 'Protocol' has not been set"; "Checking if syslog remote logging is allowed Syslog configuration file allows remote logging: install.* .0.1:32376" "Checking /dev for suspicious file types Suspicious file types found in /dev: /dev/fd/6: MS Windows icon resource" "Checking for hidden files and directories Hidden file found: /usr/share/man/man5/. rhosts.5: troff or preprocessor input text". I do not know how to interpret these results other than of course realising they are alerting me to the fact that something is wrong and needs fixing. I do not know exactly what Rootkit Hunter is telling me is wrong, and I do not know how to fix the problems it has identified. I would greatly appreciate it if anybody could perhaps tell me how I can do these things. And any advice on which programmes to use for my Samsung machines and the best way to protect my devices in the future would also be greatly appreciated.
  21. Hi. My computer has been running very slowly for about 2 weeks now and I started trying to figure out what was wrong. My regular security consists of avast free. I downloaded and ran each of malwarebytes, spybot S&D and advanced systemcare ultimate. The problem seems to be fixed for a few minutes but it always goes back to the way it was before. while running one of the scans, a system popup appeared saying that windows had detected a possible rootkit. It told me to restart and run a boot-time scan. It ran an avast boot-time scan but found nothing. I have been looking up info on rootkits and they sound pretty nasty. I found two sources telling me different programs to try and use. http://forums.malwarebytes.org/index.php?showtopic=115149 and http://www.computerweekly.com/feature/Rootkit-and-malware-detection-and-removal-guide Based on the advice of these two sources, I installed sophos virus removal tool and roguekiller I will post the scan logs of those two programs. From rogue killer the first time I ran it. RogueKiller V8.6.2 _x64_ [Jul 2 2013] by Tigzy mail : tigzyRK<at>gmail<dot>comBlog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Jeremy [Admin rights]Mode : Scan -- Date : 07/06/2013 12:51:59| ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 5 ¤¤¤[DNS] HKLM\[...]\CCSet\[...]\{5398D6D1-4F0A-49A0-8A17-2E4F88F1429B} : NameServer (54.215.2.33,54.251.253.63) -> FOUND[DNS] HKLM\[...]\CS001\[...]\{5398D6D1-4F0A-49A0-8A17-2E4F88F1429B} : NameServer (54.215.2.33,54.251.253.63) -> FOUND[DNS] HKLM\[...]\CS002\[...]\{5398D6D1-4F0A-49A0-8A17-2E4F88F1429B} : NameServer (54.215.2.33,54.251.253.63) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : Mal.Hosts ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 download-winmx-free.com --> Potentially malicious!127.0.0.1 www.download-winmx-free.com --> Potentially malicious!127.0.0.1 www.facebook.com.img335.tk --> Potentially malicious!127.0.0.1 www.free-winmx-downloads.com --> Potentially malicious!127.0.0.1 free-winmx-downloads.com --> Potentially malicious!127.0.0.1 www.google.dospop.com --> Potentially malicious!127.0.0.1 www.mp3winmx.com --> Potentially malicious!127.0.0.1 mp3winmx.com --> Potentially malicious!127.0.0.1 winmx.click-new-download.com --> Potentially malicious!127.0.0.1 www.winmx.click-new-download.com --> Potentially malicious!127.0.0.1 winmx-d0wnload.com --> Potentially malicious!127.0.0.1 www.winmx-d0wnload.com --> Potentially malicious!127.0.0.1 winmxfrance.com --> Potentially malicious!127.0.0.1 www.winmxfrance.com --> Potentially malicious!127.0.0.1 winmx-freebie.com --> Potentially malicious!127.0.0.1 www.winmx-freebie.com --> Potentially malicious!127.0.0.1 winmx-music-download.com --> Potentially malicious!127.0.0.1 www.winmx-music-download.com --> Potentially malicious!127.0.0.1 www.winmx-usa.com --> Potentially malicious!127.0.0.1 winmx-usa.com --> Potentially malicious! 127.0.0.1 www.007guard.com127.0.0.1 007guard.com127.0.0.1 008i.com127.0.0.1 www.008k.com127.0.0.1 008k.com127.0.0.1 www.00hq.com127.0.0.1 00hq.com127.0.0.1 010402.com127.0.0.1 www.032439.com127.0.0.1 032439.com127.0.0.1 www.0scan.com127.0.0.1 0scan.com127.0.0.1 1000gratisproben.com127.0.0.1 www.1000gratisproben.com127.0.0.1 1001namen.com127.0.0.1 www.1001namen.com127.0.0.1 100888290cs.com127.0.0.1 www.100888290cs.com127.0.0.1 www.100sexlinks.com127.0.0.1 100sexlinks.com[...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD50 00BPVT-80HXZT3 SATA Disk Device +++++--- User ---[MBR] 0d9ee0f5bd374532f655877b44e0843d[bSP] ee92ccddf702530e27932213ecc73c2e : Windows 7/8 MBR CodePartition table:0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 Mo1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 52430848 | Size: 205084 Mo2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 472442880 | Size: 246255 MoUser = LL1 ... OK!User = LL2 ... OK! Finished : << RKreport[0]_S_07062013_125159.txt >> I then fixed the hosts file because it all seemed clearly malicious and rescanned. Log below. RogueKiller V8.6.2 _x64_ [Jul 2 2013] by Tigzymail : tigzyRK<at>gmail<dot>comBlog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Jeremy [Admin rights]Mode : Scan -- Date : 07/06/2013 13:17:12| ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 5 ¤¤¤[DNS] HKLM\[...]\CCSet\[...]\{5398D6D1-4F0A-49A0-8A17-2E4F88F1429B} : NameServer (54.215.2.33,54.251.253.63) -> FOUND[DNS] HKLM\[...]\CS001\[...]\{5398D6D1-4F0A-49A0-8A17-2E4F88F1429B} : NameServer (54.215.2.33,54.251.253.63) -> FOUND[DNS] HKLM\[...]\CS002\[...]\{5398D6D1-4F0A-49A0-8A17-2E4F88F1429B} : NameServer (54.215.2.33,54.251.253.63) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD50 00BPVT-80HXZT3 SATA Disk Device +++++--- User ---[MBR] 0d9ee0f5bd374532f655877b44e0843d[bSP] ee92ccddf702530e27932213ecc73c2e : Windows 7/8 MBR CodePartition table:0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 25600 Mo1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 52430848 | Size: 205084 Mo2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 472442880 | Size: 246255 MoUser = LL1 ... OK!User = LL2 ... OK! Finished : << RKreport[0]_S_07062013_131711.txt >>RKreport[0]_H_07062013_130017.txt;RKreport[0]_S_07062013_125159.txt Here is the Log (I think) from Sophos 2013-07-06 12:20:11 Sophos Virus Removal Tool version 2.32013-07-06 12:20:11 Copyright © 2009-2012 Sophos Limited. All rights reserved. 2013-07-06 12:20:11 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them. 2013-07-06 12:20:11 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW642013-07-06 12:20:11 Checking for updates...2013-07-06 12:20:13 Update progress: proxy server not available2013-07-06 12:20:14 Update error: failed to read remote metadata (error 4)Cannot locate server for http://dci.sophosupd.com/update/4/c3/4c3dd7e45665ae0d045a6d5fdec844c8.xml2013-07-06 12:20:23 Option all = no2013-07-06 12:20:23 Option recurse = yes2013-07-06 12:20:23 Option archive = no2013-07-06 12:20:23 Option service = yes2013-07-06 12:20:23 Option confirm = yes2013-07-06 12:20:23 Option sxl = yes2013-07-06 12:20:23 Option max-data-age = 352013-07-06 12:20:23 Component SVRTcli.exe version 2.32013-07-06 12:20:23 Component control.dll version 2.32013-07-06 12:20:23 Component SVRTservice.exe version 2.32013-07-06 12:20:23 Component engine\osdp.dll version 1.44.0.20912013-07-06 12:20:23 Component engine\veex.dll version 3.44.1.20912013-07-06 12:20:23 Component engine\savi.dll version 7.5.12.20912013-07-06 12:20:23 Component rkdisk.dll version 1.5.30.02013-07-06 12:20:23 Version info: Product version 2.32013-07-06 12:20:23 Version info: Detection engine 3.44.12013-07-06 12:20:23 Version info: Detection data 4.902013-07-06 12:20:23 Version info: Build date 13/06/20132013-07-06 12:20:23 Version info: Data files added 4282013-07-06 12:20:23 Version info: Last successful update (not yet updated) 2013-07-06 12:20:46 Scan completed.2013-07-06 12:20:46 ------------------------------------------------------------ 2013-07-06 12:21:24 Sophos Virus Removal Tool version 2.32013-07-06 12:21:24 Copyright © 2009-2012 Sophos Limited. All rights reserved. 2013-07-06 12:21:24 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them. 2013-07-06 12:21:24 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW642013-07-06 12:21:24 Checking for updates...2013-07-06 12:21:27 Update progress: proxy server not available2013-07-06 12:21:34 Option all = no2013-07-06 12:21:34 Option recurse = yes2013-07-06 12:21:34 Option archive = no2013-07-06 12:21:34 Option service = yes2013-07-06 12:21:34 Option confirm = yes2013-07-06 12:21:34 Option sxl = yes2013-07-06 12:21:34 Option max-data-age = 352013-07-06 12:21:34 Component SVRTcli.exe version 2.32013-07-06 12:21:34 Component control.dll version 2.32013-07-06 12:21:34 Component SVRTservice.exe version 2.32013-07-06 12:21:34 Component engine\osdp.dll version 1.44.0.20912013-07-06 12:21:34 Component engine\veex.dll version 3.44.1.20912013-07-06 12:21:34 Component engine\savi.dll version 7.5.12.20912013-07-06 12:21:34 Component rkdisk.dll version 1.5.30.02013-07-06 12:21:34 Version info: Product version 2.32013-07-06 12:21:34 Version info: Detection engine 3.44.12013-07-06 12:21:34 Version info: Detection data 4.902013-07-06 12:21:34 Version info: Build date 13/06/20132013-07-06 12:21:34 Version info: Data files added 4282013-07-06 12:21:34 Version info: Last successful update (not yet updated)2013-07-06 12:23:44 Downloading updates...2013-07-06 12:23:44 Update progress: [i96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0 2013-07-06 12:23:44 Update progress: [i49502] Found supplement SAVIW32 LATEST 42013-07-06 12:23:44 Update progress: [i49502] Found supplement IDE491 LATEST 2013-07-06 12:23:44 Update progress: [i49502] Found supplement IDE492 LATEST 2013-07-06 12:23:44 Update progress: [i49502] Found supplement IDE493 LATEST 2013-07-06 12:23:44 Update progress: [i49502] Found supplement IDE494 LATEST 2013-07-06 12:23:44 Update progress: [i19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 12013-07-06 12:23:44 Update progress: [i19463] Syncing product SAVIW32 292013-07-06 12:23:58 Update progress: [i19463] Syncing product IDE491 1812013-07-06 12:24:00 Update progress: [i19463] Syncing product IDE492 2222013-07-06 12:24:00 Update progress: [i19463] Syncing product IDE493 322013-07-06 12:24:00 Installing updates...2013-07-06 12:24:00 Update progress: [i19463] Syncing product IDE494 12013-07-06 12:24:13 Update successful2013-07-06 12:24:30 Option all = no2013-07-06 12:24:30 Option recurse = yes2013-07-06 12:24:30 Option archive = no2013-07-06 12:24:30 Option service = yes2013-07-06 12:24:30 Option confirm = yes2013-07-06 12:24:30 Option sxl = yes2013-07-06 12:24:30 Option max-data-age = 352013-07-06 12:24:30 Component SVRTcli.exe version 2.32013-07-06 12:24:30 Component control.dll version 2.32013-07-06 12:24:30 Component SVRTservice.exe version 2.32013-07-06 12:24:30 Component engine\osdp.dll version 1.44.0.20912013-07-06 12:24:30 Component engine\veex.dll version 3.44.1.20912013-07-06 12:24:30 Component engine\savi.dll version 7.5.12.20912013-07-06 12:24:30 Component rkdisk.dll version 1.5.30.02013-07-06 12:24:30 Version info: Product version 2.32013-07-06 12:24:30 Version info: Detection engine 3.44.12013-07-06 12:24:30 Version info: Detection data 4.90G2013-07-06 12:24:30 Version info: Build date 13/06/20132013-07-06 12:24:30 Version info: Data files added 4292013-07-06 12:24:30 Version info: Last successful update 06/07/2013 12:24:13 PM 2013-07-06 13:36:53 Sophos Virus Removal Tool version 2.32013-07-06 13:36:53 Copyright © 2009-2012 Sophos Limited. All rights reserved. 2013-07-06 13:36:53 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them. 2013-07-06 13:36:53 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x300 PT=0x1 WOW642013-07-06 13:36:53 Checking for updates...2013-07-06 13:36:57 Update progress: proxy server not available2013-07-06 13:38:05 Option all = no2013-07-06 13:38:05 Option recurse = yes2013-07-06 13:38:05 Option archive = no2013-07-06 13:38:05 Option service = yes2013-07-06 13:38:05 Option confirm = yes2013-07-06 13:38:05 Option sxl = yes2013-07-06 13:38:05 Option max-data-age = 352013-07-06 13:38:05 Component SVRTcli.exe version 2.32013-07-06 13:38:05 Component control.dll version 2.32013-07-06 13:38:05 Component SVRTservice.exe version 2.32013-07-06 13:38:05 Component engine\osdp.dll version 1.44.0.20912013-07-06 13:38:05 Component engine\veex.dll version 3.44.1.20912013-07-06 13:38:05 Component engine\savi.dll version 7.5.12.20912013-07-06 13:38:05 Component rkdisk.dll version 1.5.30.02013-07-06 13:38:05 Version info: Product version 2.32013-07-06 13:38:05 Version info: Detection engine 3.44.12013-07-06 13:38:05 Version info: Detection data 4.90G2013-07-06 13:38:05 Version info: Build date 13/06/20132013-07-06 13:38:05 Version info: Data files added 4292013-07-06 13:38:05 Version info: Last successful update 06/07/2013 12:24:13 PM2013-07-06 13:38:24 Update not required The next step according to the first link I posted, is to run Farbar from System Recovery options in Repair you Computer after selecting Advanced boot options during startup. It says that Rogue Killer finds false positives and recommends having someone knowledgeable look over the log file first Any information that you can provide would be immensely appreciated. I am running a backup and have created a system repair disk already. The sooner you can reply the better. Thank you so much
  22. For some time now I have been trying to get rid of this malware. It seems to effect my browser by making findamo.com my homepage. I have uninstalled mozilla and google chrome because of this issue. It seems to not be affecting IE but I cant be sure. I have searched and deleted it from everywhere I found it (programs files, registry keys). I have ran several different antimalware programs (malwarebytes, super antispyware, avast, etc.) and none of them are removing it. As of right now, there are about 60 files in my C: drive that are named crazy things like "2aa3b7021a5e19397fccfc" and inside each of them is an empty folder that says "bProtectorForWindows". When I attempt to delete these files and folders it states that I don't have permissions for them. If I manage to change permissions, I am still unable to delete them. These crazy files are even in Recovery Partition (presario_rp d:) drive. I am so frustrated and I have read that this thing is hijacking personal data constantly. Please help.
  23. Malwarebytes is able to remove the rootkits, but they keep coming back. They return slower if I boot into safe mode. The primary symptom is redirection to unwanted websites and opening up new browsing windows to unwanted websites. My DDS and attach files are below. Thanks in advance. DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20 Run by aida at 20:11:16 on 2012-05-06 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.316 [GMT -4:00] . AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.yahoo.com/ uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File TB: Foxit Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [ZumoDrive] c:\program files\zecter\zumodrive\ZumoLauncher.lnk uRun: [Google Update] "c:\documents and settings\aida\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_2_202_233_Plugin.exe -update plugin mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC mRun: [ZumoDrive] "c:\program files\zecter\zumodrive\ZumoLauncher.lnk" mRun: [PSUNMain] "c:\program files\panda security\panda cloud antivirus\PSUNMain.exe" /Traybar mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\documents and settings\all users\application data\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000 IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe LSP: mswsock.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 10.0.0.1 TCP: Interfaces\{9C98642B-78C9-4923-8DFD-BE08F792C45B} : DhcpNameServer = 10.0.0.1 Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL Handler: junomsg - {C4D10830-379D-11d4-9B2D-00C04F1579A5} - Notify: NecUsb3Sevices - USB3Sw32.dll Notify: USB3Sw32 - USB3Sw32.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\aida\application data\mozilla\firefox\profiles\eswlnpz7.default\ FF - prefs.js: browser.startup.homepage - hxxp://welikehits.com/surf.php FF - component: c:\documents and settings\aida\application data\mozilla\firefox\profiles\eswlnpz7.default\extensions\{81bf1d23-5f17-408d-ac6b-bd6df7caf670}\components\imtcp_xpcom.dll FF - component: c:\documents and settings\aida\application data\mozilla\firefox\profiles\eswlnpz7.default\extensions\capturefoxmovie@advancity.net\components\capturefoxxpi_win32.dll FF - component: c:\documents and settings\aida\application data\mozilla\firefox\profiles\eswlnpz7.default\extensions\screencaptureelite@plugin\platform\winnt_x86-msvc\components\SCEFF3Client.dll FF - plugin: c:\documents and settings\aida\application data\mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\aida\application data\mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: c:\documents and settings\aida\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_233.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Webmail Ad Blocker: gmailnoads@mywebber.com - %profile%\extensions\gmailnoads@mywebber.com FF - Ext: Tempomail: tempomail@ingetic..maxime.robache - %profile%\extensions\tempomail@ingetic..maxime.robache FF - Ext: ReminderFox: {ada4b710-8346-4b82-8199-5de2b400a6ae} - %profile%\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} FF - Ext: Capture Fox: capturefoxmovie@advancity.net - %profile%\extensions\capturefoxmovie@advancity.net FF - Ext: iMacros for Firefox: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} - %profile%\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} FF - Ext: SearchStatus: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a} - %profile%\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a} FF - Ext: Screen Capture Elite: screencaptureelite@plugin - %profile%\extensions\screencaptureelite@plugin FF - Ext: Click&Clean: clickclean@hotcleaner.com - %profile%\extensions\clickclean@hotcleaner.com FF - Ext: SeoQuake: {317B5128-0B0B-49b2-B2DB-1E7560E16C74} - %profile%\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff . ============= SERVICES / DRIVERS =============== . R3 KTC111;Kingston EtherRx KNE111TX NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\KTC111.SYS [2003-9-15 19016] S1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [2010-4-12 147416] S1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2010-5-4 129928] S2 clientservice;Crcdisk;c:\windows\system32\svchost.exe -k netsvcs [2001-8-23 14336] S2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2010-5-27 141384] S2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2010-4-30 97032] S2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2010-4-30 111624] S2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2010-5-12 110920] S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [2007-7-29 20160] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-9 253088] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-5-6 40776] S3 RkPavproc1;RkPavproc1;\??\c:\windows\system32\drivers\rkpavproc1.sys --> c:\windows\system32\drivers\RkPavproc1.sys [?] S3 SDTHOOK;SDTHOOK;c:\windows\system32\drivers\SDTHOOK.SYS [2008-2-5 44928] . =============== Created Last 30 ================ . 2012-05-06 14:03:48 54016 -c--a-w- c:\windows\system32\drivers\tjpcg.sys 2012-05-06 09:03:21 40776 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-04-14 18:49:13 -------- d-----w- C:\8b932b19c531de31486369ac 2012-04-14 18:27:22 -------- d-----w- C:\a13e1fdda4f013cfa6a1 2012-04-13 07:02:44 200976 -c--a-w- c:\windows\system32\drivers\tmcomm.sys 2012-04-12 22:46:55 -------- d-----w- C:\3ed78a8d3e3fdb96b6d2ca8748a643 2012-04-12 19:46:14 -------- d-----w- C:\a7b9281ead74d054c51d9c102f303925 2012-04-12 18:04:45 -------- d-----w- C:\b39195a5979437de95c7ae2e 2012-04-09 17:56:24 418464 -c--a-w- c:\windows\system32\FlashPlayerApp.exe . ==================== Find3M ==================== . 2012-05-06 02:43:00 0 -csha-w- c:\windows\system32\dds_trash_log.cmd 2012-04-14 05:13:02 70304 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-13 18:01:33 102400 -c--a-w- c:\windows\RegBootClean.exe 2012-04-11 17:55:44 22032 -c--a-w- c:\windows\DCEBoot.exe 2012-04-04 19:56:40 22344 -c--a-w- c:\windows\system32\drivers\mbam.sys 2012-03-06 22:28:49 60304 -c--a-w- c:\documents and settings\aida\g2mdlhlpx.exe 2012-03-01 11:01:32 916992 -c--a-w- c:\windows\system32\wininet.dll 2012-03-01 11:01:32 43520 -c----w- c:\windows\system32\licmgr10.dll 2012-03-01 11:01:32 1469440 -c----w- c:\windows\system32\inetcpl.cpl 2012-02-29 14:10:16 177664 -c--a-w- c:\windows\system32\wintrust.dll 2012-02-29 14:10:16 148480 -c--a-w- c:\windows\system32\imagehlp.dll 2012-02-29 12:17:40 385024 -c----w- c:\windows\system32\html.iec . ============= FINISH: 20:17:52.07 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 9/16/2003 3:38:32 AM System Uptime: 5/5/2012 10:41:11 PM (22 hours ago) . Motherboard: ASUSTeK Computer INC. | | CUW-FX Processor: Intel Pentium III processor | PGA 370 | 651/100mhz . ==== Disk Partitions ========================= . . ==== Installed Programs ====================== . Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe SVG Viewer 3.0 Content Buzzer Content Notifier Dynamic Traders Group, Inc. DT6 ver 1 EasyCleaner ePrompter Foxit Reader FXDD - MetaTrader 4.00 Google Talk Plugin GoToMeeting 5.1.0.880 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) J2SE Runtime Environment 5.0 Update 4 Java Auto Updater Java 6 Update 20 Kcast Beta 2.0.0 Malwarebytes Anti-Malware version 1.61.0.1400 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656353) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Data Access Components KB870669 Microsoft FrontPage Client - English Microsoft Office 2000 Premium Microsoft Office XP Professional with FrontPage Microsoft Silverlight Microsoft SQL Server Compact 3.5 SP2 ENU Microsoft Visual Studio .NET Professional 2003 - English Mozilla Firefox (3.6.28) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nero - Burning Rom Panda Cloud Antivirus Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2647516) Security Update for Windows Internet Explorer 8 (KB2675157) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2183461) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360131) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2416400) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2482017) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2497640) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2510581) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2530548) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544521) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2559049) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2586448) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618444) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647516) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953155) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB970483) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975254) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165-v2) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981349) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982381) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) SSH Secure Shell Turbo Trader 2 Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Windows Internet Explorer 8 (KB2598845) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2541763) Update for Windows XP (KB2616676-v2) Update for Windows XP (KB2641690) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Update for Windows XP (KB978207) Update for Windows XP (KB980182) Visual Studio .NET Professional 2003 - English Visual Studio.NET Baseline - English VLC media player 1.0.5 WebFldrs XP Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 8 Windows Media Format Runtime Windows Media Player 10 Windows XP Service Pack 3 ZumoDrive . ==== Event Viewer Messages From Past Week ======== . 5/3/2012 12:37:56 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046} 5/3/2012 12:19:02 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: CbFs Fips P3 PSINKNC 5/3/2012 12:10:11 PM, error: Schedule [7901] - The At26.job command failed to start due to the following error: %%2147942402 5/3/2012 12:10:01 PM, error: Schedule [7901] - The At25.job command failed to start due to the following error: %%2147942402 5/3/2012 12:06:26 PM, error: Service Control Manager [7023] - The Queuemgr service terminated with the following error: The specified module could not be found. 4/29/2012 5:10:02 PM, error: Schedule [7901] - The At36.job command failed to start due to the following error: %%2147942402 4/29/2012 5:10:01 PM, error: Schedule [7901] - The At35.job command failed to start due to the following error: %%2147942402 4/29/2012 4:32:00 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found. 4/29/2012 4:27:47 PM, error: Service Control Manager [7022] - The Panda Cloud Antivirus Service service hung on starting. 4/29/2012 4:26:46 PM, error: Service Control Manager [7023] - The Ziptoa service terminated with the following error: The specified module could not be found. 4/29/2012 4:26:46 PM, error: Service Control Manager [7023] - The VAIOMediaPlatform-PhotoServer-HTTP service terminated with the following error: The specified module could not be found. 4/29/2012 4:26:46 PM, error: Service Control Manager [7023] - The USB3 Service service terminated with the following error: The specified module could not be found. 4/29/2012 4:26:46 PM, error: Service Control Manager [7023] - The Snac service terminated with the following error: The specified module could not be found. 4/29/2012 4:26:46 PM, error: Service Control Manager [7023] - The Sfcure01 service terminated with the following error: The specified module could not be found. 4/29/2012 4:26:46 PM, error: Service Control Manager [7023] - The Savrt service terminated with the following error: The specified module could not be found. 4/29/2012 4:26:46 PM, error: Service Control Manager [7023] - The Qbfcservice service terminated with the following error: The specified module could not be found. 4/29/2012 4:26:46 PM, error: Service Control Manager [7023] - The Proxyhostdriver service terminated with the following error: The specified module could not be found. 4/29/2012 4:26:46 PM, error: Service Control Manager [7023] - The P1131vid service terminated with the following error: The specified module could not be found. 4/29/2012 4:26:46 PM, error: Service Control Manager [7023] - The Mstdc service terminated with the following error: The specified module could not be found. 4/29/2012 4:26:46 PM, error: Service Control Manager [7023] - The Ma763004 service terminated with the following error: The specified module could not be found. 4/29/2012 4:26:46 PM, error: Service Control Manager [7023] - The K750obex service terminated with the following error: The specified module could not be found. 4/29/2012 4:26:46 PM, error: Service Control Manager [7023] - The Eaps2kbd service terminated with the following error: The specified module could not be found. 4/29/2012 4:26:46 PM, error: Service Control Manager [7023] - The CTSYN service terminated with the following error: The specified module could not be found. 4/29/2012 4:26:46 PM, error: Service Control Manager [7023] - The Crcdisk service terminated with the following error: The specified module could not be found. 4/29/2012 4:26:46 PM, error: Service Control Manager [7023] - The Cmudau service terminated with the following error: The specified module could not be found. 4/29/2012 4:26:46 PM, error: Service Control Manager [7023] - The ClntMgmt.sys service terminated with the following error: The specified module could not be found. 4/29/2012 4:26:46 PM, error: Service Control Manager [7023] - The BVRPMPR5 service terminated with the following error: The specified module could not be found. 4/29/2012 4:26:46 PM, error: Service Control Manager [7023] - The Awhost32 service terminated with the following error: The specified module could not be found. 4/29/2012 4:26:46 PM, error: Service Control Manager [7023] - The Ati2mtaa service terminated with the following error: The specified module could not be found. 4/29/2012 4:23:33 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} . ==== End Of File ===========================
  24. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:48:12, on 25/03/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe C:\Program Files\Emsisoft Anti-Malware\a2service.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe C:\Program Files\Comodo\Dragon\dragon_updater.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe C:\Program Files\KeyScrambler\KeyScrambler.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Program Files\Shadow Defender\DefenderDaemon.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Process Hacker 2\ProcessHacker.exe C:\Users\AVERTCOM\Downloads\Compressed\CCE\KillSwitch.exe C:\Windows\notepad.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\AVERTCOM\Desktop\HiJackThis.exe C:\Windows\system32\wbem\wmiprvse.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [KeyScrambler] C:\Program Files\KeyScrambler\keyscrambler.exe /a O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h O4 - HKLM\..\Run: [shadow Defender Daemon] "C:\Program Files\Shadow Defender\DefenderDaemon.exe" /Auto O4 - HKUS\S-1-5-21-3635735338-2964006992-2461654254-1004\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-3635735338-2964006992-2461654254-1004\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Fazer o download de todos os links usando o IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Fazer o download usando o IDM - C:\Program Files\Internet Download Manager\IEExt.htm O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O20 - AppInit_DLLs: C:\Windows\System32\guard32.dll C:\Windows\System32\guard32.dll O23 - Service: Emsisoft Anti-Malware 6.0 - Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\Emsisoft Anti-Malware\a2service.exe O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Unknown owner - C:\Program Files\Comodo\Dragon\dragon_updater.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- End of file - 6678 bytes =================================================================== Internet Explorer 9.0.8112.16421 AVERTCOM :: AVERTCOM-PC [administrador] Proteção: Não permitir 25/03/2012 18:46:31 mbam-log-2012-03-25 (18-46-31).txt Tipo de Verificação: Verificação Completa Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM Opções de verificação desativadas: P2P Objetos escaneados: 276767 Tempo decorrido: 59 minuto(s), 23 segundo(s) Processos de Memória Detectados: 0 (Não foram detectados ítens maliciosos) Módulos de Memória Detectados: 0 (Não foram detectados ítens maliciosos) Chaves de Registro Detectadas: 0 (Não foram detectados ítens maliciosos) Valores de Registro Detectadas: 0 (Não foram detectados ítens maliciosos) Itens de Dados no Registro Detectadas: 0 (Não foram detectados ítens maliciosos) Pastas Detectadas: 0 (Não foram detectados ítens maliciosos) Arquivos Detectados: 0 (Não foram detectados ítens maliciosos) (fim) ===================================================================== Norman Malware Cleaner v2.05.04 Copyright © 1990 - 2012, Norman ASA. Norman Scanner Engine Version: 6.08.03 nvcbin.def: Version: 6.08.00, Date: 2012/03/25 05:03:19, Variants: 14901583 nvcmacro.def: Version: 6.08.00, Date: 2011/12/19 08:20:35, Variants: 20465 Operating System: Windows 7 Service Pack 1 Switches: /iagree /verbose /noclean /cleanrootkit Scan started: 2012/03/25 18:03:09 Running pre-scan cleanup routine... Number of malicious objects found: 0 Number of malicious objects cleaned: 0 Scanning time: 1s Scanning system for active rootkit activity... Rootkit infection detected (W32/suspiciousHook!SSDT) Cleaning is disabled, see options tab Rootkit infection detected (W32/suspiciousHook!SSDT) Cleaning is disabled, see options tab Rootkit infection detected (W32/suspiciousHook!SSDT) Cleaning is disabled, see options tab Rootkit infection detected (W32/suspiciousHook!SSDT) Cleaning is disabled, see options tab Rootkit infection detected (W32/suspiciousHook!SSDT) Cleaning is disabled, see options tab Rootkit infection detected (W32/suspiciousHook!SSDT) Cleaning is disabled, see options tab Rootkit infection detected (W32/suspiciousHook!SSDT) Cleaning is disabled, see options tab Rootkit infection detected (W32/suspiciousHook!SSDT) Cleaning is disabled, see options tab Rootkit infection detected (W32/suspiciousHook!SSDT) Cleaning is disabled, see options tab Rootkit infection detected (W32/suspiciousHook!SSDT) Cleaning is disabled, see options tab Rootkit infection detected (W32/suspiciousHook!SSDT) Cleaning is disabled, see options tab Rootkit infection detected (W32/suspiciousHook!SSDT) Cleaning is disabled, see options tab Rootkit infection detected (W32/suspiciousHook!SSDT) Cleaning is disabled, see options tab Rootkit infection detected (W32/suspiciousHook!SSDT) Cleaning is disabled, see options tab Rootkit infection detected (W32/suspiciousHook!SSDT) Cleaning is disabled, see options tab Rootkit infection detected (W32/suspiciousHook!SSDT) Cleaning is disabled, see options tab Rootkit infection detected (W32/suspiciousHook!SSDT) Cleaning is disabled, see options tab Number of malicious objects found: 17 Number of malicious objects cleaned: 0 Number of malicious files found: 0 Number of malicious files cleaned: 0 Scanning time: 2s Scanning running processes and process memory... Number of objects found: 971 Number of objects scanned: 971 Number of objects not scanned: 0 Number of malicious memory objects found: 0 Number of malicious objects cleaned: 0 Number of malicious files found: 0 Number of malicious files cleaned: 0 Scanning time: 1m 59s Scan aborted by user Results: Total number of files found: 0 Total number of archives unpacked: 0 Total number of objects found: 971 Total number of objects scanned: 971 Total number of objects not scanned: 0 Total number of malicious objects found: 17 Total number of malicious objects cleaned: 0 Total number of malicious files found: 0 Total number of malicious files cleaned: 0 Total number of objects quarantined: 0 Total scanning time: 2m 2s OBS:longer scan times for 5 with 4 NORMAN malware cleaner to clean them but when you restart or shut down your PC malware back Attach.txtDDS.txt
  25. I stupidly got myself infected with Smart Fortress 2012. I've been running Malwarebytes scans from safe mode, and after multiple scans over the course of 2 days, I'm still picking up 7-20 rootkits per scan. This is clearly not a good sign. I'm at work at the moment but will post my MBAM logs ASAP. Please let me know if there are other scans you would like to see as well. Thank you.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.