Jakez Posted July 21, 2012 ID:574271 Share Posted July 21, 2012 I am on Windows 7 and Malwareytes was showing this BCMiner trojan and also showing 2 svchost.exe files. I THINK the svchost.exe files have been taken care of after I've restarted a dozen times in safe mode running Malwarebytes and whatnot.I'm sorry but I downloaded the dds file but I do not see any option to "run as administrator" when I right click..?Please help! Thanks! Link to post Share on other sites More sharing options...
MrCharlie Posted July 21, 2012 ID:574279 Share Posted July 21, 2012 Welcome to the forum.Your computer is infected with a nasty rootkit. Please read the following information first.You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.BACKDOOR WARNING------------------------------One or more of the identified infections is known to use a backdoor.This allows hackers to remotely control your computer, steal critical system information and download and execute files.I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?http://www.dslreports.com/faq/10451When Should I Format, How Should I Reinstallhttp://www.dslreports.com/faq/10063I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.-----------------------------------------Please make sure system restore is running and create a new restore point before continuing!For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.How to tell > 32 or 64 bitPlug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Select US as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Select US as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter Note: Replace letter e with the drive letter of your flash drive.[*]The tool will start to run.[*]When the tool opens click Yes to disclaimer.[*]Press Scan button.[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:services.exe[*]Now press the Search button[*]When the search is complete, search.txt will also be written to your USB[*]Type exit and reboot the computer normally[*]Please copy and paste both logs in your reply.(FRST.txt and Search.txt)MrC Link to post Share on other sites More sharing options...
Jakez Posted July 24, 2012 Author ID:575392 Share Posted July 24, 2012 Thank you!Here they are:FRST.txtScan result of Farbar Recovery Scan Tool Version: 20-07-2012 01Ran by SYSTEM at 23-07-2012 20:07:00Running from G:\Windows 7 Home Premium (X64) OS Language: English(US)The current controlset is ControlSet001========================== Registry (Whitelisted) =============HKLM\...\Run: [THXCfg64] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 [25600 2010-09-14] (Creative Technology Ltd.)HKLM\...\Run: [synAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe [100112 2012-01-26] (Synaptics Incorporated)HKLM\...\Run: [setwallpaper] c:\programdata\SetWallpaper.cmd [x]HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12446824 2012-01-31] (Realtek Semiconductor)HKLM\...\Run: [intelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash [1605632 2010-11-14] (Intel® Corporation)HKLM\...\Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1933584 2011-01-05] (Intel® Corporation)HKLM\...\Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4526 2010-11-29] ()HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x]HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2869008 2012-01-26] (Synaptics Incorporated)HKLM-x32\...\Run: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe [45448 2011-04-07] ()HKLM-x32\...\Run: [updReg] C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)HKLM-x32\...\Run: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-19] (CyberLink Corp.)HKLM-x32\...\Run: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-19] (CyberLink Corp.)HKLM-x32\...\Run: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r [909312 2011-03-16] (Creative Technology Ltd)HKLM-x32\...\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [103720 2009-11-02] (CyberLink)HKLM-x32\...\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe [3058304 2011-06-11] (ASUS)HKLM-x32\...\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe [479232 2005-07-15] (Google Inc.)HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [318080 2011-12-22] (ASUSTek Computer Inc.)HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174720 2011-10-24] (ASUS)HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)HKLM-x32\...\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [102568 2012-02-06] (ASUS)HKLM-x32\...\Run: [FLxHCIm64] "C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe" [48128 2012-01-15] (Windows ® Win 7 DDK provider)HKLM-x32\...\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2321072 2012-02-02] (ASUSTeK Computer Inc.)HKU\Jake\...\Run: [Google Update] "C:\Users\Jake\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-10-18] (Google Inc.)HKU\Jake\...\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1 [x]Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112Startup: C:\Users\All Users\Start Menu\Programs\Startup\AsusVibeLauncher.lnkShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()Startup: C:\Users\All Users\Start Menu\Programs\Startup\Scrybe.lnkShortcutTarget: Scrybe.lnk -> C:\Windows\Installer\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe (Acresso Software Inc.)Startup: C:\Users\All Users\Start Menu\Programs\Startup\SetPointII.lnkShortcutTarget: SetPointII.lnk -> C:\Program Files\Logitech\SetPoint II\SetPointII.exe (Logitech Inc.)Startup: C:\Users\Default\Start Menu\Programs\Startup\Best Buy pc app.lnkShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)Startup: C:\Users\Default User\Start Menu\Programs\Startup\Best Buy pc app.lnkShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)Startup: C:\Users\UpdatusUser\Start Menu\Programs\Startup\Best Buy pc app.lnkShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)==================== Services (Whitelisted) ======2 ASLDRService; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [80512 2011-11-21] (ASUS)2 ATKGFNEXSrv; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2011-11-21] (ASUS)3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-05] ()2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-01-03] ()2 ScrybeUpdater; "C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe" [1300264 2011-05-27] (Synaptics, Inc.)2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2655768 2010-10-05] (Intel Corporation)2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [91464 2011-03-25] ()========================== Drivers (Whitelisted) =============3 AiCharger; C:\Windows\System32\Drivers\AiCharger.sys [17152 2012-01-30] (ASUSTek Computer Inc.)3 AiCharger; C:\Windows\SysWow64\Drivers\AiCharger.sys [17152 2012-01-30] (ASUSTek Computer Inc.)2 ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [15416 2009-07-02] (ASUS)1 ATKWMIACPIIO_; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-09-07] (ASUS)3 FLxHCIh; C:\Windows\System32\Drivers\FLxHCIh.sys [65024 2012-01-10] (Fresco Logic)3 kbfiltr; C:\Windows\System32\Drivers\kbfiltr.sys [15416 2009-07-20] ( )3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [22800 2012-01-26] (Synaptics Incorporated)0 sptd; C:\Windows\System32\Drivers\sptd.sys [503352 2011-09-29] (Duplex Secure Ltd.)========================== NetSvcs (Whitelisted) ======================= One Month Created Files and Folders ==============2012-07-22 03:41 - 2012-07-23 09:27 - 00000000 ____D C:\Users\All Users\NVIDIA2012-07-22 03:41 - 2012-07-22 03:41 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini2012-07-22 03:41 - 2011-08-03 03:50 - 03021416 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll2012-07-22 03:41 - 2011-08-03 03:50 - 00980072 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe2012-07-22 03:41 - 2011-08-03 03:50 - 00335976 ____A (NVIDIA Corporation) C:\Windows\System32\nvhotkey.dll2012-07-22 03:41 - 2011-08-03 03:50 - 00061544 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll2012-07-22 03:40 - 2012-07-22 03:40 - 00000000 ____D C:\Users\All Users\NVIDIA Corporation2012-07-22 03:40 - 2011-08-03 03:50 - 06136936 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll2012-07-22 03:40 - 2011-08-03 03:50 - 02560616 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll2012-07-22 03:40 - 2011-08-03 03:50 - 00836200 ____A (NVIDIA Corporation) C:\Windows\System32\easyupdatusapiu64.dll2012-07-22 03:40 - 2011-08-03 03:50 - 00117864 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll2012-07-21 11:44 - 2012-07-21 11:44 - 00607260 ____A (Swearware) C:\Users\Jake\Desktop\dds.scr2012-07-21 10:18 - 2012-07-21 10:18 - 04731392 ____A (AVAST Software) C:\Users\Jake\Desktop\aswMBR.exe2012-07-21 09:40 - 2012-07-21 09:40 - 00000116 ____A C:\Users\Jake\Desktop\asdf.txt2012-07-21 06:49 - 2012-07-21 06:49 - 00000000 ____D C:\TDSSKiller_Quarantine2012-07-21 06:43 - 2012-07-16 18:11 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Jake\Desktop\TDSSKiller.exe2012-07-21 06:35 - 2012-07-21 06:41 - 03450842 ____A C:\Users\Jake\Downloads\Kaspersky TDSSKiller 2.7.5.0.rar2012-07-21 06:22 - 2012-07-21 06:22 - 04582474 ____A (Swearware) C:\Users\Jake\Desktop\ComboFix.exe2012-07-21 05:53 - 2012-07-21 05:53 - 00290544 ____A C:\Windows\Minidump\072112-49592-01.dmp2012-07-19 18:05 - 2012-07-20 22:12 - 00000000 ____D C:\users\UpdatusUser.Jake-PC2012-07-17 17:21 - 2012-07-20 22:10 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%2012-07-16 22:53 - 2012-07-16 22:58 - 322773223 ____A C:\Users\Jake\Downloads\breaking.bad.s05e01_iwatchonline.org_97eb7.mp42012-07-14 21:45 - 2012-07-20 22:12 - 00000000 ____D C:\Users\Jake\Downloads\The Wire Season 12012-07-13 10:03 - 2012-07-04 01:54 - 00000000 ____D C:\Users\Jake\Downloads\Childish Gambino - Royalty (DatPiff.com)2012-07-05 00:59 - 2012-07-05 01:24 - 1286173590 ____A C:\Users\Jake\Downloads\BET.Awards.2012.480p.HDTV.x264-mSD.mkv2012-07-04 01:27 - 2012-07-04 01:27 - 00000000 ____D C:\Users\Jake\Downloads\Mac And Devin Go To Highschool (2012)2012-07-02 22:14 - 2012-07-02 22:36 - 00000000 ____D C:\Users\Jake\Downloads\Weeds S08E01 DVDSCR 720p FullHD x264-Aiden02012-07-02 22:13 - 2012-07-02 22:15 - 00000000 ____D C:\Users\Jake\Downloads\Weeds.Season.72012-06-28 00:02 - 2012-06-28 00:30 - 367019688 ____A C:\Users\Jake\Downloads\Breaking.Bad.S04E02.HDTV.XviD-ASAP.avi2012-06-27 21:45 - 2012-06-27 22:15 - 367516434 ____A C:\Users\Jake\Downloads\Breaking.Bad.S03E13.Full.Measure.HDTV.XviD-FQM.avi2012-06-27 21:40 - 2012-06-27 21:50 - 367528246 ____A C:\Users\Jake\Downloads\Breaking.Bad.S04E01.Box.Cutter.HDTV.XviD-FQM.avi2012-06-27 19:37 - 2012-06-27 19:38 - 00000000 ____D C:\Users\Jake\Downloads\Breaking.Bad.Season.42012-06-23 23:08 - 2012-06-23 23:08 - 00000000 ____D C:\Users\Jake\AppData\Local\Macromedia============ 3 Months Modified Files ========================2012-07-23 15:43 - 2011-10-18 17:22 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1925022697-2799853360-2442641128-1000UA.job2012-07-23 14:56 - 2009-07-13 21:13 - 00758558 ____A C:\Windows\System32\PerfStringBackup.INI2012-07-23 14:53 - 2009-07-13 20:51 - 00087097 ____A C:\Windows\setupact.log2012-07-23 14:36 - 2012-04-15 17:01 - 00000380 ____A C:\Users\Jake\AppData\Roaming\sp_data.sys2012-07-23 09:34 - 2009-07-13 20:45 - 00018736 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02012-07-23 09:34 - 2009-07-13 20:45 - 00018736 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02012-07-23 09:27 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT2012-07-23 01:57 - 2011-09-29 23:01 - 1562564168 ____A C:\Users\Jake\Downloads\debbie_w_1920.wmv2012-07-22 08:35 - 2011-06-11 09:12 - 01059321 ____A C:\Windows\WindowsUpdate.log2012-07-22 05:43 - 2011-10-18 17:22 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1925022697-2799853360-2442641128-1000Core.job2012-07-22 03:41 - 2012-07-22 03:41 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini2012-07-22 03:40 - 2011-09-29 12:11 - 00045056 ____A C:\Windows\System32\acovcnt.exe2012-07-21 13:44 - 2011-04-11 14:49 - 00023188 ____A C:\Windows\AsFac.log2012-07-21 13:44 - 2011-04-11 14:49 - 00005446 ____A C:\Windows\AsRecoveryHD.log2012-07-21 11:44 - 2012-07-21 11:44 - 00607260 ____A (Swearware) C:\Users\Jake\Desktop\dds.scr2012-07-21 10:18 - 2012-07-21 10:18 - 04731392 ____A (AVAST Software) C:\Users\Jake\Desktop\aswMBR.exe2012-07-21 10:00 - 2011-04-11 14:49 - 00345902 ____A C:\Windows\PFRO.log2012-07-21 09:40 - 2012-07-21 09:40 - 00000116 ____A C:\Users\Jake\Desktop\asdf.txt2012-07-21 06:41 - 2012-07-21 06:35 - 03450842 ____A C:\Users\Jake\Downloads\Kaspersky TDSSKiller 2.7.5.0.rar2012-07-21 06:22 - 2012-07-21 06:22 - 04582474 ____A (Swearware) C:\Users\Jake\Desktop\ComboFix.exe2012-07-21 05:53 - 2012-07-21 05:53 - 00290544 ____A C:\Windows\Minidump\072112-49592-01.dmp2012-07-21 05:53 - 2012-01-11 13:32 - 711264173 ____A C:\Windows\MEMORY.DMP2012-07-21 05:42 - 2009-07-13 21:08 - 00032622 ____A C:\Windows\Tasks\SCHEDLGU.TXT2012-07-17 17:15 - 2012-04-02 20:14 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2012-07-17 17:15 - 2011-10-01 23:39 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2012-07-16 22:58 - 2012-07-16 22:53 - 322773223 ____A C:\Users\Jake\Downloads\breaking.bad.s05e01_iwatchonline.org_97eb7.mp42012-07-16 18:11 - 2012-07-21 06:43 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Jake\Desktop\TDSSKiller.exe2012-07-13 23:01 - 2011-10-08 12:58 - 00283304 ____A C:\Windows\SysWOW64\PnkBstrB.xtr2012-07-13 23:01 - 2011-10-08 12:30 - 00283304 ____A C:\Windows\SysWOW64\PnkBstrB.exe2012-07-13 23:01 - 2011-10-08 12:30 - 00280904 ____A C:\Windows\SysWOW64\PnkBstrB.ex02012-07-05 01:24 - 2012-07-05 00:59 - 1286173590 ____A C:\Users\Jake\Downloads\BET.Awards.2012.480p.HDTV.x264-mSD.mkv2012-07-03 09:46 - 2011-10-02 13:10 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys2012-06-28 00:30 - 2012-06-28 00:02 - 367019688 ____A C:\Users\Jake\Downloads\Breaking.Bad.S04E02.HDTV.XviD-ASAP.avi2012-06-27 22:15 - 2012-06-27 21:45 - 367516434 ____A C:\Users\Jake\Downloads\Breaking.Bad.S03E13.Full.Measure.HDTV.XviD-FQM.avi2012-06-27 21:50 - 2012-06-27 21:40 - 367528246 ____A C:\Users\Jake\Downloads\Breaking.Bad.S04E01.Box.Cutter.HDTV.XviD-FQM.avi2012-06-19 12:43 - 2012-06-19 12:17 - 00093077 ____A C:\Users\Jake\Desktop\babeloggerv4.zip2012-06-18 22:28 - 2012-06-18 22:28 - 03878112 ____A C:\Users\Jake\Downloads\battlelog-web-plugins-1.122.0-retail-prod.exe2012-06-18 11:51 - 2012-05-01 18:02 - 00003584 ____A C:\Users\Jake\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2012-06-18 11:47 - 2012-06-18 11:47 - 00040899 ____A C:\Users\Jake\Desktop\Untitled.wma2012-06-18 00:16 - 2012-06-17 23:21 - 1128349310 ____A C:\Users\Jake\Downloads\Top Gear America - [02x06] - 2011.08.28 [720p x264 by MOMENTUM].mkv2012-06-16 00:39 - 2012-06-16 00:21 - 4071720718 ____A C:\Users\Jake\Downloads\Manny Pacquiao vs. Timothy Bradley HBO PPV (2012) 720p h264.mp42012-06-12 21:19 - 2012-06-12 08:43 - 1504816070 ____A C:\Users\Jake\Downloads\BangBus - Anal on the BangBus - Zarena Summers [720p].mp42012-06-12 20:59 - 2012-06-12 08:56 - 1363578198 ____A C:\Users\Jake\Downloads\Melody.Jordan.Redhead.does.some.anal.BangBus.06.06.12.HD_iyutero.com.mp42012-06-09 22:37 - 2012-06-09 21:51 - 367265856 ____A C:\Users\Jake\Downloads\Americas.Got.Talent.S07E04.HDTV.XviD-FQM.avi2012-06-09 00:04 - 2012-06-08 19:04 - 734768674 ____A C:\Users\Jake\Downloads\Americas.Got.Talent.S07E02.HDTV.XviD-FQM.avi2012-06-08 21:56 - 2012-06-08 21:06 - 367160064 ____A C:\Users\Jake\Downloads\Americas.Got.Talent.S07E03.HDTV.XviD-FQM.avi2012-06-02 14:19 - 2012-06-21 14:43 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll2012-06-02 14:19 - 2012-06-21 14:43 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll2012-06-02 14:19 - 2012-06-21 14:43 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe2012-06-02 14:19 - 2012-06-21 14:43 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll2012-06-02 14:19 - 2012-06-21 14:43 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll2012-06-02 14:15 - 2012-06-21 14:43 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll2012-06-02 14:15 - 2012-06-21 14:43 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll2012-06-02 14:15 - 2012-06-21 14:43 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver(45).dll2012-06-02 11:19 - 2012-06-21 14:43 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll2012-06-02 11:15 - 2012-06-21 14:43 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe2012-05-17 12:46 - 2012-05-17 12:46 - 00000024 ____A C:\Windows\ATKPF.ini2012-05-11 13:38 - 2012-05-11 13:38 - 00085784 ____A (Spotify Ltd) C:\Users\Jake\Downloads\SpotifySetup.exe2012-04-30 16:37 - 2012-04-30 16:37 - 00433536 ____A C:\Windows\Minidump\043012-31668-01.dmp2012-04-30 16:35 - 2012-04-30 16:35 - 00535528 ____A C:\Windows\Minidump\043012-25459-01.dmp2012-04-30 16:33 - 2012-04-30 16:32 - 00297904 ____A C:\Windows\Minidump\043012-25287-01.dmpZeroAccess:C:\Windows\Installer\{e6d103e4-a89e-97a4-3fd9-ecaae556d9f8}C:\Windows\Installer\{e6d103e4-a89e-97a4-3fd9-ecaae556d9f8}\@C:\Windows\Installer\{e6d103e4-a89e-97a4-3fd9-ecaae556d9f8}\LC:\Windows\Installer\{e6d103e4-a89e-97a4-3fd9-ecaae556d9f8}\UC:\Windows\Installer\{e6d103e4-a89e-97a4-3fd9-ecaae556d9f8}\L\00000004.@C:\Windows\Installer\{e6d103e4-a89e-97a4-3fd9-ecaae556d9f8}\L\1afb2d56C:\Windows\Installer\{e6d103e4-a89e-97a4-3fd9-ecaae556d9f8}\L\201d3ddeC:\Windows\Installer\{e6d103e4-a89e-97a4-3fd9-ecaae556d9f8}\U\00000004.@C:\Windows\Installer\{e6d103e4-a89e-97a4-3fd9-ecaae556d9f8}\U\00000008.@C:\Windows\Installer\{e6d103e4-a89e-97a4-3fd9-ecaae556d9f8}\U\000000cb.@C:\Windows\Installer\{e6d103e4-a89e-97a4-3fd9-ecaae556d9f8}\U\80000000.@C:\Windows\Installer\{e6d103e4-a89e-97a4-3fd9-ecaae556d9f8}\U\80000032.@C:\Windows\Installer\{e6d103e4-a89e-97a4-3fd9-ecaae556d9f8}\U\80000064.@ZeroAccess:C:\Windows\assembly\GAC_32\Desktop.iniZeroAccess:C:\Windows\assembly\GAC_64\Desktop.ini========================= Known DLLs (Whitelisted) ===================================== Bamital & volsnap Check ============C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.C:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit==================== EXE ASSOCIATION =====================HKLM\...\.exe: exefile => OKHKLM\...\exefile\DefaultIcon: %1 => OKHKLM\...\exefile\open\command: "%1" %* => OK========================= Memory info ======================Percentage of memory in use: 10%Total physical RAM: 8169.16 MBAvailable physical RAM: 7350.6 MBTotal Pagefile: 8167.31 MBAvailable Pagefile: 7344.76 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.88 MB======================= Partitions =========================1 Drive c: (OS) (Fixed) (Total:440.76 GB) (Free:218.4 GB) NTFS ==>[system with boot components (obtained from reading drive)]2 Drive e: (SDATA2) (Fixed) (Total:232.89 GB) (Free:232.79 GB) NTFS4 Drive g: () (Removable) (Total:1.88 GB) (Free:1.88 GB) FAT5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS6 Drive y: (SDATA1) (Fixed) (Total:232.87 GB) (Free:232.78 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 465 GB 0 B Disk 1 Online 465 GB 0 B Disk 2 Online 1930 MB 0 B Partitions of Disk 0:=============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 232 GB 1024 KB Partition 2 Primary 232 GB 232 GB==================================================================================Disk: 0Partition 1Type : 07Hidden: NoActive: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 1 Y SDATA1 NTFS Partition 232 GB Healthy ==================================================================================Disk: 0Partition 2Type : 07Hidden: NoActive: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 2 E SDATA2 NTFS Partition 232 GB Healthy ==================================================================================Partitions of Disk 1:=============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 25 GB 1024 KB Partition 2 Primary 440 GB 25 GB==================================================================================Disk: 1Partition 1Type : 1CHidden: YesActive: NoThere is no volume associated with this partition.==================================================================================Disk: 1Partition 2Type : 07Hidden: NoActive: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 3 C OS NTFS Partition 440 GB Healthy ==================================================================================Partitions of Disk 2:=============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 1930 MB 16 KB==================================================================================Disk: 2Partition 1Type : 06Hidden: NoActive: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 4 G FAT Removable 1930 MB Healthy ============================================================================================================================================Last Boot: 2012-07-17 22:24======================= End Of Log ==========================Search.txtFarbar Recovery Scan Tool Version: 20-07-2012 01Ran by SYSTEM at 2012-07-23 20:09:31Running from G:\================== Search: "services.exe" ===================C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCBC:\Windows\System32\services.exe[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06====== End Of Search ====== Link to post Share on other sites More sharing options...
MrCharlie Posted July 24, 2012 ID:575398 Share Posted July 24, 2012 OK, here you go......Please carefully carry out this procedure!!!!!!Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txtC:\Windows\Installer\{e6d103e4-a89e-97a4-3fd9-ecaae556d9f8}C:\Windows\assembly\GAC_32\Desktop.iniC:\Windows\assembly\GAC_64\Desktop.iniReplace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exeNOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating systemOn Vista or Windows 7: Now please enter System Recovery Options.Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.MrC Link to post Share on other sites More sharing options...
Jakez Posted July 24, 2012 Author ID:575504 Share Posted July 24, 2012 Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 20-07-2012 01Ran by SYSTEM at 2012-07-23 23:01:53 Run:1Running from G:\==============================================C:\Windows\Installer\{e6d103e4-a89e-97a4-3fd9-ecaae556d9f8} moved successfully.C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.C:\Windows\System32\services.exe moved successfully.C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe==== End of Fixlog ==== Link to post Share on other sites More sharing options...
MrCharlie Posted July 24, 2012 ID:575598 Share Posted July 24, 2012 Well Done, lets run ComboFix to clean up any left overs....Please download and run ComboFix.The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.Please visit this webpage for download links, and instructions for running ComboFixhttp://www.bleepingc...to-use-combofixEnsure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Information on disabling your malware programs can be found Here.Make sure you run ComboFix from your desktop. Give it at least 30-45 minutes to finish if needed.Please include the C:\ComboFix.txt in your next reply for further review.---------->NOTE<----------If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.MrC Link to post Share on other sites More sharing options...
Jakez Posted July 26, 2012 Author ID:576760 Share Posted July 26, 2012 ComboFix 12-07-26.04 - Jake 07/26/2012 3:50.1.8 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8169.6105 [GMT -4:00]Running from: c:\users\Jake\Desktop\ComboFix.exeSP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\programdata\Roamingc:\users\Jake\AppData\Local\TempDIRc:\windows\ac:\windows\a\V.wmvc:\windows\a\V1.wmvc:\windows\a\V10.wmvc:\windows\a\V11.wmvc:\windows\a\V12.wmvc:\windows\a\V13.wmvc:\windows\a\V2.wmvc:\windows\a\V3.wmvc:\windows\a\V4.wmvc:\windows\a\V5.wmvc:\windows\a\V6.wmvc:\windows\a\V7.wmvc:\windows\a\V8.wmvc:\windows\a\V9.wmvc:\windows\AsPatch10430001.exe..((((((((((((((((((((((((( Files Created from 2012-06-26 to 2012-07-26 )))))))))))))))))))))))))))))))..2012-07-24 04:04 . 2012-07-24 04:07 -------- d-----w- C:\FRST2012-07-22 11:41 . 2012-07-26 07:55 -------- d-----w- c:\programdata\NVIDIA2012-07-22 11:41 . 2012-07-22 11:41 -------- d-----w- c:\users\UpdatusUser2012-07-22 11:41 . 2011-08-03 11:50 61544 ----a-w- c:\windows\system32\nvshext.dll2012-07-22 11:41 . 2011-08-03 11:50 335976 ----a-w- c:\windows\system32\nvhotkey.dll2012-07-22 11:41 . 2011-08-03 11:50 980072 ----a-w- c:\windows\system32\nvvsvc.exe2012-07-22 11:41 . 2011-08-03 11:50 3021416 ----a-w- c:\windows\system32\nvsvc64.dll2012-07-22 11:40 . 2011-08-03 11:50 2560616 ----a-w- c:\windows\system32\nvsvcr.dll2012-07-22 11:40 . 2011-08-03 11:50 836200 ----a-w- c:\windows\system32\easyupdatusapiu64.dll2012-07-22 11:40 . 2011-08-03 11:50 6136936 ----a-w- c:\windows\system32\nvcpl.dll2012-07-22 11:40 . 2011-08-03 11:50 117864 ----a-w- c:\windows\system32\nvmctray.dll2012-07-22 11:40 . 2012-07-22 11:40 -------- d-----w- c:\programdata\NVIDIA Corporation2012-07-21 14:49 . 2012-07-21 14:49 -------- d-----w- C:\TDSSKiller_Quarantine2012-07-18 01:21 . 2012-07-21 06:10 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-07-26 08:01 . 2012-04-16 01:01 380 ----a-w- c:\users\Jake\AppData\Roaming\sp_data.sys2012-07-22 11:40 . 2011-09-29 20:11 45056 ----a-w- c:\windows\system32\acovcnt.exe2012-07-18 01:15 . 2012-04-03 04:14 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2012-07-18 01:15 . 2011-10-02 07:39 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2012-07-14 07:01 . 2011-10-08 20:58 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr2012-07-14 07:01 . 2011-10-08 20:30 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe2012-07-14 07:01 . 2011-10-08 20:30 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex02012-07-03 17:46 . 2011-10-02 21:10 24904 ----a-w- c:\windows\system32\drivers\mbam.sys2012-06-02 22:19 . 2012-06-21 22:43 38424 ----a-w- c:\windows\system32\wups.dll2012-06-02 22:19 . 2012-06-21 22:43 2428952 ----a-w- c:\windows\system32\wuaueng.dll2012-06-02 22:19 . 2012-06-21 22:43 57880 ----a-w- c:\windows\system32\wuauclt.exe2012-06-02 22:19 . 2012-06-21 22:43 44056 ----a-w- c:\windows\system32\wups2.dll2012-06-02 22:19 . 2012-06-21 22:43 701976 ----a-w- c:\windows\system32\wuapi.dll2012-06-02 22:15 . 2012-06-21 22:43 2622464 ----a-w- c:\windows\system32\wucltux.dll2012-06-02 22:15 . 2012-06-21 22:43 99840 ----a-w- c:\windows\system32\wudriver.dll2012-06-02 22:15 . 2012-06-21 22:43 99840 ----a-w- c:\windows\system32\wudriver(45).dll2012-06-02 19:19 . 2012-06-21 22:43 186752 ----a-w- c:\windows\system32\wuwebv.dll2012-06-02 19:15 . 2012-06-21 22:43 36864 ----a-w- c:\windows\system32\wuapp.exe..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"VAWinAgent"="c:\expressgateutil\VAWinAgent.exe" [2011-04-08 45448]"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]"THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2011-03-17 909312]"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2011-06-11 3058304]"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files (x86)\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2011-12-22 318080]"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2011-10-24 174720]"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]"ACMON"="c:\program files (x86)\ASUS\Splendid\ACMON.exe" [2012-02-06 102568]"FLxHCIm64"="c:\program files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe" [2012-01-15 48128]"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2012-02-02 2321072].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-11 548528]Scrybe.lnk - c:\windows\Installer\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe [2011-11-4 45056]SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetPointII.exe [2009-7-21 815104].c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-2-25 15776].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 0 (0x0)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0)"PromptOnSecureDesktop"= 0 (0x0).[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp.R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-06-11 79360]R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-06-11 79360]R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-21 113120]R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-01-05 340240]R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-08-03 290920]R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-01 1255736]R4 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-09-30 503352]S1 ATKWMIACPIIO_;ATKWMIACPI Driver_;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-09-07 17536]S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2010-11-07 499200]S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]S2 ScrybeUpdater;Scrybe Updater;c:\program files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2011-05-27 1300264]S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]S2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe [2011-03-26 91464]S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-11-07 869376]S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [2012-01-30 17152]S3 bpenum;Intel® Centrino® WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [2010-10-26 75264]S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [2010-10-26 173568]S3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys [2010-10-26 81408]S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [2012-01-10 219648]S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [2012-01-10 65024]S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [2008-03-13 27136]S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-09-21 56344]S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-01-04 8507392]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-04-22 471144]S3 SmbDrv;SmbDrv;c:\windows\system32\DRIVERS\Smb_driver.sys [2012-01-26 22800]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - WS2IFSL.Contents of the 'Scheduled Tasks' folder.2012-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1925022697-2799853360-2442641128-1000Core.job- c:\users\Jake\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-19 01:22].2012-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1925022697-2799853360-2442641128-1000UA.job- c:\users\Jake\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-19 01:22]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2010-09-14 25600]"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-31 12446824]"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-11-14 1605632]"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-01-05 1933584]"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]"LoadAppInit_DLLs"=0x0.------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = about:blankmStart Page = hxxp://asus.msn.commLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localTCP: DhcpNameServer = 65.32.5.111 65.32.5.112FF - ProfilePath - c:\users\Jake\AppData\Roaming\Mozilla\Firefox\Profiles\q5rqa2lp.default\FF - prefs.js: browser.startup.homepage - about:homeFF - user.js: extensions.BabylonToolbar_i.babTrack - affID=101641FF - user.js: extensions.BabylonToolbar_i.babExt -FF - user.js: extensions.BabylonToolbar_i.srcExt - ssFF - user.js: extensions.BabylonToolbar_i.id - be5d5a9d00000000000064d4da53670eFF - user.js: extensions.BabylonToolbar_i.hardId - be5d5a9d00000000000064d4da53670eFF - user.js: extensions.BabylonToolbar_i.instlDay - 15348FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.170:36FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylonFF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbarFF - user.js: extensions.BabylonToolbar_i.aflt - babsstFF - user.js: extensions.BabylonToolbar_i.smplGrp - noneFF - user.js: extensions.BabylonToolbar_i.tlbrId - baseFF - user.js: extensions.BabylonToolbar_i.instlRef - sstFF - user.js: extensions.incredibar_i.newTab - falseFF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6Oyt8Srwoy&loc=IB_TB&i=26&search=FF - user.js: extensions.incredibar_i.id - be5d5a9d00000000000064d4da53670eFF - user.js: extensions.incredibar_i.hardId - be5d5a9d00000000000064d4da53670eFF - user.js: extensions.incredibar_i.instlDay - 15387FF - user.js: extensions.incredibar_i.vrsn - 1.5.3.27FF - user.js: extensions.incredibar_i.vrsni - 1.5.3.27FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.3.274:11FF - user.js: extensions.incredibar_i.prtnrId - IncredibarFF - user.js: extensions.incredibar_i.prdct - incredibarFF - user.js: extensions.incredibar_i.aflt - orgnlFF - user.js: extensions.incredibar_i.smplGrp - noneFF - user.js: extensions.incredibar_i.tlbrId - baseFF - user.js: extensions.incredibar_i.instlRef -FF - user.js: extensions.incredibar_i.dfltLng -FF - user.js: extensions.incredibar_i.excTlbr - falseFF - user.js: extensions.incredibar_i.ms_url_id -FF - user.js: extensions.incredibar_i.upn2 - 6Oyt8SrwoyFF - user.js: extensions.incredibar_i.upn2n - 92260914793813306FF - user.js: extensions.incredibar_i.productid - 26FF - user.js: extensions.incredibar_i.installerproductid - 26FF - user.js: extensions.incredibar_i.did - 10589FF - user.js: extensions.incredibar_i.ppd -.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)Wow6432Node-HKCU-Run-Weather - c:\program files (x86)\AWS\WeatherBug\Weather.exeToolbar-Locked - (no file)HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exeHKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmdHKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exec:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exec:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\windows\SysWOW64\PnkBstrA.exec:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exec:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exec:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exec:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exec:\program files (x86)\ASUS\ASUS Live Update\LiveUpdate.exec:\program files (x86)\ASUS\FaceLogon\sensorsrv.exec:\program files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exec:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exec:\program files (x86)\Synaptics\Scrybe\scrybe.exec:\program files (x86)\ASUS\AI Recovery\AIRecoveryRemind.exe.**************************************************************************.Completion time: 2012-07-26 04:04:44 - machine was rebootedComboFix-quarantined-files.txt 2012-07-26 08:04.Pre-Run: 238,156,111,872 bytes freePost-Run: 243,243,368,448 bytes free.- - End Of File - - DC8628ABD3CE7F7A409671BF4D18FEF1 Link to post Share on other sites More sharing options...
Jakez Posted July 26, 2012 Author ID:576762 Share Posted July 26, 2012 I don't know why the list of .wmv video showed up in the top of the log but those are my videos from my android phone and shouldn't have anything to do with it.. unless they were infected? Heh.I really thank you for this, I consider myself pretty computer savvy or "internet savvy" more specifically and I've never really had a virus/malware problem in almost 10 years and that's without having any virus programs installed. I don't know how I got this one but it must have been pretty slick to get past me.. Link to post Share on other sites More sharing options...
MrCharlie Posted July 26, 2012 ID:576804 Share Posted July 26, 2012 I don't know why the list of .wmv video showed up in the top of the log but those are my videos from my android phone and shouldn't have anything to do with it.. unless they were infected? Heh.They were deleted because they shouldn't be there > store them in your documents, etc. not in Windows.Find this log and post it back here:C:\Qoobox\ComboFix-quarantined-files.txt---------------------------------Then..........Please Update and run a Quick Scan with MBAM, post the report.Make sure that everything is checked, and click Remove Selected.Please let me know how computer is running now, MrC Link to post Share on other sites More sharing options...
Jakez Posted July 26, 2012 Author ID:576972 Share Posted July 26, 2012 2012-07-26 08:04:06 . 2012-07-26 08:04:06 80 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-SynTPEnh.reg.dat2012-07-26 08:04:06 . 2012-07-26 08:04:06 80 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-Setwallpaper.reg.dat2012-07-26 08:04:06 . 2012-07-26 08:04:06 80 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-SynAsusAcpi.reg.dat2012-07-26 08:04:06 . 2012-07-26 08:04:06 92 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-Locked.reg.dat2012-07-26 08:03:55 . 2012-07-26 08:03:56 148 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKCU-Run-Weather.reg.dat2012-07-26 08:03:55 . 2012-07-26 08:03:55 104 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-Locked.reg.dat2012-07-26 07:53:06 . 2012-07-26 07:53:06 12,909 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg2012-07-26 07:49:02 . 2012-07-26 07:49:02 51 ----a-w- C:\Qoobox\Quarantine\catchme.log2012-05-02 22:26:57 . 2012-05-02 22:28:33 4,541,969 ----a-w- C:\Qoobox\Quarantine\C\Windows\a\V13.wmv.vir2012-05-02 22:20:20 . 2012-05-02 22:26:14 31,639,511 ----a-w- C:\Qoobox\Quarantine\C\Windows\a\V12.wmv.vir2012-05-02 22:08:37 . 2012-05-02 22:19:58 79,377,479 ----a-w- C:\Qoobox\Quarantine\C\Windows\a\V11.wmv.vir2012-05-02 22:01:58 . 2012-05-02 22:08:12 52,367,637 ----a-w- C:\Qoobox\Quarantine\C\Windows\a\V10.wmv.vir2012-05-02 21:57:22 . 2012-05-02 22:01:25 36,110,851 ----a-w- C:\Qoobox\Quarantine\C\Windows\a\V9.wmv.vir2012-05-02 21:54:47 . 2012-05-02 21:56:28 16,437,999 ----a-w- C:\Qoobox\Quarantine\C\Windows\a\V8.wmv.vir2012-05-02 21:51:52 . 2012-05-02 21:54:12 23,414,233 ----a-w- C:\Qoobox\Quarantine\C\Windows\a\V7.wmv.vir2012-05-02 21:48:19 . 2012-05-02 21:51:30 24,478,539 ----a-w- C:\Qoobox\Quarantine\C\Windows\a\V6.wmv.vir2012-05-02 03:39:43 . 2012-05-02 03:43:10 18,222,264 ----a-w- C:\Qoobox\Quarantine\C\Windows\a\V5.wmv.vir2012-05-02 03:16:36 . 2012-05-02 03:20:20 19,798,270 ----a-w- C:\Qoobox\Quarantine\C\Windows\a\V4.wmv.vir2012-05-02 03:06:47 . 2012-05-02 03:12:55 24,295,206 ----a-w- C:\Qoobox\Quarantine\C\Windows\a\V3.wmv.vir2012-05-02 03:00:52 . 2012-05-02 03:03:54 23,806,126 ----a-w- C:\Qoobox\Quarantine\C\Windows\a\V2.wmv.vir2012-05-02 02:52:21 . 2012-05-02 02:59:53 47,327,740 ----a-w- C:\Qoobox\Quarantine\C\Windows\a\V1.wmv.vir2012-05-02 02:31:49 . 2012-05-02 02:45:50 72,514,050 ----a-w- C:\Qoobox\Quarantine\C\Windows\a\V.wmv.vir2012-04-16 01:04:08 . 2010-07-29 20:50:56 154,240 ----a-w- C:\Qoobox\Quarantine\C\Windows\AsPatch10430001.exe.vir Link to post Share on other sites More sharing options...
Jakez Posted July 26, 2012 Author ID:576975 Share Posted July 26, 2012 Ran MBAM and it found nothing. I can goto Google now and click results without the malware redirecting me. I think everything is OK now Thank you!!! Link to post Share on other sites More sharing options...
MrCharlie Posted July 26, 2012 ID:576976 Share Posted July 26, 2012 Here you go......using ComboFix1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 3. Open notepad and copy/paste the text in the quotebox below into it:4. If ComboFix wants to update.....please allow it to.DeQuarantine:: 2012-05-02 22:26:57 . 2012-05-02 22:28:33 4,541,969 ----a-w- C:\Qoobox\Quarantine\C\Windows\a\V13.wmv.vir2012-05-02 22:20:20 . 2012-05-02 22:26:14 31,639,511 ----a-w- C:\Qoobox\Quarantine\C\Windows\a\V12.wmv.vir2012-05-02 22:08:37 . 2012-05-02 22:19:58 79,377,479 ----a-w- C:\Qoobox\Quarantine\C\Windows\a\V11.wmv.vir2012-05-02 22:01:58 . 2012-05-02 22:08:12 52,367,637 ----a-w- C:\Qoobox\Quarantine\C\Windows\a\V10.wmv.vir2012-05-02 21:57:22 . 2012-05-02 22:01:25 36,110,851 ----a-w- C:\Qoobox\Quarantine\C\Windows\a\V9.wmv.vir2012-05-02 21:54:47 . 2012-05-02 21:56:28 16,437,999 ----a-w- C:\Qoobox\Quarantine\C\Windows\a\V8.wmv.vir2012-05-02 21:51:52 . 2012-05-02 21:54:12 23,414,233 ----a-w- C:\Qoobox\Quarantine\C\Windows\a\V7.wmv.vir2012-05-02 21:48:19 . 2012-05-02 21:51:30 24,478,539 ----a-w- C:\Qoobox\Quarantine\C\Windows\a\V6.wmv.vir2012-05-02 03:39:43 . 2012-05-02 03:43:10 18,222,264 ----a-w- C:\Qoobox\Quarantine\C\Windows\a\V5.wmv.vir2012-05-02 03:16:36 . 2012-05-02 03:20:20 19,798,270 ----a-w- C:\Qoobox\Quarantine\C\Windows\a\V4.wmv.vir2012-05-02 03:06:47 . 2012-05-02 03:12:55 24,295,206 ----a-w- C:\Qoobox\Quarantine\C\Windows\a\V3.wmv.vir2012-05-02 03:00:52 . 2012-05-02 03:03:54 23,806,126 ----a-w- C:\Qoobox\Quarantine\C\Windows\a\V2.wmv.vir2012-05-02 02:52:21 . 2012-05-02 02:59:53 47,327,740 ----a-w- C:\Qoobox\Quarantine\C\Windows\a\V1.wmv.vir2012-05-02 02:31:49 . 2012-05-02 02:45:50 72,514,050 ----a-w- C:\Qoobox\Quarantine\C\Windows\a\V.wmv.virQuit:: Save this as CFScript.txt, in the same location as ComboFix.exeRefering to the picture above, drag CFScript into ComboFix.exeCAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.After reboot, (in case it asks to reboot)......Please provide the contents of the ComboFix log (C:\ComboFix.txt) in your next reply. MrC Link to post Share on other sites More sharing options...
MrCharlie Posted July 28, 2012 ID:577649 Share Posted July 28, 2012 How we doing???? MrC Link to post Share on other sites More sharing options...
Maurice Naggar Posted July 29, 2012 ID:578072 Share Posted July 29, 2012 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts