LCS213 Posted August 16, 2012 ID:585927 Share Posted August 16, 2012 I noticed something fishy when I'd constantly have browser redirects. I tried system restore, and it failed. Installed and ran malwarebytes and it keeps coming up with 5 infected files that when i delete and restart, they show up again. Here's hoping I'm following the instructions. I've attached the Malwarebytes log file, as well as the dds.txt and attach.txt files.Thanks in advance for any help you might be able to give.Attach.txtDDS.txtmbam-log-2012-08-15 (18-24-08).txt Link to post Share on other sites More sharing options...
LCS213 Posted August 16, 2012 Author ID:586186 Share Posted August 16, 2012 Looking at other topics that were responded to, I see that I was supposed to paste the logfiles. Here they are:Malwarebytes Log:Malwarebytes Anti-Malware (Trial) 1.62.0.1300www.malwarebytes.orgDatabase version: v2012.08.15.08Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421Len :: LEN-LAPTOP [administrator]Protection: Enabled8/15/2012 6:24:08 PMmbam-log-2012-08-15 (18-24-08).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 238428Time elapsed: 18 minute(s), 55 second(s)Memory Processes Detected: 1C:\Windows\svchost.exe (Trojan.Agent) -> 4604 -> Delete on reboot.Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 4C:\Windows\Installer\{0ee556e2-0177-ff41-7fc3-5bba1f66a5d7}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.C:\Windows\Installer\{0ee556e2-0177-ff41-7fc3-5bba1f66a5d7}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.C:\Windows\Installer\{0ee556e2-0177-ff41-7fc3-5bba1f66a5d7}\U\80000032.@ (Rootkit.0Access) -> Quarantined and deleted successfully.C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.(end)Attach.txt.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2011-08-26.01).Microsoft Windows 7 Home PremiumBoot Device: \Device\HarddiskVolume2Install Date: 5/20/2010 7:55:37 PMSystem Uptime: 8/15/2012 6:21:47 PM (4 hours ago).Motherboard: PEGATRON CORPORATION | | G60JXProcessor: Intel® Core i5 CPU M 430 @ 2.27GHz | Socket 989 | 1178/533mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 446 GiB total, 76.733 GiB free.F: is CDROM ()G: is CDROM ().==== Disabled Device Manager Items =============.Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}Description: sbwtisDevice ID: ROOT\LEGACY_SBWTIS\0000Manufacturer:Name: sbwtisPNP Device ID: ROOT\LEGACY_SBWTIS\0000Service: sbwtis.==== System Restore Points ===================.RP349: 8/5/2012 2:10:02 AM - Windows UpdateRP350: 8/8/2012 10:23:39 PM - Windows UpdateRP351: 8/11/2012 4:51:08 PM - Restore OperationRP352: 8/12/2012 2:10:24 PM - Installed Java 7 Update 5RP353: 8/12/2012 2:13:22 PM - Installed JavaFX 2.1.1RP354: 8/13/2012 7:44:15 AM - Restore Operation.==== Installed Programs ======================..Acrobat.comAd-Aware AntivirusAd-Aware Browsing ProtectionAdobe AIRAdobe Flash Player 11 ActiveXAdobe Reader X (10.1.3)AIM 7Aiseesoft Total Media Converter Platinum 6.3.8Amazon Add to Wish List IE Extension 1.1Amazon Games & Software DownloaderAmazon MP3 Downloader 1.0.15Amazon MP3 UploaderAmericasCardroomAnd Yet It Moves 1.50Angry BirdsAngry Birds Rio 1.3.2.0Angry Birds SpaceApple Application SupportApple Software UpdateASUS AI RecoveryASUS AP BankASUS Data Security ManagerASUS FancyStartASUS LifeFrame3ASUS Live UpdateASUS SmartLogonASUS Splendid Video Enhancement TechnologyASUS Virtual CameraASUS_ScreenSaver_GSeriesAtheros Client Installation ProgramAtheros Communications Inc.® AR81Family Gigabit/Fast Ethernet DriverAthtek Skype RecorderATK Generic Function ServiceATK HotkeyATK MediaATKOSD2Audacity 1.2.6Audacity 1.3.12 (Unicode)Auslogics BoostSpeedBetOnline Poker 8.2Bing BarBing Rewards Client InstallerBovadaPokerBS.Player PROCabosCamStudioCamStudio Lossless Codec v1.4Citrix XenApp Web PluginCogsControlDeckCrayon Physics Deluxe version 55Creative MediaSource 5D3DX10Diablo IIIDiner DashDownload Updater (AOL LLC)DVD Decrypter (Remove Only)DVD Shrink 3.2DVDneXtCOPY 3 UltimateEastside Hockey Manager v1.16ePrompterExpress GateFisher-Price iXL Computer SoftwareGEAR driver installer for x86 and x64Google ChromeGoogle Toolbar for Internet ExplorerGoogle Update HelperHandBrake 0.9.8Hide And SecretImgBurninMomentumIntel AppUp(SM) centerIntel® Management Engine ComponentsIntel® Turbo Boost Technology DriverInternet TV for Windows Media CenteriPhone Explorer 2.005Java Auto UpdaterJava 6 Update 29Java 7 Update 5JavaFX 2.1.1Junk Mail filter updateLAME v3.98.3 for AudacityLightScribe 1.4.136.1LIMBOLive InstallerLogitech Harmony Remote Software 7MachinariumMachinist2DLLMalwarebytes Anti-Malware version 1.62.0.1300Masque IGT Slots Lucky Larry's LobstermaniaMasque IGT Slots Wolf RunMavis Beacon Teaches Typing Platinum 20Media Player Classic - Home Cinema v1.5.0.2827Mesh RuntimeMicrosoft Games for Windows - LIVE RedistributableMicrosoft Games for Windows MarketplaceMicrosoft Office Live Add-in 1.5Microsoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft WorksMicrosoft XNA Framework Redistributable 3.1MintedPokerMintedPoker RealAvatarsmIRCMSVCRTMSVCRT_amd64MSXML 4.0 SP3 Parser (KB2721691)MSXML 4.0 SP3 Parser (KB973685)Napster Download ManagerNBA 2K12NTI Backup Now 5NTI Backup Now StandardNTI Digital Flix 2.5NTI Media Maker 8NVIDIA 3D Vision Controller DriverNVIDIA PerformanceNVIDIA PhysXNVIDIA Stereoscopic 3D DriverNVIDIA System MonitorObjectDock FreeOpenALOut of the Park Baseball 12Out of the Park Baseball 13Picasa 3PKRPokerStarsPokerTracker 3 (remove only)POP PeeperPortal 2PrimoPDF -- brought to you by Nitro PDF SoftwareProcess LassoQuickTimeReel Deal LiveRemote Control USB DriverRICOH R5U230 Media Driver ver.2.05.02.02RivaTuner v2.24 MSI Master Overclocking Arena 2009 editionRoboForm 7-1-3 (All Users)Roxio BurnRoxio Roxio BurnRoxio Update ManagerSairaSecurity Update for CAPICOM (KB931906)Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Skype™ 5.5Sound Blaster Audigy HDStarCraft IISteamSuper Meat Boy v1.5SuperMegaSpoof 2.0Team Fortress 2The Tournament Director 2TorchlightTotal Video Converter 3.14 080930TRAUMA version 1.0Trine 1.09TurboTax 2010TurboTax 2010 WinPerFedFormsetTurboTax 2010 WinPerReleaseEngineTurboTax 2010 WinPerTaxSupportTurboTax 2010 wnyiperTurboTax 2010 wrapperTurboTax 2011TurboTax 2011 WinPerFedFormsetTurboTax 2011 WinPerReleaseEngineTurboTax 2011 WinPerTaxSupportTurboTax 2011 wnyiperTurboTax 2011 wrapperUBUnity Web PlayerUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)VLC media player 2.0.1VuzeVVVVVV version 2.0Win7codecsWindows Live Communications PlatformWindows Live EssentialsWindows Live InstallerWindows Live MailWindows Live MeshWindows Live Mesh ActiveX Control for Remote ConnectionsWindows Live MessengerWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live SOXEWindows Live SOXE DefinitionsWindows Live SyncWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesWindows Media Center Add-in for FlashWindows Media Center Add-in for SilverlightWinFlashWinX DVD Ripper Platinum 6.8.5WinX HD Video Converter Deluxe 3.12.2Wireless Console 3Wootalyzer!World of GooYour Doodles Are Bugged!ZEN EntertainmentZombie ShooterZombie Shooter 2.==== Event Viewer Messages From Past Week ========.8/15/2012 7:13:26 AM, Error: Service Control Manager [7022] - The Ad-Aware service hung on starting.8/15/2012 6:25:16 PM, Error: Service Control Manager [7000] - The sbwtis service failed to start due to the following error: There are no more endpoints available from the endpoint mapper.8/15/2012 6:24:50 PM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).8/15/2012 6:24:50 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.8/15/2012 6:23:01 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-21470248918/15/2012 6:23:01 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-21470248918/15/2012 6:22:21 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.8/15/2012 6:22:21 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.8/15/2012 6:22:20 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.8/14/2012 1:13:09 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.8/13/2012 7:43:46 AM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004.==== End Of File ===========================dds.txt.DDS (Ver_2011-08-26.01) - NTFSAMD64Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1Run by Len at 22:17:22 on 2012-08-15Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3957.2143 [GMT -4:00].AV: Lavasoft Ad-Aware *Disabled/Outdated* {445B48C3-0FA4-6B16-8F07-6506F305D800}AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}SP: Lavasoft Ad-Aware *Disabled/Outdated* {FF3AA927-299E-6498-B5B7-5E74888292BD}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Program Files\NVIDIA Corporation\Display\nvxdsync.exeC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\FBAgent.exeC:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exeC:\Program Files\ATKGFNEX\GFNEXSrv.exeC:\Windows\System32\spoolsv.exeC:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXEC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exeC:\Windows\System32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\taskeng.exeC:\Program Files\Process Lasso\processlasso.exeC:\Program Files\P4G\BatteryLife.exeC:\Program Files (x86)\ASUS\Splendid\ACMON.exeC:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exeC:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exeC:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exeC:\Program Files\Process Lasso\processgovernor.exeC:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exeC:\Windows\SysWOW64\ACEngSvr.exeC:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exeC:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exeC:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exeC:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exeC:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Microsoft IntelliType Pro\itype.exeC:\Program Files\Microsoft IntelliPoint\ipoint.exeC:\Program Files\Microsoft Security Client\msseces.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files (x86)\POP Peeper\POPPeeper.exeC:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exeC:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exeC:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exeC:\Program Files\Synaptics\SynTP\SynTPHelper.exeC:\Program Files (x86)\ePrompter\ePrompter.exeC:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exeC:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exeC:\Program Files (x86)\ASUS\ATK Media\DMedia.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\Windows Media Player\wmpnetwk.exe-netsvcsC:\Windows\system32\conhost.exeC:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exeC:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exeC:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exeC:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exeC:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exeC:\Program Files (x86)\Stardock\ObjectDockFree\Dock64.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Microsoft\BingBar\BingBar.exeC:\Program Files (x86)\Microsoft\BingBar\BingApp.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXEC:\Windows\system32\taskeng.exeC:\Windows\explorer.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\consent.exeC:\Windows\SysWOW64\cmd.exeC:\Windows\system32\conhost.exeC:\Windows\SysWOW64\cscript.exe.============== Pseudo HJT Report ===============.uSearch Page = hxxp://www.google.comuStart Page = hxxp://www.bing.com/uDefault_Page_URL = hxxp://asus.msn.comuSearch Bar = hxxp://www.google.com/ieuDefault_Search_URL = hxxp://www.google.com/ieuInternet Settings,ProxyOverride = *.localuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%suURLSearchHooks: H - No FilemWinlogon: Userinit=userinit.exe,BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dllBHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dllBHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllBHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLLBHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dllTB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dllTB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllTB: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No FileuRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunuRun: [POP Peeper] "C:\Program Files (x86)\POP Peeper\POPPeeper.exe" -minuRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exeuRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exeuRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.exe -update activexmRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exemRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exemRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exemRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttraymRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScriptStartupFolder: C:\Users\Len\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EPROMP~1.LNK - C:\Program Files (x86)\ePrompter\ePrompter.exemPolicies-explorer: NoActiveDesktop = 1 (0x1)mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)mPolicies-system: PromptOnSecureDesktop = 0 (0x0)IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.htmlIE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.htmlIE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.htmlIE: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htmlIE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.htmlIE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.htmlIE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.htmlIE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exeIE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htmlIE: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htmIE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exeIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllLSP: mswsock.dllTrusted Zone: intuit.com\ttlcTrusted Zone: worldwinner.com\gsnTrusted Zone: worldwinner.com\wwwDPF: {038E2507-7A48-41E2-94AD-7F23D199AF4E} - hxxp://www.worldwinner.com/games/v54/zengems/zengems.cabDPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} - hxxp://www.worldwinner.com/games/v47/skillgam/skillgam.cabDPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://gsn.worldwinner.com/games/v47/shared/FunGamesLoader.cabDPF: {1D082E71-DF20-4AAF-863B-596428C49874} - hxxp://www.worldwinner.com/games/v50/tpir/tpir.cabDPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} - hxxp://www.worldwinner.com/games/v48/brickout/brickout.cabDPF: {2E062718-4B2D-4926-9E31-36ECB6F4F273} - hxxp://www.worldwinner.com/games/v46/nhltrivia/nhltrivia.cabDPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} - hxxp://www.worldwinner.com/games/v50/pool/pool.cabDPF: {4AB16005-E995-4A60-89DE-8B8A3E6EB5B0} - hxxp://www.worldwinner.com/games/v56/trivialpursuit/trivialpursuit.cabDPF: {555F1BBC-6EC2-474F-84AF-633EF097FF54} - hxxp://www.worldwinner.com/games/v53/wwhearts/wwhearts.cabDPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} - hxxp://www.worldwinner.com/games/v63/bjattack/bja.cabDPF: {61900274-3323-4446-BDCD-91548D32AF1B} - hxxp://www.worldwinner.com/games/v56/spidersolitaire/spidersolitaire.cabDPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} - hxxp://www.worldwinner.com/games/v49/blockwerx/blockwerx.cabDPF: {64CD313F-F079-4D93-959F-4D28B5519449} - hxxp://www.worldwinner.com/games/v56/jeopardy/jeopardy.cabDPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} - hxxp://www.worldwinner.com/games/v41/freecell/freecell.cabDPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cabDPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabDPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} - hxxp://www.worldwinner.com/games/launcher/ie/v2.23.01.0/iewwload.cabDPF: {94299420-321F-4FF9-A247-62A23EBB640B} - hxxp://www.worldwinner.com/games/v46/wordmojo/wordmojo.cabDPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} - hxxp://www.worldwinner.com/games/v51/bejeweledtwist/bejeweledtwist.cabDPF: {97438FE9-D361-4279-BA82-98CC0877A717} - hxxp://www.worldwinner.com/games/v57/cubis/cubis.cabDPF: {A021A215-6CDC-44B4-8C16-90491CED9605} - hxxp://www.worldwinner.com/games/v68/clue/clue.cabDPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cabDPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} - hxxp://www.worldwinner.com/games/v41/hangman/hangman.cabDPF: {BA35B9B8-DE9E-47C9-AFA7-3C77E3DDFD39} - hxxp://www.worldwinner.com/games/v46/monopoly/monopoly.cabDPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} - hxxp://www.worldwinner.com/games/v42/tilecity/tilecity.cabDPF: {BB637307-92FA-47EC-B3F7-6969078673CC} - hxxp://www.worldwinner.com/games/v45/royal/royal.cabDPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} - hxxp://www.worldwinner.com/games/v52/dinerdash/dinerdash.cabDPF: {C82BB209-F528-46F9-96D5-69DEF7260916} - hxxp://www.worldwinner.com/games/v45/mysterypi/mysterypi.cabDPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} - hxxp://www.worldwinner.com/games/v43/paint/paint.cabDPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabDPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} - hxxp://www.worldwinner.com/games/v44/golfsol/golfsol.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabDPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} - hxxp://www.worldwinner.com/games/v54/wwspades/wwspades.cabDPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} - ms-its:C:\Program Files (x86)\The Tournament Director 2\TD.lib::/comdlg32.cabTCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1 209.18.47.61 209.18.47.62TCP: Interfaces\{44475E00-31CC-46AA-81C3-7DC54C8DB8FB} : DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1 209.18.47.61 209.18.47.62TCP: Interfaces\{44475E00-31CC-46AA-81C3-7DC54C8DB8FB}\D416272796F64747745756374775962756C6563737 : DhcpNameServer = 4.2.2.1Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLLHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Athtek Skype Recorder\accsky.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllBHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO-X64: AcroIEHelperStub - No FileC:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dllBHO-X64: RoboForm BHO - No FileBHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dllBHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllBHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLLBHO-X64: URLRedirectionBHO - No FileBHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dllTB-X64: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dllTB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllTB-X64: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No FilemRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exemRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exemRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exemRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttraymRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScriptIE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.htmlIE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.htmlIE-X64: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exeIE-X64: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htmlIE-X64: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htmIE-X64: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exeIE-X64: {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Users\Len\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UB\UB.lnk.============= SERVICES / DRIVERS ===============.R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2010-2-23 14904]R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?].=============== Created Last 30 ================.2012-08-12 18:14:06 -------- d-----w- C:\Program Files (x86)\Oracle2012-08-12 18:13:10 772544 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll2012-08-12 00:33:17 20480 ------w- C:\Windows\svchost.exe2012-08-12 00:14:19 -------- d-----w- C:\Virus Logs2012-08-12 00:06:53 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2012-08-09 22:28:33 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%2012-08-09 02:25:04 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E237809C-1E02-4432-9909-B13690E0764D}\mpengine.dll2012-08-08 02:07:49 110592 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\760E.tmp.dat2012-08-07 12:59:06 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2012-08-02 11:19:27 -------- d-----w- C:\Program Files\iPod2012-08-02 11:19:24 -------- d-----w- C:\Program Files\iTunes2012-08-02 11:19:24 -------- d-----w- C:\Program Files (x86)\iTunes2012-08-01 03:32:11 -------- d-----w- C:\Users\Len\AppData\Local\Intuit2012-07-18 00:23:53 -------- d-----w- C:\AmericasCardroom.==================== Find3M ====================.2012-08-15 22:22:34 45056 ----a-w- C:\Windows\System32\acovcnt.exe2012-08-05 12:51:44 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2012-08-05 12:51:43 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2012-07-06 02:06:20 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll2012-07-03 17:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys2012-06-25 20:04:24 1394248 ----a-w- C:\Windows\SysWow64\msxml4.dll2012-06-12 03:08:36 3148800 ----a-w- C:\Windows\System32\win32k.sys2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll.============= FINISH: 22:21:51.77 ===============Thanks! Link to post Share on other sites More sharing options...
MrCharlie Posted August 16, 2012 ID:586190 Share Posted August 16, 2012 Welcome to the forum.Please remove any usb or external drives from the computer before you run this scan!Please download and run RogueKiller to your desktop.For Windows XP, double-click to start.For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.Click Scan to scan the system. When the scan completes > Close out the program > Don't Fix anything!Don't run any other options, they're not all bad!!!!!!!Post back the report which should be located on your desktop.MrC Link to post Share on other sites More sharing options...
LCS213 Posted August 16, 2012 Author ID:586202 Share Posted August 16, 2012 Thanks. Here's the report:RogueKiller V7.6.6 [08/10/2012] by Tigzymail: tigzyRK<at>gmail<dot>comFeedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/Blog: http://tigzyrk.blogspot.comOperating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser: Len [Admin rights]Mode: Scan -- Date: 08/16/2012 15:25:06¤¤¤ Bad processes: 0 ¤¤¤¤¤¤ Registry Entries: 2 ¤¤¤[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Particular Files / Folders: ¤¤¤[ZeroAccess][FILE] @ : c:\windows\installer\{0ee556e2-0177-ff41-7fc3-5bba1f66a5d7}\@ --> FOUND[ZeroAccess][FOLDER] U : c:\windows\installer\{0ee556e2-0177-ff41-7fc3-5bba1f66a5d7}\U --> FOUND[ZeroAccess][FOLDER] L : c:\windows\installer\{0ee556e2-0177-ff41-7fc3-5bba1f66a5d7}\L --> FOUND¤¤¤ Driver: [NOT LOADED] ¤¤¤¤¤¤ Infection : ZeroAccess|Root.MBR ¤¤¤¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: ST9500420AS +++++--- User ---[MBR] 9e37beb4a6675997f9848906d2c55c75[bSP] 430eaf6ed8558d670d2c84579f07828f : Windows Vista MBR CodePartition table:0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 20001 Mo1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 40965750 | Size: 456936 MoUser != LL1 ... KO!--- LL1 ---[MBR] 0d2be8d6efdda67dd62089139f5893b9[bSP] 430eaf6ed8558d670d2c84579f07828f : Windows Vista MBR CodePartition table:1 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 20001 Mo2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 40965750 | Size: 456936 MoUser != LL2 ... KO!--- LL2 ---[MBR] 0d2be8d6efdda67dd62089139f5893b9[bSP] 430eaf6ed8558d670d2c84579f07828f : Windows Vista MBR CodePartition table:1 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 2048 | Size: 20001 Mo2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 40965750 | Size: 456936 MoFinished : << RKreport[1].txt >>RKreport[1].txt Link to post Share on other sites More sharing options...
MrCharlie Posted August 16, 2012 ID:586210 Share Posted August 16, 2012 ¤¤¤ Infection : ZeroAccess|Root.MBR ¤¤¤Here you go......Your computer is infected with a nasty rootkit. Please read the following information first.You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.BACKDOOR WARNING------------------------------One or more of the identified infections is known to use a backdoor.This allows hackers to remotely control your computer, steal critical system information and download and execute files.I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?http://www.dslreports.com/faq/10451When Should I Format, How Should I Reinstallhttp://www.dslreports.com/faq/10063I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.-----------------------------------------Please make sure system restore is running and create a new restore point before continuing!For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.How to tell > 32 or 64 bitPlug the flashdrive into the infected PC.Enter System Recovery Options.To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Select US as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Select US as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press EnterNote: Replace letter e with the drive letter of your flash drive.[*]The tool will start to run.[*]When the tool opens click Yes to disclaimer.[*]Press Scan button.[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:services.exe[*]Now press the Search button[*]When the search is complete, search.txt will also be written to your USB[*]Type exit and reboot the computer normally[*]Please copy and paste both logs in your reply.(FRST.txt and Search.txt)MrC Link to post Share on other sites More sharing options...
LCS213 Posted August 17, 2012 Author ID:586347 Share Posted August 17, 2012 Gulp...not the answer I was looking to hear, but much thanks for the help. One question I have...is it safe to back up regular files from this pc? Link to post Share on other sites More sharing options...
MrCharlie Posted August 17, 2012 ID:586349 Share Posted August 17, 2012 Yes it is, if you use a usb flash drive:http://research.pandasecurity.com/Panda-USB-and-AutoRun-Vaccine/ MrC Link to post Share on other sites More sharing options...
Maurice Naggar Posted August 19, 2012 ID:587277 Share Posted August 19, 2012 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts