Jump to content

Ad redirect malware/virus


SAFC

Recommended Posts

I have been redirected from Google search whenever I try and click on a search item. My anti virus software says there is a virus in the System32 folder, called services.exe

I have followed the instructions and here are my logs from DDS.

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 1.6.0_31

Run by Jonathan at 14:42:52 on 2012-11-21

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.5994.3728 [GMT 0:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\PROGRA~2\AVG\AVG2012\avgrsa.exe

C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\system32\atiesrxx.exe

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\system32\WLANExt.exe

C:\windows\System32\spoolsv.exe

C:\windows\system32\atieclxx.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Prey\platform\windows\cronsvc.exe

C:\windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Program Files (x86)\Common Files\Motive\McciCMService.exe

C:\windows\System32\svchost.exe -k HPZ12

C:\windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

C:\Program Files\Intel\TurboBoost\TurboBoost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe

C:\Program Files (x86)\AVG\AVG2012\avgemca.exe

C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe

C:\windows\system32\taskhost.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\windows\system32\svchost.exe -k HPService

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

C:\Program Files (x86)\Samsung\Kies\Kies.exe

C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe

C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files (x86)\CyberLink\Shared files\brs.exe

C:\windows\system32\taskeng.exe

C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe

C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\windows\SysWOW64\RunDll32.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe

C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

C:\windows\system32\msiexec.exe

C:\windows\system32\vssvc.exe

C:\windows\System32\svchost.exe -k swprv

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\windows\system32\SearchIndexer.exe

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\SearchFilterHost.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://samsung.msn.com

uDefault_Page_URL = hxxp://samsung.msn.com

mStart Page = hxxp://samsung.msn.com

mWinlogon: Userinit = userinit.exe,

BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload

uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"

uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup

uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

mRun: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe

mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

StartupFolder: C:\Users\Jonathan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

StartupFolder: C:\Users\Jonathan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut11_C03C290FA6F54A2B8A2DFE2786A1E275.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: NameServer = 192.168.0.1

TCP: Interfaces\{1AB62972-70EA-451D-AD14-5B7D095FF2C6} : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{FED95CAF-7787-416D-AF9F-CF756C5F4672} : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{FED95CAF-7787-416D-AF9F-CF756C5F4672}\05F6C697E656379616 : DHCPNameServer = 192.168.2.1 194.168.4.100 194.168.8.100

TCP: Interfaces\{FED95CAF-7787-416D-AF9F-CF756C5F4672}\245624F687138344441493 : DHCPNameServer = 192.168.1.254

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll

x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll

x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\45ksob1q.default-1353505180046\

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\drivers\avgidsha.sys [2012-4-19 28480]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\drivers\avgrkx64.sys [2012-1-31 36944]

R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\drivers\avgldx64.sys [2012-7-26 291680]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\drivers\avgmfx64.sys [2011-12-23 47696]

R1 Avgtdia;AVG TDI Driver;C:\windows\System32\drivers\avgtdia.sys [2012-8-24 384352]

R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\windows\System32\drivers\SABI.sys [2010-11-4 13824]

R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/11/04 09:40:27];C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [2010-2-24 146928]

R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2010-11-4 203264]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-8-13 5167736]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]

R2 CronService;Cron Service for Prey;C:\Prey\platform\windows\cronsvc.exe [2011-2-15 19968]

R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-1-23 92592]

R2 TurboB;Turbo Boost UI Monitor driver;C:\windows\System32\drivers\TurboB.sys [2010-4-16 13832]

R2 TurboBoost;Intel® Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-16 134928]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\windows\System32\drivers\AtihdW76.sys [2010-11-4 116240]

R3 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\drivers\avgidsdrivera.sys [2011-12-23 124496]

R3 AVGIDSFilter;AVGIDSFilter;C:\windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776]

R3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2010-11-4 158976]

S2 CLKMSVC10_9EC60124;CyberLink Product - 2011/07/11 13:47:28;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-11-18 240112]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S3 btwampfl;Bluetooth AMP USB Filter;C:\windows\System32\drivers\btwampfl.sys [2011-6-22 344616]

S3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\drivers\btwl2cap.sys [2011-6-22 39464]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\windows\System32\drivers\ssudbus.sys [2012-10-12 102368]

S3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\windows\System32\drivers\ssudmdm.sys [2012-10-12 203104]

S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2011-7-11 59392]

S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2011-5-10 51712]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-6-26 1255736]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\System32\drivers\yk62x64.sys [2009-9-28 395264]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-11-21 14:16:20 -------- d-----w- C:\Users\Jonathan\AppData\Roaming\Malwarebytes

2012-11-21 14:16:13 -------- d-----w- C:\ProgramData\Malwarebytes

2012-11-21 14:16:12 25928 ----a-w- C:\windows\System32\drivers\mbam.sys

2012-11-21 14:16:12 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-11-20 01:26:18 -------- d-sh--w- C:\windows\SysWow64\%APPDATA%

2012-11-20 01:22:54 -------- d-----w- C:\Program Files (x86)\VideoLAN

2012-11-20 01:20:47 220160 ----a-w- C:\ProgramData\Microsoft\Media Tools\MediaIconsOverlays.dll

2012-11-20 01:20:37 -------- d-----w- C:\Program Files (x86)\Mega Codec Pack

2012-11-17 22:47:24 -------- d-----w- C:\Users\Jonathan\AppData\Local\{1488F06C-4B8C-481E-A5FE-A7AECC7BF8DB}

2012-11-14 23:50:31 9728 ----a-w- C:\windows\System32\Wdfres.dll

2012-11-14 23:50:31 785512 ----a-w- C:\windows\System32\drivers\Wdf01000.sys

2012-11-14 23:50:31 54376 ----a-w- C:\windows\System32\drivers\WdfLdr.sys

2012-11-14 23:50:31 2560 ----a-w- C:\windows\System32\drivers\en-US\wdf01000.sys.mui

2012-11-14 23:45:32 87040 ----a-w- C:\windows\System32\drivers\WUDFPf.sys

2012-11-14 23:45:32 198656 ----a-w- C:\windows\System32\drivers\WUDFRd.sys

2012-11-14 23:45:31 84992 ----a-w- C:\windows\System32\WUDFSvc.dll

2012-11-14 23:45:31 744448 ----a-w- C:\windows\System32\WUDFx.dll

2012-11-14 23:45:31 45056 ----a-w- C:\windows\System32\WUDFCoinstaller.dll

2012-11-14 23:45:31 229888 ----a-w- C:\windows\System32\WUDFHost.exe

2012-11-14 23:45:31 194048 ----a-w- C:\windows\System32\WUDFPlatform.dll

2012-11-14 23:33:52 55296 ----a-w- C:\windows\System32\dhcpcsvc6.dll

2012-11-14 23:33:52 44032 ----a-w- C:\windows\SysWow64\dhcpcsvc6.dll

2012-11-14 23:33:52 226816 ----a-w- C:\windows\System32\dhcpcore6.dll

2012-11-14 23:33:52 193536 ----a-w- C:\windows\SysWow64\dhcpcore6.dll

2012-11-14 23:32:47 3149824 ----a-w- C:\windows\System32\win32k.sys

2012-11-14 23:31:47 70656 ----a-w- C:\windows\System32\nlaapi.dll

2012-11-14 23:31:47 569344 ----a-w- C:\windows\System32\iphlpsvc.dll

2012-11-14 23:31:47 52224 ----a-w- C:\windows\SysWow64\nlaapi.dll

2012-11-14 23:31:47 45568 ----a-w- C:\windows\System32\drivers\tcpipreg.sys

2012-11-14 23:31:47 303104 ----a-w- C:\windows\System32\nlasvc.dll

2012-11-14 23:31:47 246272 ----a-w- C:\windows\System32\netcorehc.dll

2012-11-14 23:31:47 216576 ----a-w- C:\windows\System32\ncsi.dll

2012-11-14 23:31:47 1914248 ----a-w- C:\windows\System32\drivers\tcpip.sys

2012-11-14 23:31:47 18944 ----a-w- C:\windows\SysWow64\netevent.dll

2012-11-14 23:31:47 18944 ----a-w- C:\windows\System32\netevent.dll

2012-11-14 23:31:47 175104 ----a-w- C:\windows\SysWow64\netcorehc.dll

2012-11-14 23:31:47 156672 ----a-w- C:\windows\SysWow64\ncsi.dll

2012-11-14 23:25:35 95744 ----a-w- C:\windows\System32\synceng.dll

2012-11-14 23:25:35 78336 ----a-w- C:\windows\SysWow64\synceng.dll

.

==================== Find3M ====================

.

2012-11-21 14:42:04 29 ----a-w- C:\windows\SysWow64\TempWmicBatchFile.bat

2012-09-20 04:35:36 203104 ----a-w- C:\windows\System32\drivers\ssudmdm.sys

2012-09-20 04:35:36 102368 ----a-w- C:\windows\System32\drivers\ssudbus.sys

2012-09-14 19:19:29 2048 ----a-w- C:\windows\System32\tzres.dll

2012-09-14 18:28:53 2048 ----a-w- C:\windows\SysWow64\tzres.dll

2012-08-31 18:19:35 1659760 ----a-w- C:\windows\System32\drivers\ntfs.sys

2012-08-30 18:03:45 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe

2012-08-30 17:12:02 3968880 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe

2012-08-30 17:12:02 3914096 ----a-w- C:\windows\SysWow64\ntoskrnl.exe

2012-08-24 18:05:07 220160 ----a-w- C:\windows\System32\wintrust.dll

2012-08-24 16:57:48 172544 ----a-w- C:\windows\SysWow64\wintrust.dll

2012-08-24 14:43:16 384352 ----a-w- C:\windows\System32\drivers\avgtdia.sys

.

============= FINISH: 14:44:56.30 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 22/06/2011 16:41:27

System Uptime: 21/11/2012 14:21:16 (0 hours ago)

.

Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | R540/R580/R780/SA41/E452/E852

Processor: Intel® Core i5 CPU M 480 @ 2.67GHz | CPU 1 | 2667/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 231 GiB total, 144.091 GiB free.

D: is FIXED (NTFS) - 345 GiB total, 344.964 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Deskjet F4500 series

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Deskjet F4500 series

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Marvell Yukon 88E8040 Family PCI-E Fast Ethernet Controller

Device ID: PCI\VEN_11AB&DEV_4354&SUBSYS_C07F144D&REV_00\4&E975540&0&00E3

Manufacturer: Marvell

Name: Marvell Yukon 88E8040 Family PCI-E Fast Ethernet Controller

PNP Device ID: PCI\VEN_11AB&DEV_4354&SUBSYS_C07F144D&REV_00\4&E975540&0&00E3

Service: yukonw7

.

Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}

Description: Broadcom BCM2070 Bluetooth 3.0 + HS USB Device

Device ID: USB\VID_0A5C&PID_219C\B4749F8D87D3

Manufacturer: Broadcom

Name: Broadcom BCM2070 Bluetooth 3.0 + HS USB Device

PNP Device ID: USB\VID_0A5C&PID_219C\B4749F8D87D3

Service: BTHUSB

.

Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}

Description: Deskjet F4500 series

Device ID: ROOT\IMAGE\0000

Manufacturer: HP

Name: Deskjet F4500 series

PNP Device ID: ROOT\IMAGE\0000

Service: StillCam

.

==== System Restore Points ===================

.

RP124: 27/09/2012 21:04:48 - Windows Update

RP125: 09/10/2012 23:26:43 - Installed PowerDVD

RP126: 12/10/2012 11:03:06 - Windows Update

RP127: 28/10/2012 11:31:51 - Windows Update

RP128: 14/11/2012 23:44:11 - Windows Update

RP129: 21/11/2012 13:58:04 - Windows Modules Installer

RP130: 21/11/2012 14:38:57 - Removed Adobe Reader X (10.1.4).

.

==== Installed Programs ======================

.

???? ??? Windows Live

???? Windows Live

????? Messenger

????? Windows Live

?????? ??????? ?? Windows Live

???????? ?? Messenger

???????? ?????????? Windows Live

????????? Messenger

?????????? Windows Live

??????????? ?? Windows Live

64 Bit HP CIO Components Installer

Adobe AIR

Amazon MP3 Downloader 1.0.15

„Messenger“ pagalbine priemone

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Atheros Client Installation Program

ATI Catalyst Install Manager

AVG 2012

„Windows Live Essentials“

„Windows Live Mail“

„Windows Live Messenger“

„Windows Live“ fotogalerija

BatteryLifeExtender

BBC iPlayer Desktop

Bonjour

Broadcom 802.11 Network Adapter

BTHomeHub

BufferChm

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CCleaner

Complemento Messenger

Complément Messenger

Copy

CyberLink Blu-ray Disc Suite

CyberLink MediaShow

CyberLink PhotoNow

CyberLink Power2Go

CyberLink PowerDirector

CyberLink PowerDVD 9

CyberLink YouCam

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Destinations

DeviceDiscovery

DJ_AIO_06_F4500_SW_MIN

Doplnok programu Messenger

Dropbox

Easy Content Share

Easy Display Manager

Easy Network Manager

Easy SpeedUp Manager

EasyBatteryManager

EasyFileShare

Fotogalerija Windows Live

Galeria de Fotografias do Windows Live

Galeria fotografii uslugi Windows Live

Galerie de photos Windows Live

Galerie foto Windows Live

Galería fotográfica de Windows Live

GoToAssist Corporate

Hewlett-Packard ACLM.NET v1.1.0.0

Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)

HP Deskjet F4500 All-in-One Driver 14.0 Rel. 6

HP Imaging Device Functions 14.0

HP Product Detection

Intel® Rapid Storage Technology

Intel® Turbo Boost Technology Driver

Intel® Turbo Boost Technology Monitor

iTunes

Java Auto Updater

Java 6 Update 31

Junk Mail filter update

Kies Air Discovery Service

Malwarebytes Anti-Malware version 1.65.1.1000

Marvell Miniport Driver

Mesh Runtime

Messenger-kumppani

Messenger ??? ??

Messenger ????

Messenger ?????

Messenger Assistent

Messenger Companion

Messenger kíséro

Messenger Pratilac

Messenger Suradnik

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Office 2010

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Mozilla Firefox 16.0.2 (x86 en-US)

Mozilla Maintenance Service

Mozilla Thunderbird (7.0.1)

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MyFreeCodec

Network64

OpenOffice.org 3.3

Poczta uslugi Windows Live

Podstawowe programy Windows Live

Pomocnik Messenger

Pošta Windows Live

QuickTime

Raccolta foto di Windows Live

Realtek High Definition Audio Driver

S?????? f?t???af??? t?? Windows Live

Samsung Kies

Samsung Recovery Solution 4

Samsung Support Center

Samsung Update Plus

SAMSUNG USB Driver for Mobile Phones

SamsungMovie

Scan

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition

Sky Go Desktop

Skype™ 5.10

Spremljevalec Messenger

SRS Premium Sound Control Panel

Status

Synaptics Pointing Device Driver

TomTom HOME 2.8.3.2499

TomTom HOME Visual Studio Merge Modules

Toolbox

TrayApp

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

User Guide

Visual Studio 2008 x64 Redistributables

WIDCOMM Bluetooth Software

Windows Live

Windows Live ??

Windows Live ?? ???

Windows Live ???

Windows Live ????

Windows Live Communications Platform

Windows Live Essentials

Windows Live Fotótár

Windows Live Foto-galerija

Windows Live fotoattelu galerija

Windows Live Fotogalerie

Windows Live Fotogalleri

Windows Live Fotogaléria

Windows Live Fotograf Galerisi

Windows Live Galeria de Fotos

Windows Live Galerija fotografija

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Pošta

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Temel Parçalar

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Liven asennustyökalu

Windows Liven sähköposti

Windows Liven valokuvavalikoima

.

==== Event Viewer Messages From Past Week ========

.

21/11/2012 14:24:40, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

21/11/2012 14:24:40, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891

21/11/2012 14:22:00, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

21/11/2012 14:21:58, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

21/11/2012 14:21:55, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

21/11/2012 14:05:41, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

21/11/2012 14:05:41, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.

17/11/2012 20:31:09, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.

17/11/2012 20:02:54, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Cyberlink RichVideo Service(CRVS) service to connect.

17/11/2012 20:02:54, Error: Service Control Manager [7000] - The Cyberlink RichVideo Service(CRVS) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

.

==== End Of File ===========================

Link to post
Share on other sites

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 48 hours, please send me a PM)

Link to post
Share on other sites

Thanks for the swift reply.

Here is the report from RogueKiller

RogueKiller V8.3.1 [Nov 20 2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website: http://tigzy.geekstogo.com/roguekiller.php

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Jonathan [Admin rights]

Mode : Scan -- Date : 11/21/2012 15:09:47

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤

[RUN][NOTFOUND] HKLM\[...]\Wow6432Node\RunOnce : Malwarebytes Anti-Malware (cleanup) (rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript) -> FOUND

[services][ROGUE ST] HKLM\[...]\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD} (C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl) -> FOUND

[services][ROGUE ST] HKLM\[...]\ControlSet002\Services\{B154377D-700F-42cc-9474-23858FBDF4BD} (C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl) -> FOUND

[TASK][sUSP PATH] IHUninstallTrackingTASK : CMD /C DEL C:\Users\Jonathan\AppData\Local\Temp\IHU5418.tmp.exe -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FILE] @ : C:\windows\Installer\{10e44608-414f-a965-0f13-ee701026a5e3}\@ --> FOUND

[ZeroAccess][FOLDER] U : C:\windows\Installer\{10e44608-414f-a965-0f13-ee701026a5e3}\U --> FOUND

[ZeroAccess][FOLDER] L : C:\windows\Installer\{10e44608-414f-a965-0f13-ee701026a5e3}\L --> FOUND

[ZeroAccess][FILE] Desktop.ini : C:\windows\Assembly\GAC_32\Desktop.ini --> FOUND

[ZeroAccess][FILE] Desktop.ini : C:\windows\Assembly\GAC_64\Desktop.ini --> FOUND

[susp.ASLR][FILE] services.exe : C:\windows\system32\services.exe --> FOUND

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HM641JI +++++

--- User ---

[MBR] 4a84f866f06ac6143509aa22ffea7209

[bSP] df747e219de9b3f209a2fc2de24eebd7 : KIWI Image system MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 20480 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 41945088 | Size: 100 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 42149888 | Size: 236544 Mo

3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 526592000 | Size: 353354 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_11212012_02d1509.txt >>

RKreport[1]_S_11212012_02d1509.txt

Link to post
Share on other sites

Here you go......

Please read the following information first.

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall

http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.

Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

-----------------------------------------

Please create a new system restore point before running Malwarebytes Anti-Rootkit.

MBAR tutorial

MBAR tutorial

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

To attach a log if needed:

Bottom right corner of this page.

more-reply-options.jpg

New window that comes up.

choose-files1.jpg

MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.