Jump to content

infected with I dont know what

lsf

By lsf
in Resolved Malware Removal Logs

 Share

Recommended Posts

lsf

lsf

Posted
Posted

I am sure I have some kind of virus etc I need help. Mostly what I am seeing is major problems with CPU usage and bits at high as over 500,000 in processes in task manager. Internet explorer and Good chrome keep shutting down can you please help me

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs here.....DDS.txt and Attach.txt

(please don't put logs in code or quotes)

P2P Warning:

If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next................

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

MrC

Note:

Make sure you're subscribed to this topic:
Click on the
Follow This Topic Button
(at the top right of this page), make sure that the
Receive notification
box is checked and that it is set to
Instantly

Removing malware can be unpredictable
...things can go very wrong!
Backup
any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>
Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>
Please stick with me until I give you the "all clear".

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites
lsf

lsf

Posted
  • Author
Posted

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version

Started in : Normal mode

User : Lisa [Admin rights]

Mode : Scan -- Date : 04/27/2013 22:13:13

| ARK || FAK || MBR |

¤¤¤ Bad processes : 6 ¤¤¤

[sUSP PATH] svcdns.exe -- C:\Windows\svcdns.exe [-] -> KILLED [TermProc]

[bLACKLIST] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]

[bLACKLIST] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]

[bLACKLIST] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]

[bLACKLIST] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]

[RESIDUE] twunk_32.exe -- C:\Windows\twunk_32.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 2 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Policies\Explorer\Run : dfcdfbdbcbfdad (C:\Users\Lisa\AppData\Roaming\d53f0c77-df66-4bd8-8bc2-6b41664f70d7ad\dfcdfbdbcbfdad.exe) [-] -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-1133012498-3736291812-360938567-1000[...]\Policies\Explorer\Run : dfcdfbdbcbfdad (C:\Users\Lisa\AppData\Roaming\d53f0c77-df66-4bd8-8bc2-6b41664f70d7ad\dfcdfbdbcbfdad.exe) [-] -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FILE] n : C:\$recycle.bin\S-1-5-18\$32bf8f5f13097800106f306c78257dcb\n [-] --> FOUND

[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$32bf8f5f13097800106f306c78257dcb\U --> FOUND

[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC\Desktop.ini [-] --> FOUND

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Please read the following information first.

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall

http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.

Let me know what you decide to do.

------------------------------

I will need to see the 2 logs from DDS, MrC

Link to post
Share on other sites
lsf

lsf

Posted
  • Author
Posted

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 10.0.9200.16537

Run by Lisa at 22:27:05 on 2013-04-27

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1790.795 [GMT -4:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Microsoft\BingBar\SeaPort.EXE

C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe

C:\Users\Lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2OGEY8LV\RogueKiller.exe

C:\Windows\twunk_32.exe

C:\Windows\twunk_32.exe

C:\Windows\twunk_32.exe

C:\Program Files\OpenOffice.org 3\program\swriter.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.bing.com/

uWindow Title = Internet Explorer, enhanced for Bing and MSN

uSearch Page = hxxp://www.google.com

uSearchAssistant = hxxp://www.google.com

uURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Fantapper: {8A86D350-37AB-410A-8531-7D1363F317B3} - c:\program files\brand affinity technologies\fantapper player\\IEInstaller.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: {F90A5A0D-CD98-49CC-9AA7-9CD11C7478BF} - <orphaned>

TB: Coupons.com CouponBar: {8660E5B3-6C41-44DE-8503-98D99BBECD41} -

mRun: [browserPlugInHelper] c:\program files\wondershare\video converter ultimate\BrowserPlugInHelper.exe

dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil11e_ActiveX.exe -update activex

uExplorerRun: [dfcdfbdbcbfdad] c:\users\lisa\appdata\roaming\d53f0c77-df66-4bd8-8bc2-6b41664f70d7ad\dfcdfbdbcbfdad.exe

StartupFolder: c:\users\lisa\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.285\SSScheduler.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

uPolicies-Explorer: RestrictRun = dword:0

mPolicies-Explorer: RestrictRun = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

LSP: mswsock.dll

DPF: {16F67783-7E72-4C39-99C4-4780A8335484} - hxxp://www.syncmyride.com/Own/Modules/UpdateCenter/applets/sync.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{5D04F6DD-C188-4995-BB90-D65CBC0C7345} : DHCPNameServer = 192.168.1.1

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

AppInit_DLLs= c:\progra~2\browse~1\261040~1.25\{c16c1~1\browse~1.dll

SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]

R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2012-1-4 822624]

R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2011-10-1 508776]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-2 139776]

R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2011-10-1 579944]

R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2011-10-1 194408]

R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2011-10-1 21864]

R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2011-10-1 19304]

R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2011-10-1 219496]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 DnsMainCache;DnsMainCache;c:\windows\svcdns.exe [2013-4-18 489984]

S2 Sendoriv1;Sendoriv1; [x]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2013-2-6 83864]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-9-18 40776]

S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 74112]

S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-8-20 15872]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2013-2-6 181784]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-8-20 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-8-14 1343400]

S4 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-4-1 183560]

S4 FTSvc;Fantapper Player Update Service;c:\program files\brand affinity technologies\fantapper player\FantapperUpdateService.exe [2011-12-12 11776]

.

=============== Created Last 30 ================

.

2013-04-28 01:20:17 15616 ----a-w- c:\windows\system32\drivers\TrueSight.sys

2013-04-27 20:47:46 -------- d--h--w- c:\windows\msdownld.tmp

2013-04-27 20:44:00 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-04-27 20:44:00 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-04-27 20:44:00 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-04-27 20:44:00 417792 ----a-w- c:\windows\system32\WMPhoto.dll

2013-04-27 20:44:00 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-04-27 20:44:00 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2013-04-27 20:44:00 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-04-27 20:44:00 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll

2013-04-27 20:44:00 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-04-27 20:44:00 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-04-27 20:44:00 2284544 ----a-w- c:\windows\system32\msmpeg2vdec.dll

2013-04-27 20:44:00 1158144 ----a-w- c:\windows\system32\XpsPrint.dll

2013-04-27 20:44:00 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-04-26 18:14:16 -------- d-----w- c:\users\lisa\appdata\local\{62039507-4104-4F83-9D90-89E578A959CF}

2013-04-23 01:47:43 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-04-23 01:37:56 -------- d-----w- c:\users\lisa\appdata\roaming\d53f0c77-df66-4bd8-8bc2-6b41664f70d7ad

2013-04-18 23:03:50 489984 ----a-w- c:\windows\svcdns.exe

2013-04-18 22:46:43 -------- d-----w- C:\ff2d5945574ca822571237c78fe738d5

2013-04-17 21:55:09 6906960 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{202f6e6b-962a-44c0-bb14-6a8f262f0436}\mpengine.dll

2013-04-15 22:43:57 7108640 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2013-04-13 20:46:17 2347008 ----a-w- c:\windows\system32\win32k.sys

2013-04-13 20:46:13 196328 ----a-w- c:\windows\system32\drivers\fvevol.sys

2013-04-13 20:46:04 3217408 ----a-w- c:\windows\system32\mstscax.dll

2013-04-13 20:46:01 36864 ----a-w- c:\windows\system32\tsgqec.dll

2013-04-13 20:46:01 131584 ----a-w- c:\windows\system32\aaclient.dll

2013-04-08 03:17:54 -------- d-sh--w- c:\windows\system32\%APPDATA%

2013-04-07 17:18:37 -------- d-----w- C:\0a0e3b912614e484301729

2013-04-07 05:34:06 -------- d-----w- c:\users\lisa\appdata\roaming\BabSolution

2013-04-07 05:33:38 -------- d-----w- c:\users\lisa\appdata\roaming\PerformerSoft

2013-04-07 05:33:29 18096 ----a-w- c:\windows\system32\roboot.exe

2013-04-07 05:33:09 -------- d-----w- c:\programdata\Babylon

2013-04-07 05:33:08 -------- d-----w- c:\users\lisa\appdata\roaming\Babylon

2013-04-07 05:33:06 -------- d-----w- c:\programdata\IBUpdaterService

2013-04-07 05:33:06 -------- d-----w- c:\program files\PC Performer

2013-04-07 05:32:58 -------- d-----w- c:\users\lisa\appdata\roaming\File Scout

2013-04-07 05:32:20 -------- d-----w- c:\program files\GCH Guitar academy

2013-04-07 05:31:57 -------- d-----w- c:\program files\PasswordBox

2013-04-01 21:08:26 -------- d-----w- c:\program files\JollyWallet

2013-04-01 21:07:36 -------- d-----w- c:\users\lisa\appdata\local\SwvUpdater

2013-04-01 21:07:17 -------- d-----w- c:\program files\PinPhotoZoom

2013-04-01 21:06:54 -------- d-----w- c:\program files\Updater By SweetPacks

2013-04-01 19:36:40 -------- d-sh--w- C:\found.000

2013-04-01 04:10:52 -------- d-----w- C:\3ebe84db89a74f1047df77e1e850f9

2013-03-29 07:39:08 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys

.

==================== Find3M ====================

.

2013-04-27 20:44:00 906240 ----a-w- c:\windows\system32\FntCache.dll

2013-04-23 01:47:43 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-04-02 10:33:22 237088 ------w- c:\windows\system32\MpSigStub.exe

2013-02-12 04:48:31 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-02-12 04:48:26 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-02-06 11:42:10 83864 ----a-w- c:\windows\system32\drivers\ssudbus.sys

2013-02-06 11:42:08 181784 ----a-w- c:\windows\system32\drivers\ssudmdm.sys

.

============= FINISH: 22:30:46.91 ===============

Link to post
Share on other sites
lsf

lsf

Posted
  • Author
Posted

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 8/10/2011 11:22:54 PM

System Uptime: 4/27/2013 9:33:26 PM (1 hours ago)

.

Motherboard: TOSHIBA | | NBWAE

Processor: AMD Sempron SI-42 | Socket M2/S1G1 | 1050/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 223 GiB total, 117.136 GiB free.

D: is CDROM ()

E: is FIXED (NTFS) - 1 GiB total, 1.415 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.0)

Amazon MP3 Downloader 1.0.17

Apple Application Support

Apple Mobile Device Support

Audacity 1.3.13 (Unicode)

Bing Bar

Bonjour

Citrix XenApp Plugin for Hosted Apps

Coupon Printer for Windows

D3DX10

Fantapper Player

File Type Assistant

Final Media Player 2011

Free Convert to DIVX AVI WMV MP4 MPEG Converter 5.8

Free File Converter 2011

Freemake Video Converter version 3.0.2

GCH Guitar academy

Java Auto Updater

Java 6 Update 31

Java SE Runtime Environment 6 Update 1

McAfee Security Scan Plus

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Office Click-to-Run 2010

Microsoft Office Home and Student 2010 - English

Microsoft Security Client

Microsoft Security Essentials

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

MP3 Rocket Download

MSVCRT

Musicnotes Software Suite 1.5.5

OpenOffice.org 3.3

PDF Reader

Photo Story 3 for Windows

QuickTime

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Wal-Mart Digital Photo Manager

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

YTD Video Downloader 3.9.4

.

==== End Of File ===========================

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Run RogueKiller again and click Scan

When the scan completes > click on the Registry tab

Put a check next to all of these and uncheck the rest: (if found)

[RUN][sUSP PATH] HKCU\[...]\Policies\Explorer\Run : dfcdfbdbcbfdad (C:\Users\Lisa\AppData\Roaming\d53f0c77-df66-4bd8-8bc2-6b41664f70d7ad\dfcdfbdbcbfdad.exe) [-] -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-1133012498-3736291812-360938567-1000[...]\Policies\Explorer\Run : dfcdfbdbcbfdad (C:\Users\Lisa\AppData\Roaming\d53f0c77-df66-4bd8-8bc2-6b41664f70d7ad\dfcdfbdbcbfdad.exe) [-] -> FOUND

Now click Delete on the right hand column under Options

-------------

Next click on the Files tab and put a check next to these and uncheck the rest. (if found)

[ZeroAccess][FILE] n : C:\$recycle.bin\S-1-5-18\$32bf8f5f13097800106f306c78257dcb\n [-] --> FOUND

[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$32bf8f5f13097800106f306c78257dcb\U --> FOUND

[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC\Desktop.ini [-] --> FOUND

Now click Delete on the right hand column under Options

-------------

Next:

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

To attach a log if needed:

Bottom right corner of this page.

more-reply-options.jpg

New window that comes up.

choose-files1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot.

Verify that your system is now functioning normally.

MrC

Link to post
Share on other sites
lsf

lsf

Posted
  • Author
Posted

The Malware is still running, tons and tons of temp internet files, wish they were gone, makes it take too long. Anyway I will let it finish and reboot, then I have to go to bed. I will check on it again tomorrow afternoon and work some more to finish it, I will post those logs then. Thank you for your help, Wow, my son has been using my computer, who know where this came from. Have a feeling my husbands computer has the same thing

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

OK...Next:

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites
lsf

lsf

Posted
  • Author
Posted

ComboFix 13-04-28.01 - Lisa 04/28/2013 19:24:29.1.1 - x86

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1790.1083 [GMT -4:00]

Running from: C:\Users\Lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H7BNGQA7\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Program Files\Brand Affinity Technologies

C:\Program Files\Brand Affinity Technologies\Fantapper Player\ChromeInstaller.dll

C:\Program Files\Brand Affinity Technologies\Fantapper Player\ChromeInstaller.InstallState

C:\Program Files\Brand Affinity Technologies\Fantapper Player\fantapper_w3i20110531.crx

C:\Program Files\Brand Affinity Technologies\Fantapper Player\fantapper_w3i20110531.xpi

C:\Program Files\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.exe

C:\Program Files\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.InstallState

C:\Program Files\Brand Affinity Technologies\Fantapper Player\FirefoxInstaller.dll

C:\Program Files\Brand Affinity Technologies\Fantapper Player\FirefoxInstaller.InstallState

C:\Program Files\Brand Affinity Technologies\Fantapper Player\FT_Enabled.ico

C:\Program Files\Brand Affinity Technologies\Fantapper Player\FT_Plugin_Installer.jpg

C:\Program Files\Brand Affinity Technologies\Fantapper Player\IEInstaller.dll

C:\Program Files\Brand Affinity Technologies\Fantapper Player\OpenIE.dll

C:\Program Files\Brand Affinity Technologies\Fantapper Player\OpenIE.InstallState

C:\Program Files\MyScrapNook_12EI

C:\Program Files\MyScrapNook_12EI\Installr\1.bin\12EIPlug.dll

C:\Program Files\MyScrapNook_12EI\Installr\1.bin\12EZSETP.dll

C:\Program Files\MyScrapNook_12EI\Installr\1.bin\NP12EISb.dll

C:\Program Files\TelevisionFanatic

C:\Program Files\TelevisionFanatic\bar\IE9Mesg\COMMON.T8S

C:\Program Files\TelevisionFanatic\bar\Message\COMMON.T8S

C:\Program Files\TelevisionFanatic\bar\Settings\s_pid.dat

C:\Program Files\TelevisionFanaticEI

C:\Users\Lisa\AppData\Local\common_functions.dll

C:\Users\Lisa\AppData\Local\ie_runner_app.exe

C:\Users\Lisa\AppData\Roaming\d53f0c77-df66-4bd8-8bc2-6b41664f70d7ad

C:\Users\Lisa\AppData\Roaming\d53f0c77-df66-4bd8-8bc2-6b41664f70d7ad\dfcdfbdbcbfdad.exe

C:\Users\Lisa\videos\iTunesSetup.exe

C:\Windows\system32\3500_256.dll

C:\Windows\system32\config\systemprofile\acrobat.exe

C:\Windows\system32\config\systemprofile\acrobat261526.exe

C:\Windows\system32\config\systemprofile\acrobatreader.exe

C:\Windows\system32\config\systemprofile\acrobatreader288981.exe

C:\Windows\system32\config\systemprofile\acrobatreader322921.exe

C:\Windows\system32\config\systemprofile\acrobatreader661103.exe

C:\Windows\system32\config\systemprofile\acrobatreader860461.exe

C:\Windows\system32\config\systemprofile\acrobatreader942177.exe

C:\Windows\system32\config\systemprofile\alg.exe

C:\Windows\system32\config\systemprofile\alg483858.exe

C:\Windows\system32\config\systemprofile\alg734663.exe

C:\Windows\system32\config\systemprofile\chrome.exe

C:\Windows\system32\config\systemprofile\chrome525185.exe

C:\Windows\system32\config\systemprofile\chrome902885.exe

C:\Windows\system32\config\systemprofile\chrome965965.exe

C:\Windows\system32\config\systemprofile\conhost.exe

C:\Windows\system32\config\systemprofile\csrss.exe

C:\Windows\system32\config\systemprofile\csrss63161.exe

C:\Windows\system32\config\systemprofile\csrss879420.exe

C:\Windows\system32\config\systemprofile\ctfmon.exe

C:\Windows\system32\config\systemprofile\ctfmon100211.exe

C:\Windows\system32\config\systemprofile\ctfmon190444.exe

C:\Windows\system32\config\systemprofile\ctfmon797084.exe

C:\Windows\system32\config\systemprofile\firefox.exe

C:\Windows\system32\config\systemprofile\firefox532779.exe

C:\Windows\system32\config\systemprofile\flashplayer.exe

C:\Windows\system32\config\systemprofile\googleupdate.exe

C:\Windows\system32\config\systemprofile\googleupdate767649.exe

C:\Windows\system32\config\systemprofile\icq.exe

C:\Windows\system32\config\systemprofile\icq159439.exe

C:\Windows\system32\config\systemprofile\icq206215.exe

C:\Windows\system32\config\systemprofile\icq984625.exe

C:\Windows\system32\config\systemprofile\iexplore.exe

C:\Windows\system32\config\systemprofile\iexplore200357.exe

C:\Windows\system32\config\systemprofile\java.exe

C:\Windows\system32\config\systemprofile\java137588.exe

C:\Windows\system32\config\systemprofile\java172500.exe

C:\Windows\system32\config\systemprofile\java315013.exe

C:\Windows\system32\config\systemprofile\java321964.exe

C:\Windows\system32\config\systemprofile\jqs.exe

C:\Windows\system32\config\systemprofile\jqs139158.exe

C:\Windows\system32\config\systemprofile\jqs523099.exe

C:\Windows\system32\config\systemprofile\jqs693190.exe

C:\Windows\system32\config\systemprofile\jqs902070.exe

C:\Windows\system32\config\systemprofile\jucheck.exe

C:\Windows\system32\config\systemprofile\jucheck901597.exe

C:\Windows\system32\config\systemprofile\msconfig.exe

C:\Windows\system32\config\systemprofile\msconfig202521.exe

C:\Windows\system32\config\systemprofile\msconfig315478.exe

C:\Windows\system32\config\systemprofile\msconfig688942.exe

C:\Windows\system32\config\systemprofile\mstsc.exe

C:\Windows\system32\config\systemprofile\mstsc319376.exe

C:\Windows\system32\config\systemprofile\mstsc347608.exe

C:\Windows\system32\config\systemprofile\mstsc811833.exe

C:\Windows\system32\config\systemprofile\notepad.exe

C:\Windows\system32\config\systemprofile\notepad105961.exe

C:\Windows\system32\config\systemprofile\notepad234989.exe

C:\Windows\system32\config\systemprofile\notepad326876.exe

C:\Windows\system32\config\systemprofile\notepad779214.exe

C:\Windows\system32\config\systemprofile\opera.exe

C:\Windows\system32\config\systemprofile\opera252277.exe

C:\Windows\system32\config\systemprofile\opera5961.exe

C:\Windows\system32\config\systemprofile\opera802407.exe

C:\Windows\system32\config\systemprofile\rundll32.exe

C:\Windows\system32\config\systemprofile\skype152934.exe

C:\Windows\system32\config\systemprofile\skype969290.exe

C:\Windows\system32\config\systemprofile\spoolsv.exe

C:\Windows\system32\config\systemprofile\spoolsv912689.exe

C:\Windows\system32\config\systemprofile\teamviewer.exe

C:\Windows\system32\config\systemprofile\vlcplayer.exe

C:\Windows\system32\config\systemprofile\vlcplayer339822.exe

C:\Windows\system32\config\systemprofile\windowsupdate.exe

C:\Windows\system32\config\systemprofile\winlogon.exe

C:\Windows\system32\config\systemprofile\winlogon621152.exe

C:\Windows\system32\config\systemprofile\winlogon706339.exe

C:\Windows\system32\config\systemprofile\winlogon923872.exe

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_FTSvc

-------\Service_FTSvc

((((((((((((((((((((((((( Files Created from 2013-03-28 to 2013-04-29 )))))))))))))))))))))))))))))))

2013-04-28 23:57:33 . 2013-04-29 00:21:24 -------- d-----w- C:\Users\Lisa\AppData\Local\temp

2013-04-27 20:47:46 . 2013-04-27 20:47:56 -------- d--h--w- C:\Windows\msdownld.tmp

2013-04-27 20:44:00 . 2013-04-27 20:44:00 9728 ---ha-w- C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-04-27 20:43:59 . 2013-04-27 20:43:59 604160 ----a-w- C:\Windows\system32\d3d10level9.dll

2013-04-27 20:43:59 . 2013-04-27 20:43:59 3419136 ----a-w- C:\Windows\system32\d2d1.dll

2013-04-27 20:43:59 . 2013-04-27 20:43:59 293376 ----a-w- C:\Windows\system32\dxgi.dll

2013-04-27 20:43:59 . 2013-04-27 20:43:59 249856 ----a-w- C:\Windows\system32\d3d10_1core.dll

2013-04-27 20:43:59 . 2013-04-27 20:43:59 220160 ----a-w- C:\Windows\system32\d3d10core.dll

2013-04-27 20:43:59 . 2013-04-27 20:43:59 207872 ----a-w- C:\Windows\system32\WindowsCodecsExt.dll

2013-04-27 20:43:59 . 2013-04-27 20:43:59 1988096 ----a-w- C:\Windows\system32\d3d10warp.dll

2013-04-27 20:43:59 . 2013-04-27 20:43:59 161792 ----a-w- C:\Windows\system32\d3d10_1.dll

2013-04-27 20:43:59 . 2013-04-27 20:43:59 1504768 ----a-w- C:\Windows\system32\d3d11.dll

2013-04-27 20:43:59 . 2013-04-27 20:43:59 1247744 ----a-w- C:\Windows\system32\DWrite.dll

2013-04-27 20:43:59 . 2013-04-27 20:43:59 1230336 ----a-w- C:\Windows\system32\WindowsCodecs.dll

2013-04-27 20:43:59 . 2013-04-27 20:43:59 1080832 ----a-w- C:\Windows\system32\d3d10.dll

2013-04-27 20:43:58 . 2013-04-27 20:43:59 187392 ----a-w- C:\Windows\system32\UIAnimation.dll

2013-04-23 01:47:43 . 2013-04-23 01:47:43 691592 ----a-w- C:\Windows\system32\FlashPlayerApp.exe

2013-04-18 23:03:50 . 2013-04-18 23:04:05 489984 ----a-w- C:\Windows\svcdns.exe

2013-04-18 22:46:43 . 2013-04-18 22:48:16 -------- d-----w- C:\ff2d5945574ca822571237c78fe738d5

2013-04-17 21:55:09 . 2013-04-10 03:08:44 6906960 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{202F6E6B-962A-44C0-BB14-6A8F262F0436}\mpengine.dll

2013-04-15 22:43:57 . 2013-03-15 07:21:32 7108640 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-04-13 20:46:17 . 2013-03-01 03:09:59 2347008 ----a-w- C:\Windows\system32\win32k.sys

2013-04-13 20:46:13 . 2013-01-24 04:47:07 196328 ----a-w- C:\Windows\system32\drivers\fvevol.sys

2013-04-13 20:46:04 . 2013-02-15 04:37:10 3217408 ----a-w- C:\Windows\system32\mstscax.dll

2013-04-13 20:46:01 . 2013-02-15 04:34:10 131584 ----a-w- C:\Windows\system32\aaclient.dll

2013-04-13 20:46:01 . 2013-02-15 03:25:51 36864 ----a-w- C:\Windows\system32\tsgqec.dll

2013-04-08 03:17:54 . 2013-04-08 03:17:54 -------- d-sh--w- C:\Windows\system32\%APPDATA%

2013-04-07 17:18:37 . 2013-04-07 17:18:53 -------- d-----w- C:\0a0e3b912614e484301729

2013-04-07 05:34:06 . 2013-04-21 02:55:43 -------- d-----w- C:\Users\Lisa\AppData\Roaming\BabSolution

2013-04-07 05:33:38 . 2013-04-09 23:49:31 -------- d-----w- C:\Users\Lisa\AppData\Roaming\PerformerSoft

2013-04-07 05:33:29 . 2012-12-19 19:53:32 18096 ----a-w- C:\Windows\system32\roboot.exe

2013-04-07 05:33:09 . 2013-04-07 05:33:09 -------- d-----w- C:\ProgramData\Babylon

2013-04-07 05:33:08 . 2013-04-07 05:33:08 -------- d-----w- C:\Users\Lisa\AppData\Roaming\Babylon

2013-04-07 05:33:06 . 2013-04-09 23:52:02 -------- d-----w- C:\Program Files\PC Performer

2013-04-07 05:33:06 . 2013-04-07 05:33:06 -------- d-----w- C:\ProgramData\IBUpdaterService

2013-04-07 05:32:58 . 2013-04-07 05:33:00 -------- d-----w- C:\Users\Lisa\AppData\Roaming\File Scout

2013-04-07 05:32:20 . 2013-04-08 23:26:58 -------- d-----w- C:\Program Files\GCH Guitar academy

2013-04-07 05:31:57 . 2013-04-09 23:49:45 -------- d-----w- C:\Program Files\PasswordBox

2013-04-01 21:08:26 . 2013-04-07 02:07:15 -------- d-----w- C:\Program Files\JollyWallet

2013-04-01 21:07:36 . 2013-04-27 20:16:23 -------- d-----w- C:\Users\Lisa\AppData\Local\SwvUpdater

2013-04-01 21:07:17 . 2013-04-09 23:53:16 -------- d-----w- C:\Program Files\PinPhotoZoom

2013-04-01 21:06:54 . 2013-04-07 01:19:20 -------- d-----w- C:\Program Files\Updater By SweetPacks

2013-04-01 19:36:40 . 2013-04-01 19:36:40 -------- d-----w- C:\found.000

2013-04-01 04:10:52 . 2013-04-01 04:11:08 -------- d-----w- C:\3ebe84db89a74f1047df77e1e850f9

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2013-04-23 01:47:43 . 2011-08-11 23:56:41 71048 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl

2013-04-02 10:33:22 . 2011-08-11 03:40:39 237088 ------w- C:\Windows\system32\MpSigStub.exe

2013-02-12 04:48:31 . 2013-03-14 21:38:45 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-02-12 04:48:26 . 2013-03-14 21:38:46 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll

2013-02-12 03:32:45 . 2013-03-29 07:39:08 15872 ----a-w- C:\Windows\system32\drivers\usb8023.sys

2013-02-06 11:42:10 . 2013-02-06 11:42:10 83864 ----a-w- C:\Windows\system32\drivers\ssudbus.sys

2013-02-06 11:42:08 . 2013-02-06 11:42:08 181784 ----a-w- C:\Windows\system32\drivers\ssudmdm.sys

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"FlashPlayerUpdate"="C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe" [2011-11-25 01:12:46 247968]

C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.3.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe [2012-9-5 271808]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]

path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

backup=C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup

backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Lisa^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FrostWire On Startup.lnk]

path=C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FrostWire On Startup.lnk

backup=C:\Windows\pss\FrostWire On Startup.lnk.Startup

backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Lisa^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]

path=C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk

backup=C:\Windows\pss\OpenOffice.org 3.3.lnk.Startup

backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-12-03 07:35:28 946352 ----a-w- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

2011-11-02 07:25:58 59240 ----a-w- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]

2012-03-26 21:08:12 931200 ----a-w- c:\Program Files\Microsoft Security Client\msseces.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2011-10-24 22:28:52 421888 ----a-w- C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2012-01-18 18:02:04 254696 ----a-w- C:\Program Files\Common Files\Java\Java Update\jusched.exe

R0 paumgq;paumgq; [x]

R2 Sendoriv1;Sendoriv1; [x]

R3 cpuz134;cpuz134; [x]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys [x]

R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\Program Files\Microsoft Security Client\NisSrv.exe [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys [x]

R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys [x]

R3 Synth3dVsc;Synth3dVsc; [x]

R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub; [x]

R3 VGPU;VGPU; [x]

R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [x]

R4 BBSvc;Bing Bar Update Service;C:\Program Files\Microsoft\BingBar\BBSvc.EXE [x]

S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe [x]

S2 cvhsvc;Client Virtualization Handler;C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]

S2 DnsMainCache;DnsMainCache;C:\Windows\svcdns.exe [x]

S2 sftlist;Application Virtualization Client;C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe [x]

S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt86win7.sys [x]

S3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService

FontCache

Contents of the 'Scheduled Tasks' folder

2013-04-29 C:\Windows\Tasks\Adobe Flash Player Updater.job

- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-23 01:47:44 . 2013-04-23 01:47:44]

2013-04-29 C:\Windows\Tasks\Final Media Player Update Checker.job

- C:\Program Files\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-12-17 18:47:14 . 2011-03-11 23:24:32]

------- Supplementary Scan -------

uStart Page = hxxp://www.bing.com/

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com

IE: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html

Trusted Zone: vcpi.com\clients

TCP: DhcpNameServer = 192.168.1.1

DPF: {16F67783-7E72-4C39-99C4-4780A8335484} - hxxp://www.syncmyride.com/Own/Modules/UpdateCenter/applets/sync.cab

- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)

Toolbar-{8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files\Coupons.com CouponBar\tbcore3.dll

WebBrowser-{3303E956-2A3A-48E0-BE39-2E0EF11A2F44} - (no file)

HKCU-Run-Adobe CSx Manager - C:\Users\Lisa\AppData\Roaming\d53f0c77-df66-4bd8-8bc2-6b41664f70d7ad\dfcdfbdbcbfdad.exe

HKLM-Run-BrowserPlugInHelper - C:\Program Files\Wondershare\Video Converter Ultimate\BrowserPlugInHelper.exe

SafeBoot-MsMpSvc

MSConfigStartUp-Google Update - C:\Users\Lisa\AppData\Local\Google\Update\GoogleUpdate.exe

MSConfigStartUp-iTunesHelper - C:\Program Files\iTunes\iTunesHelper.exe

MSConfigStartUp-Malwarebytes' Anti-Malware - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

AddRemove-Coupon Printer for Windows5.0.0.1 - C:\Program Files\Coupons\uninstall.exe

AddRemove-McAfee Security Scan - C:\Program Files\McAfee Security Scan\uninstall.exe

ComboFix 13-04-28.01 - Lisa 04/28/2013 19:24:29.1.1 - x86

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1790.1083 [GMT -4:00]

Running from: c:\users\Lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H7BNGQA7\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\Brand Affinity Technologies

c:\program files\Brand Affinity Technologies\Fantapper Player\ChromeInstaller.dll

c:\program files\Brand Affinity Technologies\Fantapper Player\ChromeInstaller.InstallState

c:\program files\Brand Affinity Technologies\Fantapper Player\fantapper_w3i20110531.crx

c:\program files\Brand Affinity Technologies\Fantapper Player\fantapper_w3i20110531.xpi

c:\program files\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.exe

c:\program files\Brand Affinity Technologies\Fantapper Player\FantapperUpdateService.InstallState

c:\program files\Brand Affinity Technologies\Fantapper Player\FirefoxInstaller.dll

c:\program files\Brand Affinity Technologies\Fantapper Player\FirefoxInstaller.InstallState

c:\program files\Brand Affinity Technologies\Fantapper Player\FT_Enabled.ico

c:\program files\Brand Affinity Technologies\Fantapper Player\FT_Plugin_Installer.jpg

c:\program files\Brand Affinity Technologies\Fantapper Player\IEInstaller.dll

c:\program files\Brand Affinity Technologies\Fantapper Player\OpenIE.dll

c:\program files\Brand Affinity Technologies\Fantapper Player\OpenIE.InstallState

c:\program files\MyScrapNook_12EI

c:\program files\MyScrapNook_12EI\Installr\1.bin\12EIPlug.dll

c:\program files\MyScrapNook_12EI\Installr\1.bin\12EZSETP.dll

c:\program files\MyScrapNook_12EI\Installr\1.bin\NP12EISb.dll

c:\program files\TelevisionFanatic

c:\program files\TelevisionFanatic\bar\IE9Mesg\COMMON.T8S

c:\program files\TelevisionFanatic\bar\Message\COMMON.T8S

c:\program files\TelevisionFanatic\bar\Settings\s_pid.dat

c:\program files\TelevisionFanaticEI

c:\users\Lisa\AppData\Local\common_functions.dll

c:\users\Lisa\AppData\Local\ie_runner_app.exe

c:\users\Lisa\AppData\Roaming\d53f0c77-df66-4bd8-8bc2-6b41664f70d7ad

c:\users\Lisa\AppData\Roaming\d53f0c77-df66-4bd8-8bc2-6b41664f70d7ad\dfcdfbdbcbfdad.exe

c:\users\Lisa\videos\iTunesSetup.exe

c:\windows\system32\3500_256.dll

c:\windows\system32\config\systemprofile\acrobat.exe

c:\windows\system32\config\systemprofile\acrobat261526.exe

c:\windows\system32\config\systemprofile\acrobatreader.exe

c:\windows\system32\config\systemprofile\acrobatreader288981.exe

c:\windows\system32\config\systemprofile\acrobatreader322921.exe

c:\windows\system32\config\systemprofile\acrobatreader661103.exe

c:\windows\system32\config\systemprofile\acrobatreader860461.exe

c:\windows\system32\config\systemprofile\acrobatreader942177.exe

c:\windows\system32\config\systemprofile\alg.exe

c:\windows\system32\config\systemprofile\alg483858.exe

c:\windows\system32\config\systemprofile\alg734663.exe

c:\windows\system32\config\systemprofile\chrome.exe

c:\windows\system32\config\systemprofile\chrome525185.exe

c:\windows\system32\config\systemprofile\chrome902885.exe

c:\windows\system32\config\systemprofile\chrome965965.exe

c:\windows\system32\config\systemprofile\conhost.exe

c:\windows\system32\config\systemprofile\csrss.exe

c:\windows\system32\config\systemprofile\csrss63161.exe

c:\windows\system32\config\systemprofile\csrss879420.exe

c:\windows\system32\config\systemprofile\ctfmon.exe

c:\windows\system32\config\systemprofile\ctfmon100211.exe

c:\windows\system32\config\systemprofile\ctfmon190444.exe

c:\windows\system32\config\systemprofile\ctfmon797084.exe

c:\windows\system32\config\systemprofile\firefox.exe

c:\windows\system32\config\systemprofile\firefox532779.exe

c:\windows\system32\config\systemprofile\flashplayer.exe

c:\windows\system32\config\systemprofile\googleupdate.exe

c:\windows\system32\config\systemprofile\googleupdate767649.exe

c:\windows\system32\config\systemprofile\icq.exe

c:\windows\system32\config\systemprofile\icq159439.exe

c:\windows\system32\config\systemprofile\icq206215.exe

c:\windows\system32\config\systemprofile\icq984625.exe

c:\windows\system32\config\systemprofile\iexplore.exe

c:\windows\system32\config\systemprofile\iexplore200357.exe

c:\windows\system32\config\systemprofile\java.exe

c:\windows\system32\config\systemprofile\java137588.exe

c:\windows\system32\config\systemprofile\java172500.exe

c:\windows\system32\config\systemprofile\java315013.exe

c:\windows\system32\config\systemprofile\java321964.exe

c:\windows\system32\config\systemprofile\jqs.exe

c:\windows\system32\config\systemprofile\jqs139158.exe

c:\windows\system32\config\systemprofile\jqs523099.exe

c:\windows\system32\config\systemprofile\jqs693190.exe

c:\windows\system32\config\systemprofile\jqs902070.exe

c:\windows\system32\config\systemprofile\jucheck.exe

c:\windows\system32\config\systemprofile\jucheck901597.exe

c:\windows\system32\config\systemprofile\msconfig.exe

c:\windows\system32\config\systemprofile\msconfig202521.exe

c:\windows\system32\config\systemprofile\msconfig315478.exe

c:\windows\system32\config\systemprofile\msconfig688942.exe

c:\windows\system32\config\systemprofile\mstsc.exe

c:\windows\system32\config\systemprofile\mstsc319376.exe

c:\windows\system32\config\systemprofile\mstsc347608.exe

c:\windows\system32\config\systemprofile\mstsc811833.exe

c:\windows\system32\config\systemprofile\notepad.exe

c:\windows\system32\config\systemprofile\notepad105961.exe

c:\windows\system32\config\systemprofile\notepad234989.exe

c:\windows\system32\config\systemprofile\notepad326876.exe

c:\windows\system32\config\systemprofile\notepad779214.exe

c:\windows\system32\config\systemprofile\opera.exe

c:\windows\system32\config\systemprofile\opera252277.exe

c:\windows\system32\config\systemprofile\opera5961.exe

c:\windows\system32\config\systemprofile\opera802407.exe

c:\windows\system32\config\systemprofile\rundll32.exe

c:\windows\system32\config\systemprofile\skype152934.exe

c:\windows\system32\config\systemprofile\skype969290.exe

c:\windows\system32\config\systemprofile\spoolsv.exe

c:\windows\system32\config\systemprofile\spoolsv912689.exe

c:\windows\system32\config\systemprofile\teamviewer.exe

c:\windows\system32\config\systemprofile\vlcplayer.exe

c:\windows\system32\config\systemprofile\vlcplayer339822.exe

c:\windows\system32\config\systemprofile\windowsupdate.exe

c:\windows\system32\config\systemprofile\winlogon.exe

c:\windows\system32\config\systemprofile\winlogon621152.exe

c:\windows\system32\config\systemprofile\winlogon706339.exe

c:\windows\system32\config\systemprofile\winlogon923872.exe

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_FTSvc

-------\Service_FTSvc

.

.

((((((((((((((((((((((((( Files Created from 2013-03-28 to 2013-04-29 )))))))))))))))))))))))))))))))

.

.

2013-04-28 23:57 . 2013-04-29 00:21 -------- d-----w- c:\users\Lisa\AppData\Local\temp

2013-04-27 20:47 . 2013-04-27 20:47 -------- d--h--w- c:\windows\msdownld.tmp

2013-04-27 20:44 . 2013-04-27 20:44 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-04-27 20:43 . 2013-04-27 20:43 604160 ----a-w- c:\windows\system32\d3d10level9.dll

2013-04-27 20:43 . 2013-04-27 20:43 3419136 ----a-w- c:\windows\system32\d2d1.dll

2013-04-27 20:43 . 2013-04-27 20:43 293376 ----a-w- c:\windows\system32\dxgi.dll

2013-04-27 20:43 . 2013-04-27 20:43 249856 ----a-w- c:\windows\system32\d3d10_1core.dll

2013-04-27 20:43 . 2013-04-27 20:43 220160 ----a-w- c:\windows\system32\d3d10core.dll

2013-04-27 20:43 . 2013-04-27 20:43 207872 ----a-w- c:\windows\system32\WindowsCodecsExt.dll

2013-04-27 20:43 . 2013-04-27 20:43 1988096 ----a-w- c:\windows\system32\d3d10warp.dll

2013-04-27 20:43 . 2013-04-27 20:43 161792 ----a-w- c:\windows\system32\d3d10_1.dll

2013-04-27 20:43 . 2013-04-27 20:43 1504768 ----a-w- c:\windows\system32\d3d11.dll

2013-04-27 20:43 . 2013-04-27 20:43 1247744 ----a-w- c:\windows\system32\DWrite.dll

2013-04-27 20:43 . 2013-04-27 20:43 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll

2013-04-27 20:43 . 2013-04-27 20:43 1080832 ----a-w- c:\windows\system32\d3d10.dll

2013-04-27 20:43 . 2013-04-27 20:43 187392 ----a-w- c:\windows\system32\UIAnimation.dll

2013-04-23 01:47 . 2013-04-23 01:47 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-04-18 23:03 . 2013-04-18 23:04 489984 ----a-w- c:\windows\svcdns.exe

2013-04-18 22:46 . 2013-04-18 22:48 -------- d-----w- C:\ff2d5945574ca822571237c78fe738d5

2013-04-17 21:55 . 2013-04-10 03:08 6906960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{202F6E6B-962A-44C0-BB14-6A8F262F0436}\mpengine.dll

2013-04-15 22:43 . 2013-03-15 07:21 7108640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-04-13 20:46 . 2013-03-01 03:09 2347008 ----a-w- c:\windows\system32\win32k.sys

2013-04-13 20:46 . 2013-01-24 04:47 196328 ----a-w- c:\windows\system32\drivers\fvevol.sys

2013-04-13 20:46 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\system32\mstscax.dll

2013-04-13 20:46 . 2013-02-15 04:34 131584 ----a-w- c:\windows\system32\aaclient.dll

2013-04-13 20:46 . 2013-02-15 03:25 36864 ----a-w- c:\windows\system32\tsgqec.dll

2013-04-08 03:17 . 2013-04-08 03:17 -------- d-sh--w- c:\windows\system32\%APPDATA%

2013-04-07 17:18 . 2013-04-07 17:18 -------- d-----w- C:\0a0e3b912614e484301729

2013-04-07 05:34 . 2013-04-21 02:55 -------- d-----w- c:\users\Lisa\AppData\Roaming\BabSolution

2013-04-07 05:33 . 2013-04-09 23:49 -------- d-----w- c:\users\Lisa\AppData\Roaming\PerformerSoft

2013-04-07 05:33 . 2012-12-19 19:53 18096 ----a-w- c:\windows\system32\roboot.exe

2013-04-07 05:33 . 2013-04-07 05:33 -------- d-----w- c:\programdata\Babylon

2013-04-07 05:33 . 2013-04-07 05:33 -------- d-----w- c:\users\Lisa\AppData\Roaming\Babylon

2013-04-07 05:33 . 2013-04-09 23:52 -------- d-----w- c:\program files\PC Performer

2013-04-07 05:33 . 2013-04-07 05:33 -------- d-----w- c:\programdata\IBUpdaterService

2013-04-07 05:32 . 2013-04-07 05:33 -------- d-----w- c:\users\Lisa\AppData\Roaming\File Scout

2013-04-07 05:32 . 2013-04-08 23:26 -------- d-----w- c:\program files\GCH Guitar academy

2013-04-07 05:31 . 2013-04-09 23:49 -------- d-----w- c:\program files\PasswordBox

2013-04-01 21:08 . 2013-04-07 02:07 -------- d-----w- c:\program files\JollyWallet

2013-04-01 21:07 . 2013-04-27 20:16 -------- d-----w- c:\users\Lisa\AppData\Local\SwvUpdater

2013-04-01 21:07 . 2013-04-09 23:53 -------- d-----w- c:\program files\PinPhotoZoom

2013-04-01 21:06 . 2013-04-07 01:19 -------- d-----w- c:\program files\Updater By SweetPacks

2013-04-01 19:36 . 2013-04-01 19:36 -------- d-----w- C:\found.000

2013-04-01 04:10 . 2013-04-01 04:11 -------- d-----w- C:\3ebe84db89a74f1047df77e1e850f9

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-04-23 01:47 . 2011-08-11 23:56 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-04-02 10:33 . 2011-08-11 03:40 237088 ------w- c:\windows\system32\MpSigStub.exe

2013-02-12 04:48 . 2013-03-14 21:38 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-02-12 04:48 . 2013-03-14 21:38 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-02-12 03:32 . 2013-03-29 07:39 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys

2013-02-06 11:42 . 2013-02-06 11:42 83864 ----a-w- c:\windows\system32\drivers\ssudbus.sys

2013-02-06 11:42 . 2013-02-06 11:42 181784 ----a-w- c:\windows\system32\drivers\ssudmdm.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe" [2011-11-25 247968]

.

c:\users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.285\SSScheduler.exe [2012-9-5 271808]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^Users^Lisa^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FrostWire On Startup.lnk]

path=c:\users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FrostWire On Startup.lnk

backup=c:\windows\pss\FrostWire On Startup.lnk.Startup

backupExtension=.Startup

.

[HKLM\~\startupfolder\C:^Users^Lisa^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]

path=c:\users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk

backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

2011-11-02 07:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]

2012-03-26 21:08 931200 ----a-w- c:\program files\Microsoft Security Client\msseces.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2011-10-24 22:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2012-01-18 18:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

R0 paumgq;paumgq; [x]

R2 Sendoriv1;Sendoriv1; [x]

R3 cpuz134;cpuz134; [x]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]

R3 Synth3dVsc;Synth3dVsc; [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub; [x]

R3 VGPU;VGPU; [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]

S2 DnsMainCache;DnsMainCache;c:\windows\svcdns.exe [x]

S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService

FontCache

.

.

Contents of the 'Scheduled Tasks' folder

.

2013-04-29 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-23 01:47]

.

2013-04-29 c:\windows\Tasks\Final Media Player Update Checker.job

- c:\program files\FinalMediaPlayer\FMPCheckForUpdates.exe [2011-12-17 23:24]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.bing.com/

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html

Trusted Zone: vcpi.com\clients

TCP: DhcpNameServer = 192.168.1.1

DPF: {16F67783-7E72-4C39-99C4-4780A8335484} - hxxp://www.syncmyride.com/Own/Modules/UpdateCenter/applets/sync.cab

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)

Toolbar-{8660E5B3-6C41-44DE-8503-98D99BBECD41} - c:\program files\Coupons.com CouponBar\tbcore3.dll

WebBrowser-{3303E956-2A3A-48E0-BE39-2E0EF11A2F44} - (no file)

HKCU-Run-Adobe CSx Manager - c:\users\Lisa\AppData\Roaming\d53f0c77-df66-4bd8-8bc2-6b41664f70d7ad\dfcdfbdbcbfdad.exe

HKLM-Run-BrowserPlugInHelper - c:\program files\Wondershare\Video Converter Ultimate\BrowserPlugInHelper.exe

SafeBoot-MsMpSvc

MSConfigStartUp-Google Update - c:\users\Lisa\AppData\Local\Google\Update\GoogleUpdate.exe

MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe

MSConfigStartUp-Malwarebytes' Anti-Malware - c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

AddRemove-Coupon Printer for Windows5.0.0.1 - c:\program files\Coupons\uninstall.exe

AddRemove-McAfee Security Scan - c:\program files\McAfee Security Scan\uninstall.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{8660E5B3-6C41-44DE-8503-98D99BBECD41}"=hex:51,66,7a,6c,4c,1d,38,12,dd,e6,73,

82,73,22,b0,01,fa,15,db,99,9e,e0,89,55

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,

eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c

"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,

06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,

72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57

"{8A86D350-37AB-410A-8531-7D1363F317B3}"=hex:51,66,7a,6c,4c,1d,38,12,3e,d0,95,

8e,99,79,64,04,fa,27,3e,53,66,ad,53,a7

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,

d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:2c,75,11,fd,a2,42,ce,01

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\atieclxx.exe

c:\program files\Microsoft\BingBar\SeaPort.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\taskhost.exe

c:\windows\system32\conhost.exe

c:\program files\Internet Explorer\iexplore.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\Internet Explorer\iexplore.exe

c:\windows\system32\taskmgr.exe

c:\windows\system32\NOTEPAD.EXE

c:\windows\system32\DllHost.exe

.

**************************************************************************

.

Completion time: 2013-04-28 20:24:51 - machine was rebooted

ComboFix-quarantined-files.txt 2013-04-29 00:24

.

Pre-Run: 125,295,968,256 bytes free

Post-Run: 127,953,154,048 bytes free

.

- - End Of File - - C03664140E90C42097292C2BD7058BF4

Link to post
Share on other sites
lsf

lsf

Posted
  • Author
Posted

I ran the security check and this is the log

Time : 27/04/2013 21:22:04

--------------------------

[twunk_32.exe.vir] -> C:\Windows\twunk_32.exe

[twunk_32.exe.vir] -> C:\Windows\twunk_32.exe

ERROR [dfcdfbdbcbfdad.exe.vir] -> C:\Users\Lisa\AppData\Roaming\d53f0c77-df66-4bd8-8bc2-6b41664f70d7ad\dfcdfbdbcbfdad.exe

ERROR [dfcdfbdbcbfdad.exe.vir] -> C:\Users\Lisa\AppData\Roaming\d53f0c77-df66-4bd8-8bc2-6b41664f70d7ad\dfcdfbdbcbfdad.exe

ERROR [dfcdfbdbcbfdad.exe.vir] -> C:\Users\Lisa\AppData\Roaming\d53f0c77-df66-4bd8-8bc2-6b41664f70d7ad\dfcdfbdbcbfdad.exe

[dfcdfbdbcbfdad.exe.vir] -> C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\d53f0c77-df66-4bd8-8bc2-6b41664f70d7ad\dfcdfbdbcbfdad.exe

ERROR [dfcdfbdbcbfdad.exe.vir] -> C:\Users\Lisa\AppData\Roaming\d53f0c77-df66-4bd8-8bc2-6b41664f70d7ad\dfcdfbdbcbfdad.exe

ERROR [OpenOffice.org.vir] -> C:\Users\Lisa\Desktop\OpenOffice.org

ERROR [OpenOffice.org.vir] -> C:\Users\Lisa\Desktop\OpenOffice.org

[n.vir] -> C:\$Recycle.Bin\S-1-5-18\$32bf8f5f13097800106f306c78257dcb\n

[n.vir] -> C:\$Recycle.Bin\S-1-5-18\$32bf8f5f13097800106f306c78257dcb\n

[ZeroAccess] Time : 27/04/2013 21:31:34

--------------------------

REBOOT [n.vir] -> C:\$recycle.bin\S-1-5-18\$32bf8f5f13097800106f306c78257dcb\n

[ZeroAccess] Time : 27/04/2013 21:31:34

--------------------------

REBOOT [@.vir] -> C:\$recycle.bin\S-1-5-18\$32bf8f5f13097800106f306c78257dcb\@

[Del.Parent] Time : 27/04/2013 21:31:34

--------------------------

[00000004.@.vir] -> C:\$recycle.bin\S-1-5-18\$32bf8f5f13097800106f306c78257dcb\U\00000004.@

[Del.Parent] Time : 27/04/2013 21:31:34

--------------------------

[00000008.@.vir] -> C:\$recycle.bin\S-1-5-18\$32bf8f5f13097800106f306c78257dcb\U\00000008.@

[Del.Parent] Time : 27/04/2013 21:31:34

--------------------------

[000000cb.@.vir] -> C:\$recycle.bin\S-1-5-18\$32bf8f5f13097800106f306c78257dcb\U\000000cb.@

[Del.Parent] Time : 27/04/2013 21:31:34

--------------------------

[80000000.@.vir] -> C:\$recycle.bin\S-1-5-18\$32bf8f5f13097800106f306c78257dcb\U\80000000.@

[Del.Parent] Time : 27/04/2013 21:31:34

--------------------------

[80000032.@.vir] -> C:\$recycle.bin\S-1-5-18\$32bf8f5f13097800106f306c78257dcb\U\80000032.@

[ZeroAccess] Time : 27/04/2013 21:31:34

--------------------------

[ROOT.vir] -> C:\$recycle.bin\S-1-5-18\$32bf8f5f13097800106f306c78257dcb\U

[Del.Parent] Time : 27/04/2013 21:31:35

--------------------------

[00000004.@.vir] -> C:\$recycle.bin\S-1-5-18\$32bf8f5f13097800106f306c78257dcb\L\00000004.@

[Del.Parent] Time : 27/04/2013 21:31:35

--------------------------

[201d3dde.vir] -> C:\$recycle.bin\S-1-5-18\$32bf8f5f13097800106f306c78257dcb\L\201d3dde

[Del.Parent] Time : 27/04/2013 21:31:35

--------------------------

[6715e287.vir] -> C:\$recycle.bin\S-1-5-18\$32bf8f5f13097800106f306c78257dcb\L\6715e287

[Del.Parent] Time : 27/04/2013 21:31:35

--------------------------

[76603ac3.vir] -> C:\$recycle.bin\S-1-5-18\$32bf8f5f13097800106f306c78257dcb\L\76603ac3

[ZeroAccess] Time : 27/04/2013 21:31:35

--------------------------

[ROOT.vir] -> C:\$recycle.bin\S-1-5-18\$32bf8f5f13097800106f306c78257dcb\L

[ZeroAccess] Time : 27/04/2013 21:31:35

--------------------------

REBOOT [Desktop.ini.vir] -> C:\Windows\Assembly\GAC\Desktop.ini

Time : 27/04/2013 21:32:44

--------------------------

[twunk_32.exe.vir] -> C:\Windows\twunk_32.exe

[twunk_32.exe.vir] -> C:\Windows\twunk_32.exe

ERROR [dfcdfbdbcbfdad.exe.vir] -> C:\Users\Lisa\AppData\Roaming\d53f0c77-df66-4bd8-8bc2-6b41664f70d7ad\dfcdfbdbcbfdad.exe

ERROR [dfcdfbdbcbfdad.exe.vir] -> C:\Users\Lisa\AppData\Roaming\d53f0c77-df66-4bd8-8bc2-6b41664f70d7ad\dfcdfbdbcbfdad.exe

ERROR [dfcdfbdbcbfdad.exe.vir] -> C:\Users\Lisa\AppData\Roaming\d53f0c77-df66-4bd8-8bc2-6b41664f70d7ad\dfcdfbdbcbfdad.exe

[dfcdfbdbcbfdad.exe.vir] -> C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\d53f0c77-df66-4bd8-8bc2-6b41664f70d7ad\dfcdfbdbcbfdad.exe

ERROR [dfcdfbdbcbfdad.exe.vir] -> C:\Users\Lisa\AppData\Roaming\d53f0c77-df66-4bd8-8bc2-6b41664f70d7ad\dfcdfbdbcbfdad.exe

ERROR [OpenOffice.org.vir] -> C:\Users\Lisa\Desktop\OpenOffice.org

ERROR [OpenOffice.org.vir] -> C:\Users\Lisa\Desktop\OpenOffice.org

ERROR [n.vir] -> C:\$Recycle.Bin\S-1-5-18\$32bf8f5f13097800106f306c78257dcb\n

ERROR [n.vir] -> C:\$Recycle.Bin\S-1-5-18\$32bf8f5f13097800106f306c78257dcb\n

ERROR [dfcdfbdbcbfdad.exe.vir] -> C:\Users\Lisa\AppData\Roaming\d53f0c77-df66-4bd8-8bc2-6b41664f70d7ad\dfcdfbdbcbfdad.exe

ERROR [dfcdfbdbcbfdad.exe.vir] -> C:\Users\Lisa\AppData\Roaming\d53f0c77-df66-4bd8-8bc2-6b41664f70d7ad\dfcdfbdbcbfdad.exe

[dfcdfbdbcbfdad.exe.vir] -> C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\d53f0c77-df66-4bd8-8bc2-6b41664f70d7ad\dfcdfbdbcbfdad.exe

ERROR [OpenOffice.org.vir] -> C:\Users\Lisa\Desktop\OpenOffice.org

ERROR [OpenOffice.org.vir] -> C:\Users\Lisa\Desktop\OpenOffice.org

[twunk_32.exe.vir] -> C:\Windows\twunk_32.exe

[twunk_32.exe.vir] -> C:\Windows\twunk_32.exe

ERROR [n.vir] -> C:\$Recycle.Bin\S-1-5-18\$32bf8f5f13097800106f306c78257dcb\n

Time : 27/04/2013 22:13:13

--------------------------

[svcdns.exe.vir] -> C:\Windows\svcdns.exe

[twunk_32.exe.vir] -> C:\Windows\twunk_32.exe

[twunk_32.exe.vir] -> C:\Windows\twunk_32.exe

[twunk_32.exe.vir] -> C:\Windows\twunk_32.exe

[twunk_32.exe.vir] -> C:\Windows\twunk_32.exe

ERROR [dfcdfbdbcbfdad.exe.vir] -> C:\Users\Lisa\AppData\Roaming\d53f0c77-df66-4bd8-8bc2-6b41664f70d7ad\dfcdfbdbcbfdad.exe

ERROR [dfcdfbdbcbfdad.exe.vir] -> C:\Users\Lisa\AppData\Roaming\d53f0c77-df66-4bd8-8bc2-6b41664f70d7ad\dfcdfbdbcbfdad.exe

[twunk_32.exe.vir] -> C:\Windows\twunk_32.exe

Time : 27/04/2013 23:26:11

--------------------------

[twunk_32.exe.vir] -> C:\Windows\twunk_32.exe

[twunk_32.exe.vir] -> C:\Windows\twunk_32.exe

[twunk_32.exe.vir] -> C:\Windows\twunk_32.exe

ERROR [dfcdfbdbcbfdad.exe.vir] -> C:\Users\Lisa\AppData\Roaming\d53f0c77-df66-4bd8-8bc2-6b41664f70d7ad\dfcdfbdbcbfdad.exe

ERROR [dfcdfbdbcbfdad.exe.vir] -> C:\Users\Lisa\AppData\Roaming\d53f0c77-df66-4bd8-8bc2-6b41664f70d7ad\dfcdfbdbcbfdad.exe

[twunk_32.exe.vir] -> C:\Windows\twunk_32.exe

[ZeroAccess] Time : 27/04/2013 23:30:01

--------------------------

[n.vir] -> C:\$recycle.bin\S-1-5-18\$32bf8f5f13097800106f306c78257dcb\n

[ZeroAccess] Time : 27/04/2013 23:30:01

--------------------------

[ROOT.vir] -> C:\$recycle.bin\S-1-5-18\$32bf8f5f13097800106f306c78257dcb\U

[ZeroAccess] Time : 27/04/2013 23:30:01

--------------------------

[Desktop.ini.vir] -> C:\Windows\Assembly\GAC\Desktop.ini

Time : 27/04/2013 23:30:43

--------------------------

[twunk_32.exe.vir] -> C:\Windows\twunk_32.exe

[twunk_32.exe.vir] -> C:\Windows\twunk_32.exe

[twunk_32.exe.vir] -> C:\Windows\twunk_32.exe

ERROR [dfcdfbdbcbfdad.exe.vir] -> C:\Users\Lisa\AppData\Roaming\d53f0c77-df66-4bd8-8bc2-6b41664f70d7ad\dfcdfbdbcbfdad.exe

ERROR [dfcdfbdbcbfdad.exe.vir] -> C:\Users\Lisa\AppData\Roaming\d53f0c77-df66-4bd8-8bc2-6b41664f70d7ad\dfcdfbdbcbfdad.exe

[twunk_32.exe.vir] -> C:\Windows\twunk_32.exe

ERROR [dfcdfbdbcbfdad.exe.vir] -> C:\Users\Lisa\AppData\Roaming\d53f0c77-df66-4bd8-8bc2-6b41664f70d7ad\dfcdfbdbcbfdad.exe

[twunk_32.exe.vir] -> C:\Windows\twunk_32.exe

[twunk_32.exe.vir] -> C:\Windows\twunk_32.exe

Time : 27/04/2013 23:33:06

--------------------------

[twunk_32.exe.vir] -> C:\Windows\twunk_32.exe

[twunk_32.exe.vir] -> C:\Windows\twunk_32.exe

[twunk_32.exe.vir] -> C:\Windows\twunk_32.exe

ERROR [dfcdfbdbcbfdad.exe.vir] -> C:\Users\Lisa\AppData\Roaming\d53f0c77-df66-4bd8-8bc2-6b41664f70d7ad\dfcdfbdbcbfdad.exe

ERROR [dfcdfbdbcbfdad.exe.vir] -> C:\Users\Lisa\AppData\Roaming\d53f0c77-df66-4bd8-8bc2-6b41664f70d7ad\dfcdfbdbcbfdad.exe

[twunk_32.exe.vir] -> C:\Windows\twunk_32.exe

ERROR [dfcdfbdbcbfdad.exe.vir] -> C:\Users\Lisa\AppData\Roaming\d53f0c77-df66-4bd8-8bc2-6b41664f70d7ad\dfcdfbdbcbfdad.exe

[twunk_32.exe.vir] -> C:\Windows\twunk_32.exe

[twunk_32.exe.vir] -> C:\Windows\twunk_32.exe

ERROR [dfcdfbdbcbfdad.exe.vir] -> C:\Users\Lisa\AppData\Roaming\d53f0c77-df66-4bd8-8bc2-6b41664f70d7ad\dfcdfbdbcbfdad.exe

[twunk_32.exe.vir] -> C:\Windows\twunk_32.exe

[twunk_32.exe.vir] -> C:\Windows\twunk_32.exe

Time : 28/04/2013 21:25:07

--------------------------

[svcdns.exe.vir] -> C:\Windows\svcdns.exe

Time : 28/04/2013 21:26:37

--------------------------

[svcdns.exe.vir] -> C:\Windows\svcdns.exe

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

That looks like the contents of the quarantine folder from RogueKiller.

It's not from Security Check.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites
lsf

lsf

Posted
  • Author
Posted

ok last night I ran malwarebytes and nothing showed up. I still have a Boot file in the "E" drive I am sure it is part of a virus and then I moved the $recycle bin somewhere last night to see if the malwarebytes would capture in but it didn't. so It is somewhere on the computer its part of one the the viruses too. Then that should take care of it.

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

ok last night I ran malwarebytes and nothing showed up.

Your talking about the fixdamage tool?

I still have a Boot file in the "E" drive I am sure it is part of a virus

Delete it then

and then I moved the $recycle bin somewhere last night to see if the malwarebytes would capture in but it didn't. so It is somewhere on the computer its part of one the the viruses too.

I don't know what this means???? Why did you move the $recycle bin????

MrC

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.