FBI virus need help with fixlist.txt

[borg333]

I have the FBI virus. I ran malwarebytes, which didn't pick up anything. I'm posting the text of the FRST scan below. Please help!FRST.txtAddition.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-08-2013

Ran by freyj (administrator) on 10-08-2013 17:16:24

Running from E:\

Microsoft Windows 7 Enterprise  Service Pack 1 (X86) OS Language: English(US)

Internet Explorer Version 8

Boot Mode: Safe Mode (minimal)

 

==================== Processes (Whitelisted) ===================

 

(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE

(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

(Microsoft Corporation) C:\Windows\system32\cmd.exe

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [ccApp] - C:\Program Files\Common Files\Symantec Shared\ccApp.exe [115560 2009-07-08] (Symantec Corporation)

HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [501104 2011-04-04] (Alps Electric Co., Ltd.)

HKLM\...\Run: [DellControlPoint] - C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe [657920 2009-11-02] (Dell Inc.)

HKLM\...\Run: [NUSB3MON] - C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)

HKLM\...\Run: [intelPROSet] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1210640 2010-12-23] (Intel® Corporation)

HKLM\...\Run: [bCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)

HKLM\...\Run: [NVHotkey] - C:\Windows\system32\nvHotkey.dll [288872 2011-06-05] (NVIDIA Corporation)

HKLM\...\Run: [FreeFallProtection] - C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] ()

HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM\...\Run: [] -  [x]

HKLM\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [38984 2013-05-10] (Adobe Systems Incorporated)

HKLM\...\Run: [Acrobat Assistant 8.0] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840768 2013-05-10] (Adobe Systems Inc.)

HKLM\...\Run: [ConnectionCenter] - C:\Program Files\Citrix\ICA Client\concentr.exe [309184 2012-03-28] (Citrix Systems, Inc.)

HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)

HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2012-04-18] (Apple Inc.)

HKLM\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)

HKLM\...\runonceex: [] -  [x]

HKCU\...\Run: [Adobe Acrobat Synchronizer] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe [1272912 2013-05-10] (Adobe Systems Incorporated)

HKCU\...\Run: [GoogleDriveSync] - C:\Program Files\Google\Drive\googledrivesync.exe [19676256 2013-06-06] (Google)

HKCU\...\Run: [Google Update] - C:\Users\freyj\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-11-06] (Google Inc.)

HKCU\...\Winlogon: [shell] explorer.exe,C:\Users\freyj\AppData\Roaming\cache.dat [57856 2011-11-17] () <==== ATTENTION 

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell ControlPoint System Manager.lnk

ShortcutTarget: Dell ControlPoint System Manager.lnk -> C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe (Dell Inc.)

BootExecute: autocheck autochk /r \??\C:autocheck autochk * 

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://inside.umassmed.edu

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://inside.umassmed.edu

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_41-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0041-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_41-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_41-windows-i586.cab

Handler: AutorunsDisabled - No CLSID Value - 

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

FireFox:

========

FF ProfilePath: C:\Users\freyj\AppData\Roaming\Mozilla\Firefox\Profiles\38nnu54j.default

FF Homepage: https://login.umassonline.net/worcester.cfm

FF NetworkProxy: "no_proxies_on", "localhost,127.0.0.1"

FF NetworkProxy: "type", 0

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()

FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF Plugin: @java.com/DTPlugin,version=1.6.0_41 - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)

FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: Adobe Acrobat - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\freyj\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\freyj\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)

FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\freyj\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\freyj\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\freyj\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0041-ABCDEFFEDCBA}

FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn

FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn

 

Chrome: 

=======

CHR RestoreOnStartup:       "urls_to_restore_on_startup": null

CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}

CHR Plugin: (Shockwave Flash) - C:\Users\freyj\AppData\Local\Google\Chrome\User Data\PepperFlash\11.5.31.139\pepflashplayer.dll No File

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\pdf.dll ()

CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)

CHR Plugin: (Google Talk Plugin) - C:\Users\freyj\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\freyj\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File

CHR Plugin: (Java Platform SE 6 U37) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll No File

CHR Plugin: (Java Deployment Toolkit 6.0.370.6) - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)

CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll No File

CHR StartMenuInternet: Google Chrome - C:\Program Files\Google\Chrome\Application\chrome.exe

 

========================== Services (Whitelisted) =================

 

S2 buttonsvc32; C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe [278304 2009-11-20] (Dell Inc.)

S2 CBA8; C:\Program Files\LANDesk\Shared Files\residentagent.exe [157496 2012-08-27] (LANDesk Software, Inc. and its affiliates.)

R2 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108392 2009-07-08] (Symantec Corporation)

R2 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108392 2009-07-08] (Symantec Corporation)

S2 Credential Vault Host Control Service; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [812448 2010-03-24] (Broadcom Corporation)

S2 Credential Vault Host Storage; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [27040 2010-03-24] (Broadcom Corporation)

S2 dcpsysmgrsvc; C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [386928 2010-02-08] (Dell Inc.)

S2 Intel Local Scheduler Service; C:\Program Files\LANDesk\LDClient\LocalSch.EXE [199744 2012-10-04] (LANDesk Software, Inc. and its affiliates.)

S2 Intel PDS; C:\Windows\system32\CBA\pds.exe [32825 2007-08-31] (LANDesk Software Ltd.)

S2 ISSUSER; C:\PROGRA~1\LANDesk\LDClient\issuser.exe [986624 2012-10-18] (LANDesk Software, Inc. and its affiliates.)

S2 LANDesk Policy Invoker; C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe [218112 2012-10-17] (LANDesk Software, Inc. and its affiliates.)

S2 LANDesk Targeted Multicast; C:\Program Files\LANDesk\LDClient\tmcsvc.exe [179200 2012-10-04] (LANDesk Software, Inc. and its affiliates.)

S3 LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [3093880 2009-07-13] (Symantec Corporation)

S2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [1997416 2011-06-05] (NVIDIA Corporation)

S2 O2FLASH; C:\Windows\system32\DRIVERS\o2flash.exe [72296 2010-02-10] (O2Micro International)

S2 O2SDIOAssist; C:\Windows\system32\srvany.exe [8192 2003-04-18] ()

S2 ProcTrigger; C:\Program Files\LANDesk\LDClient\ProcTriggerSvc.exe [153376 2012-10-04] (LANDesk Software, Inc. and its affiliates.)

S2 rpcnet; C:\Windows\system32\rpcnet.exe [58288 2012-10-22] (Absolute Software Corp.)

S2 rpcnetp; C:\Windows\System32\rpcnetp.exe [17920 2013-08-10] ()

S2 SmcService; C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe [1864888 2009-09-17] (Symantec Corporation)

S4 SNAC; C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE [341320 2009-09-17] (Symantec Corporation)

S2 Softmon; C:\Program Files\LANDesk\LDClient\softmon.exe [639024 2012-11-14] (LANDesk Software, Inc. and its affiliates.)

R2 Symantec AntiVirus; C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2477304 2009-09-17] (Symantec Corporation)

S2 tracksvc; C:\Program Files\LANDesk\LDClient\tracksvc.exe [75608 2012-10-04] (LANDesk Software, Inc. and its affiliates.)

S2 ZcfgSvc7; C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe [577536 2010-12-23] (Intel® Corporation)

S2 rpcld; C:\ProgramData\Rpcnet\Bin\rpcld.exe [x]

 

==================== Drivers (Whitelisted) ====================

 

R3 Acceler; C:\Windows\System32\DRIVERS\Accelern.sys [43888 2010-12-13] (ST Microelectronics)

S3 btwampfl; C:\Windows\System32\drivers\btwampfl.sys [274472 2010-01-11] (Broadcom Corporation.)

S3 cvusbdrv; C:\Windows\System32\Drivers\cvusbdrv.sys [33832 2009-11-03] (Broadcom Corporation)

S3 e1cexpress; C:\Windows\System32\DRIVERS\e1c6232.sys [238760 2010-10-28] (Intel Corporation)

S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2013-07-16] (Symantec Corporation)

S3 FTDIBUS; C:\Windows\system32\drivers\ftdibus.sys [57800 2009-10-22] (FTDI Ltd.)

S3 hidkmdf; C:\Windows\system32\drivers\hidkmdf.sys [5632 2011-03-01] (Windows ® Win 7 DDK provider)

S3 ldblank; C:\Windows\System32\drivers\ldblank.sys [14848 2012-10-04] (LANDesk Software, Inc. and its affiliates.)

S3 ldmirror; C:\Windows\System32\DRIVERS\ldmirror.sys [5120 2012-10-04] (LANDesk Software, Inc. and its affiliates.)

S3 mirrorflt; C:\Windows\System32\DRIVERS\mirrorflt.sys [6656 2012-10-04] (LANDesk Software, Inc. and its affiliates.)

S3 NAVENG; C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20130807.022\NAVENG.SYS [93272 2013-07-16] (Symantec Corporation)

S3 NAVEX15; C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20130807.022\NAVEX15.SYS [1611992 2013-07-16] (Symantec Corporation)

S3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7434240 2010-12-21] (Intel Corporation)

S3 nusb3hub; C:\Windows\system32\drivers\nusb3hub.sys [62208 2010-11-19] (Renesas Electronics Corporation)

S3 nusb3xhc; C:\Windows\system32\drivers\nusb3xhc.sys [141568 2010-11-19] (Renesas Electronics Corporation)

R0 nvpciflt; C:\Windows\System32\DRIVERS\nvpciflt.sys [20328 2011-06-05] (NVIDIA Corporation)

R3 O2MDFRDR; C:\Windows\System32\DRIVERS\O2MDFw7.sys [60904 2011-01-04] (O2Micro )

S3 O2MDRRDR; C:\Windows\system32\drivers\O2MDRw7.sys [62440 2011-01-04] (O2Micro )

R3 O2SDJRDR; C:\Windows\System32\DRIVERS\o2sdjw7.sys [63976 2011-03-23] (O2Micro )

R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc)

S1 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [421424 2009-08-26] (Symantec Corporation)

S1 SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [281648 2009-08-25] (Symantec Corporation)

S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [320560 2009-08-25] (Symantec Corporation)

S1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [43696 2009-08-25] (Symantec Corporation)

R0 stdcfltn; C:\Windows\System32\DRIVERS\stdcfltn.sys [17648 2010-08-20] (ST Microelectronics)

S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [124976 2010-07-13] (Symantec Corporation)

S3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [26416 2009-09-03] (Symantec Corporation)

S1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [188080 2009-09-03] (Symantec Corporation)

S1 SysPlant; C:\Windows\SYSTEM32\Drivers\SysPlant.sys [92488 2009-09-17] (Symantec Corporation)

S3 Teefer2; C:\Windows\System32\DRIVERS\teefer2.sys [50064 2009-05-27] (Symantec Corporation)

R3 vhidmini; C:\Windows\System32\DRIVERS\vhidmini.sys [18816 2009-01-08] (Windows ® Codename Longhorn DDK provider)

R3 vmulti; C:\Windows\System32\DRIVERS\vmulti.sys [8192 2011-03-01] (Windows ® Win 7 DDK provider)

R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)

S1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)

S3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2009-09-22] (Microsoft Corporation)

S1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)

S1 WPS; C:\Windows\system32\drivers\wpsdrvnt.sys [42312 2009-09-17] (Symantec Corporation)

S3 WpsHelper; C:\Windows\system32\drivers\WpsHelper.sys [174056 2012-10-05] (Symantec Corporation)

S3 EraserUtilDrv11113; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11113.sys [x]

S3 EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]

S3 VGPU; System32\drivers\rdvgkmd.sys [x]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2013-08-10 14:59 - 2013-08-10 14:59 - 00001083 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-08-10 14:59 - 2013-08-10 14:59 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2013-08-10 14:59 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2013-08-10 14:42 - 2013-08-10 14:42 - 00000000 ____D C:\Users\freyj\AppData\Roaming\Malwarebytes

2013-08-10 14:42 - 2013-08-10 14:42 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-08-09 00:01 - 2013-08-10 12:09 - 00000008 _____ C:\Users\freyj\AppData\Roaming\cache.ini

2013-08-08 06:30 - 2013-08-08 06:30 - 06208674 _____ C:\Users\freyj\Downloads\RA presentation (1).pptx

2013-08-08 06:29 - 2013-08-08 06:29 - 06208674 _____ C:\Users\freyj\Downloads\RA presentation.pptx

2013-08-08 04:07 - 2013-08-08 06:28 - 06208674 _____ C:\Users\freyj\Desktop\RA presentation.pptx

2013-08-08 02:35 - 2013-08-08 02:35 - 14108096 _____ (Citrix Systems, Inc.) C:\Users\freyj\Downloads\CitrixOnlinePluginWeb (6).exe

2013-08-08 02:35 - 2013-08-08 02:35 - 00001715 _____ C:\Users\freyj\Downloads\launch (10).ica

2013-08-08 02:35 - 2013-06-04 23:05 - 02347520 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2013-08-08 02:35 - 2013-06-04 00:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll

2013-08-08 02:35 - 2013-05-27 01:02 - 00981504 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-08-08 02:35 - 2013-05-27 01:01 - 01231872 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-08-08 02:35 - 2013-05-27 01:01 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2013-08-08 02:35 - 2013-05-27 00:57 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-08-08 02:35 - 2013-05-27 00:57 - 00627712 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-08-08 02:35 - 2013-05-27 00:57 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2013-08-08 02:35 - 2013-05-27 00:56 - 11020800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-08-08 02:35 - 2013-05-27 00:56 - 02078208 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-08-08 02:35 - 2013-05-27 00:56 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-08-08 02:35 - 2013-05-27 00:56 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-08-08 02:35 - 2013-05-26 23:20 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-08-08 02:35 - 2013-05-06 00:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL

2013-08-08 02:35 - 2013-04-09 19:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll

2013-08-03 00:58 - 2013-08-03 00:59 - 00047293 _____ C:\Users\freyj\Downloads\video_hd_1.zip

2013-07-21 23:39 - 2013-07-21 23:39 - 23680850 _____ C:\Users\freyj\Downloads\Photoshop_CS6_13_0_1_1_upd.zip

2013-07-21 22:53 - 2013-08-04 21:16 - 00000000 ____D C:\Users\freyj\Desktop\POETRY

2013-07-13 04:14 - 2013-04-25 19:30 - 01505280 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll

2013-07-13 04:14 - 2013-03-19 00:53 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll

2013-07-13 04:14 - 2013-03-18 23:33 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll

2013-07-13 04:13 - 2013-05-09 23:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll

2013-07-13 04:12 - 2013-04-26 00:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll

2013-07-13 04:11 - 2013-05-13 00:45 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2013-07-13 04:11 - 2013-05-13 00:45 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll

2013-07-13 04:11 - 2013-05-13 00:45 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll

2013-07-13 04:11 - 2013-05-12 23:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe

2013-07-13 04:11 - 2013-05-12 23:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll

2013-07-13 02:04 - 2013-05-08 01:38 - 01293672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2013-07-13 02:04 - 2013-05-06 01:06 - 03968872 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe

2013-07-13 02:04 - 2013-05-06 01:06 - 03913576 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2013-07-13 02:04 - 2013-04-17 03:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2013-07-13 02:04 - 2013-04-10 01:18 - 00728424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2013-07-13 02:04 - 2013-04-10 01:18 - 00218984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys

2013-07-13 02:01 - 2013-02-27 01:05 - 00101720 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe

2013-07-13 02:01 - 2013-02-27 00:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2013-07-13 02:01 - 2013-02-27 00:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll

2013-07-13 02:01 - 2013-02-27 00:49 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

2013-07-13 02:01 - 2013-02-27 00:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll

 

==================== One Month Modified Files and Folders =======

 

2013-08-10 17:14 - 2013-08-10 17:14 - 00000000 ____D C:\FRST

2013-08-10 16:27 - 2010-11-17 11:06 - 00017920 _____ C:\Windows\system32\rpcnetp.exe

2013-08-10 16:15 - 2011-07-26 17:22 - 01224195 _____ C:\Windows\WindowsUpdate.log

2013-08-10 16:14 - 2010-07-13 09:43 - 00005348 _____ C:\Windows\system32\PerfStringBackup.INI

2013-08-10 16:11 - 2012-11-06 14:10 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-08-10 16:10 - 2011-07-14 13:30 - 00040152 _____ C:\Windows\setupact.log

2013-08-10 16:10 - 2010-11-17 11:09 - 00058288 _____ (Absolute Software Corp.) C:\Windows\system32\rpcnet.dll

2013-08-10 16:10 - 2010-11-17 11:07 - 00017920 _____ C:\Windows\system32\rpcnetp.dll

2013-08-10 16:10 - 2010-07-13 10:40 - 00000000 ____D C:\ProgramData\NVIDIA

2013-08-10 16:09 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-08-10 14:59 - 2013-08-10 14:59 - 00001083 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-08-10 14:59 - 2013-08-10 14:59 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2013-08-10 14:42 - 2013-08-10 14:42 - 00000000 ____D C:\Users\freyj\AppData\Roaming\Malwarebytes

2013-08-10 14:42 - 2013-08-10 14:42 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-08-10 12:09 - 2013-08-09 00:01 - 00000008 _____ C:\Users\freyj\AppData\Roaming\cache.ini

2013-08-10 12:03 - 2009-07-14 00:34 - 00024576 _____ C:\Windows\system32\umstartup000.etl

2013-08-09 01:14 - 2009-07-14 00:34 - 00014960 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-08-09 01:14 - 2009-07-14 00:34 - 00014960 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-08-09 01:13 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\Microsoft.NET

2013-08-09 00:05 - 2009-07-14 00:33 - 00414656 _____ C:\Windows\system32\FNTCACHE.DAT

2013-08-09 00:04 - 2011-06-24 15:05 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2013-08-09 00:04 - 2009-07-14 03:20 - 00000000 ____D C:\Program Files\Windows Journal

2013-08-09 00:04 - 2009-07-14 00:52 - 00000000 ____D C:\Program Files\Windows Defender

2013-08-08 23:53 - 2013-02-04 18:15 - 00000000 ____D C:\Users\freyj\AppData\Roaming\vlc

2013-08-08 23:45 - 2012-08-26 20:57 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-08-08 23:31 - 2012-11-06 14:10 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-08-08 23:23 - 2012-11-10 20:31 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1855000883-1368534861-315576832-309488UA.job

2013-08-08 21:00 - 2012-11-10 20:31 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1855000883-1368534861-315576832-309488Core.job

2013-08-08 06:30 - 2013-08-08 06:30 - 06208674 _____ C:\Users\freyj\Downloads\RA presentation (1).pptx

2013-08-08 06:29 - 2013-08-08 06:29 - 06208674 _____ C:\Users\freyj\Downloads\RA presentation.pptx

2013-08-08 06:28 - 2013-08-08 04:07 - 06208674 _____ C:\Users\freyj\Desktop\RA presentation.pptx

2013-08-08 03:19 - 2011-07-26 16:02 - 00000000 ____D C:\ProgramData\vulScan

2013-08-08 02:35 - 2013-08-08 02:35 - 14108096 _____ (Citrix Systems, Inc.) C:\Users\freyj\Downloads\CitrixOnlinePluginWeb (6).exe

2013-08-08 02:35 - 2013-08-08 02:35 - 00001715 _____ C:\Users\freyj\Downloads\launch (10).ica

2013-08-08 02:29 - 2010-07-13 10:23 - 75699896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2013-08-08 02:13 - 2011-08-26 17:22 - 00000000 ____D C:\Users\freyj\AppData\Roaming\Mozilla

2013-08-08 02:09 - 2010-07-13 09:53 - 00048608 _____ C:\Windows\PFRO.log

2013-08-04 23:42 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\rescache

2013-08-04 21:33 - 2011-08-09 14:38 - 00002008 _____ C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk

2013-08-04 21:31 - 2011-06-29 11:29 - 00000000 ____D C:\Program Files\Common Files\Adobe

2013-08-04 21:30 - 2011-08-09 14:39 - 00000000 ____D C:\Users\freyj\AppData\Local\Adobe

2013-08-04 21:29 - 2012-08-26 20:57 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2013-08-04 21:29 - 2011-07-15 13:06 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2013-08-04 21:26 - 2011-08-09 14:25 - 00000000 ___RD C:\Users\freyj\Virtual Machines

2013-08-04 21:16 - 2013-07-21 22:53 - 00000000 ____D C:\Users\freyj\Desktop\POETRY

2013-08-04 13:12 - 2010-07-13 12:32 - 00002064 _____ C:\Windows\system32\config\netlogon.ftl

2013-08-03 00:59 - 2013-08-03 00:58 - 00047293 _____ C:\Users\freyj\Downloads\video_hd_1.zip

2013-07-21 23:39 - 2013-07-21 23:39 - 23680850 _____ C:\Users\freyj\Downloads\Photoshop_CS6_13_0_1_1_upd.zip

2013-07-13 04:07 - 2010-07-13 09:39 - 00000000 ____D C:\ProgramData\Microsoft Help

 

Files to move or delete:

====================

C:\Users\freyj\AppData\Roaming\cache.dat

C:\Users\freyj\AppData\Roaming\cache.ini

 

==================== Bamital & volsnap Check =================

 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2013-08-04 23:35

 

==================== End Of Log ============================

[D-FRED-BROWN]

This should get you going.

 

Please do the following:

• Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
• Right-click in the open notepad and select Paste).
• Save it on the flashdrive as fixlist.txt

 

HKCU\...\Winlogon: [shell] explorer.exe,C:\Users\freyj\AppData\Roaming\cache.dat [57856 2011-11-17] () <==== ATTENTION
C:\Users\freyj\AppData\Roaming\cache.dat
C:\Users\freyj\AppData\Roaming\cache.ini

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options.

Run FRST and press the Fix button just once and wait. The tool will make a log on the flashdrive (Fixlog.txt) please post it in your next reply.

After that- are you able to boot into normal mode? Let me know when you can as we have more malware to remove.
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Note:

Please make sure you are subscribed to this topic: Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly"
 

-------> Your topic will be closed if you haven't replied within 3 days! <--------
(If I don't respond within 24 hours, please send me a PM)

-DFB

[borg333]

WOW that worked! Thanks for the reply! Here's the fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 09-08-2013

Ran by freyj at 2013-08-10 18:05:58 Run:1

Running from E:\

Boot Mode: Safe Mode (minimal)

 

==============================================

 

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon => Key deleted successfully.

C:\Users\freyj\AppData\Roaming\cache.dat => Moved successfully.

C:\Users\freyj\AppData\Roaming\cache.ini => Moved successfully.

 

==== End of Fixlog ====

[D-FRED-BROWN]

Glad to hear you can boot. Let's start getting rid of the rest of it:

----------Step 1----------------
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

• Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
  Vista/Windows 7 users right-click and select Run As Administrator.
• If TDSSKiller does not run, try renaming it.
• To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
• Click the Start Scan button.
• Do not use the computer during the scan
• If the scan completes with nothing found, click Close to exit.
• If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
• Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
• A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
• Copy and paste the contents of that file in your next reply.

----------Step 2----------------
Please download Malwarebytes Anti-Rootkit from HERE

• Unzip the contents to a folder in a convenient location.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
• Wait while the system shuts down and the cleanup process is performed.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
• When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

----------Step 3----------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.


NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


----------Step 4----------------
Please download Security Check by screen317 from here or here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

----------Step 5----------------
In your next reply, please include the following:

• TDSSKiller's logfile
• MBAR mbar-log.txt and system-log.txt
• ComboFix's report (C:\ComboFix.txt)
• Security Check checkup.txt

After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask.

[borg333]

I was unable to complete a scan with the Malwarebytes Anti-Rootkit, as it would freeze after about 15 minutes.

 

Here are the results of the other scans:

 

TDSSKiller.2.8.18.0_10.08.2013_18.25.29_log.txt

 

ComboFix.txt

 

checkup.txt

[D-FRED-BROWN]

Try running the MBAR scan in Safe Mode: http://windows.microsoft.com/en-us/windows/start-computer-safe-mode

[D-FRED-BROWN]

Still with me?

[AdvancedSetup]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!