Jump to content

gmer reports possible rootkit for fltmgr.sys


Recommended Posts

i have used combofix, malewarebytes and other tools to clean system, but gmer still states something wrong. please advise pasted results below

 

GMER 2.1.19155 - http://www.gmer.net
Rootkit quick scan 2013-08-13 13:57:31
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST980813AS rev.3.ADB 74.53GB
Running: kziy15r3.exe; Driver: C:\Users\Your\AppData\Local\Temp\kgldrpoc.sys
 
 
---- Devices - GMER 2.1 ----
 
AttachedDevice  \FileSystem\fastfat \Fat   fltmgr.sys
 
Device          \Driver\tdx \Device\Ip     OAmon.sys
Device          \Driver\tdx \Device\Tcp    OAmon.sys
Device          \Driver\tdx \Device\Udp    OAmon.sys
Device          \Driver\tdx \Device\RawIp  OAmon.sys
 
---- EOF - GMER 2.1 ----
 
Link to post
Share on other sites

Hello stormraider and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
I do not know why you think in this way. It is not true at all.

GMER showing that fltmgr.sys is running. This file is part of Microsoft Filesystem Filter Manager from Microsoft Corporation.

Others are part of firewall called Online Armor.

About ComboFix. Why did you use it? A huge mistake! Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Link to post
Share on other sites

i know currently it does not show anything, but im telling ya things keep appearing???

last time i ran combofix

 

Infected copy of c:\windows\system32\Services.exe was found and disinfected 
Restored copy from - c:\windows\erdnt\cache\services.exe 
 
further it keeps having to delete and quarantine the following:
2013-08-13 15:14:20 . 2013-08-13 15:14:20          154,112 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\wxbase294u_net_vc90.dll.vir
2013-08-13 15:14:20 . 2013-08-13 15:14:20           91,648 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\wxmsw294u_webview_vc90.dll.vir
2013-08-13 15:14:20 . 2013-08-13 15:14:20          595,968 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\wxmsw294u_html_vc90.dll.vir
2013-08-13 15:14:20 . 2013-08-13 15:14:20        1,234,944 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\wxmsw294u_adv_vc90.dll.vir
2013-08-13 15:14:20 . 2013-08-13 15:14:20        4,598,272 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\wxmsw294u_core_vc90.dll.vir
2013-08-13 15:14:20 . 2013-08-13 15:14:20        1,985,024 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\wxbase294u_vc90.dll.vir
2013-08-13 15:14:20 . 2013-08-13 15:14:20        2,436,608 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\python27.dll.vir
2013-08-13 15:14:20 . 2013-08-13 15:14:20           98,816 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\win32api.pyd.vir
2013-08-13 15:14:20 . 2013-08-13 15:14:20          128,512 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\_elementtree.pyd.vir
2013-08-13 15:14:20 . 2013-08-13 15:14:20           44,032 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\_socket.pyd.vir
2013-08-13 15:14:20 . 2013-08-13 15:14:20          557,056 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\pysqlite2._sqlite.pyd.vir
2013-08-13 15:14:20 . 2013-08-13 15:14:20           22,528 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\win32ts.pyd.vir
2013-08-13 15:14:20 . 2013-08-13 15:14:20          320,512 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\win32com.shell.shell.pyd.vir
2013-08-13 15:14:20 . 2013-08-13 15:14:20           26,624 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\_multiprocessing.pyd.vir
2013-08-13 15:14:20 . 2013-08-13 15:14:20           70,656 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\wx._html2.pyd.vir
2013-08-13 15:14:20 . 2013-08-13 15:14:20           11,264 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\win32crypt.pyd.vir
2013-08-13 15:14:20 . 2013-08-13 15:14:20          805,888 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\wx._gdi_.pyd.vir
2013-08-13 15:14:20 . 2013-08-13 15:14:20        1,022,416 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\windows._cacheinvalidation.pyd.vir
2013-08-13 15:14:20 . 2013-08-13 15:14:20           17,408 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\win32profile.pyd.vir
2013-08-13 15:14:20 . 2013-08-13 15:14:20          364,544 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\pythoncom27.dll.vir
2013-08-13 15:14:20 . 2013-08-13 15:14:20           87,040 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\_ctypes.pyd.vir
2013-08-13 15:14:20 . 2013-08-13 15:14:20          735,232 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\wx._misc_.pyd.vir
2013-08-13 15:14:20 . 2013-08-13 15:14:20          110,080 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\PyWinTypes27.dll.vir
2013-08-13 15:14:20 . 2013-08-13 15:14:20          108,544 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\win32security.pyd.vir
2013-08-13 15:14:20 . 2013-08-13 15:14:20        1,175,040 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\wx._core_.pyd.vir
2013-08-13 15:14:20 . 2013-08-13 15:14:20        1,153,024 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\_ssl.pyd.vir
2013-08-13 15:14:20 . 2013-08-13 15:14:20           25,600 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\win32pdh.pyd.vir
2013-08-13 15:14:20 . 2013-08-13 15:14:20           35,840 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\win32process.pyd.vir
2013-08-13 15:14:20 . 2013-08-13 15:14:20          711,680 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\_hashlib.pyd.vir
2013-08-13 15:14:20 . 2013-08-13 15:14:20          811,008 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\wx._windows_.pyd.vir
2013-08-13 15:14:20 . 2013-08-13 15:14:20          119,808 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\win32file.pyd.vir
2013-08-13 15:14:20 . 2013-08-13 15:14:20          122,368 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\wx._wizard.pyd.vir
2013-08-13 15:14:19 . 2013-08-13 15:14:20           38,912 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\win32inet.pyd.vir
2013-08-13 15:14:19 . 2013-08-13 15:14:19        1,062,400 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\wx._controls_.pyd.vir
2013-08-13 15:14:19 . 2013-08-13 15:14:19           18,432 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\win32event.pyd.vir
2013-08-13 15:14:19 . 2013-08-13 15:14:19          127,488 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\pyexpat.pyd.vir
2013-08-13 15:14:19 . 2013-08-13 15:14:19          686,080 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\unicodedata.pyd.vir
2013-08-13 15:14:19 . 2013-08-13 15:14:19           10,240 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI24162\select.pyd.vir
2013-08-13 03:37:37 . 2013-08-13 03:37:37              558 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\SafeBoot-70396446.sys.reg.dat
2013-08-09 13:31:14 . 2013-08-09 13:31:14               73 ----a-w-  C:\Qoobox\Quarantine\C\Windows\wininit.ini.vir
2013-08-08 15:52:51 . 2013-08-08 15:52:51           91,648 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\wxmsw294u_webview_vc90.dll.vir
2013-08-08 15:52:51 . 2013-08-08 15:52:51          154,112 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\wxbase294u_net_vc90.dll.vir
2013-08-08 15:52:51 . 2013-08-08 15:52:51          595,968 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\wxmsw294u_html_vc90.dll.vir
2013-08-08 15:52:51 . 2013-08-08 15:52:51        1,234,944 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\wxmsw294u_adv_vc90.dll.vir
2013-08-08 15:52:51 . 2013-08-08 15:52:51        4,598,272 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\wxmsw294u_core_vc90.dll.vir
2013-08-08 15:52:51 . 2013-08-08 15:52:51        1,985,024 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\wxbase294u_vc90.dll.vir
2013-08-08 15:52:50 . 2013-08-08 15:52:50        2,436,608 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\python27.dll.vir
2013-08-08 15:52:50 . 2013-08-08 15:52:50          128,512 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\_elementtree.pyd.vir
2013-08-08 15:52:50 . 2013-08-08 15:52:50          557,056 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\pysqlite2._sqlite.pyd.vir
2013-08-08 15:52:50 . 2013-08-08 15:52:50           98,816 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\win32api.pyd.vir
2013-08-08 15:52:50 . 2013-08-08 15:52:50           22,528 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\win32ts.pyd.vir
2013-08-08 15:52:50 . 2013-08-08 15:52:50           44,032 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\_socket.pyd.vir
2013-08-08 15:52:50 . 2013-08-08 15:52:50          320,512 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\win32com.shell.shell.pyd.vir
2013-08-08 15:52:50 . 2013-08-08 15:52:50           26,624 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\_multiprocessing.pyd.vir
2013-08-08 15:52:50 . 2013-08-08 15:52:50           11,264 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\win32crypt.pyd.vir
2013-08-08 15:52:50 . 2013-08-08 15:52:50           70,656 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\wx._html2.pyd.vir
2013-08-08 15:52:50 . 2013-08-08 15:52:50        1,022,416 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\windows._cacheinvalidation.pyd.vir
2013-08-08 15:52:50 . 2013-08-08 15:52:50          805,888 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\wx._gdi_.pyd.vir
2013-08-08 15:52:50 . 2013-08-08 15:52:50           17,408 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\win32profile.pyd.vir
2013-08-08 15:52:50 . 2013-08-08 15:52:50           87,040 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\_ctypes.pyd.vir
2013-08-08 15:52:50 . 2013-08-08 15:52:50          364,544 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\pythoncom27.dll.vir
2013-08-08 15:52:50 . 2013-08-08 15:52:50          735,232 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\wx._misc_.pyd.vir
2013-08-08 15:52:50 . 2013-08-08 15:52:50          110,080 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\PyWinTypes27.dll.vir
2013-08-08 15:52:50 . 2013-08-08 15:52:50          108,544 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\win32security.pyd.vir
2013-08-08 15:52:50 . 2013-08-08 15:52:50        1,175,040 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\wx._core_.pyd.vir
2013-08-08 15:52:50 . 2013-08-08 15:52:50        1,153,024 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\_ssl.pyd.vir
2013-08-08 15:52:49 . 2013-08-08 15:52:49           25,600 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\win32pdh.pyd.vir
2013-08-08 15:52:49 . 2013-08-08 15:52:49           35,840 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\win32process.pyd.vir
2013-08-08 15:52:49 . 2013-08-08 15:52:49          711,680 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\_hashlib.pyd.vir
2013-08-08 15:52:49 . 2013-08-08 15:52:49          811,008 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\wx._windows_.pyd.vir
2013-08-08 15:52:49 . 2013-08-08 15:52:49          122,368 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\wx._wizard.pyd.vir
2013-08-08 15:52:49 . 2013-08-08 15:52:49          119,808 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\win32file.pyd.vir
2013-08-08 15:52:49 . 2013-08-08 15:52:49           38,912 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\win32inet.pyd.vir
2013-08-08 15:52:49 . 2013-08-08 15:52:49        1,062,400 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\wx._controls_.pyd.vir
2013-08-08 15:52:49 . 2013-08-08 15:52:49          127,488 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\pyexpat.pyd.vir
2013-08-08 15:52:49 . 2013-08-08 15:52:49           10,240 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\select.pyd.vir
2013-08-08 15:52:49 . 2013-08-08 15:52:49          686,080 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\unicodedata.pyd.vir
2013-08-08 15:52:49 . 2013-08-08 15:52:49           18,432 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI40402\win32event.pyd.vir
2013-08-06 15:42:54 . 2013-08-06 15:42:54           91,648 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\wxmsw294u_webview_vc90.dll.vir
2013-08-06 15:42:54 . 2013-08-06 15:42:54          154,112 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\wxbase294u_net_vc90.dll.vir
2013-08-06 15:42:53 . 2013-08-06 15:42:53          595,968 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\wxmsw294u_html_vc90.dll.vir
2013-08-06 15:42:52 . 2013-08-06 15:42:53        1,234,944 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\wxmsw294u_adv_vc90.dll.vir
2013-08-06 15:42:51 . 2013-08-06 15:42:52        4,598,272 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\wxmsw294u_core_vc90.dll.vir
2013-08-06 15:42:51 . 2013-08-06 15:42:51        1,985,024 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\wxbase294u_vc90.dll.vir
2013-08-06 15:42:51 . 2013-08-06 15:42:51        2,436,608 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\python27.dll.vir
2013-08-06 15:42:51 . 2013-08-06 15:42:51          128,512 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\_elementtree.pyd.vir
2013-08-06 15:42:51 . 2013-08-06 15:42:51           44,032 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\_socket.pyd.vir
2013-08-06 15:42:51 . 2013-08-06 15:42:51           98,816 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\win32api.pyd.vir
2013-08-06 15:42:51 . 2013-08-06 15:42:51           22,528 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\win32ts.pyd.vir
2013-08-06 15:42:50 . 2013-08-06 15:42:51          557,056 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\pysqlite2._sqlite.pyd.vir
2013-08-06 15:42:50 . 2013-08-06 15:42:50           26,624 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\_multiprocessing.pyd.vir
2013-08-06 15:42:50 . 2013-08-06 15:42:50          320,512 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\win32com.shell.shell.pyd.vir
2013-08-06 15:42:49 . 2013-08-06 15:42:50           70,656 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\wx._html2.pyd.vir
2013-08-06 15:42:49 . 2013-08-06 15:42:49           11,264 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\win32crypt.pyd.vir
2013-08-06 15:42:49 . 2013-08-06 15:42:49          805,888 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\wx._gdi_.pyd.vir
2013-08-06 15:42:49 . 2013-08-06 15:42:49        1,022,416 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\windows._cacheinvalidation.pyd.vir
2013-08-06 15:42:48 . 2013-08-06 15:42:48           17,408 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\win32profile.pyd.vir
2013-08-06 15:42:48 . 2013-08-06 15:42:48           87,040 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\_ctypes.pyd.vir
2013-08-06 15:42:48 . 2013-08-06 15:42:48          364,544 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\pythoncom27.dll.vir
2013-08-06 15:42:47 . 2013-08-06 15:42:48          735,232 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\wx._misc_.pyd.vir
2013-08-06 15:42:47 . 2013-08-06 15:42:47          110,080 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\PyWinTypes27.dll.vir
2013-08-06 15:42:47 . 2013-08-06 15:42:47          108,544 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\win32security.pyd.vir
2013-08-06 15:42:47 . 2013-08-06 15:42:47        1,175,040 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\wx._core_.pyd.vir
2013-08-06 15:42:46 . 2013-08-06 15:42:46        1,153,024 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\_ssl.pyd.vir
2013-08-06 15:42:45 . 2013-08-06 15:42:46           25,600 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\win32pdh.pyd.vir
2013-08-06 15:42:45 . 2013-08-06 15:42:45           35,840 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\win32process.pyd.vir
2013-08-06 15:42:45 . 2013-08-06 15:42:45          711,680 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\_hashlib.pyd.vir
2013-08-06 15:42:45 . 2013-08-06 15:42:45          811,008 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\wx._windows_.pyd.vir
2013-08-06 15:42:45 . 2013-08-06 15:42:45          122,368 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\wx._wizard.pyd.vir
2013-08-06 15:42:45 . 2013-08-06 15:42:45          119,808 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\win32file.pyd.vir
2013-08-06 15:42:44 . 2013-08-06 15:42:44           38,912 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\win32inet.pyd.vir
2013-08-06 15:42:43 . 2013-08-06 15:42:43        1,062,400 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\wx._controls_.pyd.vir
2013-08-06 15:42:42 . 2013-08-06 15:42:42           18,432 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\win32event.pyd.vir
2013-08-06 15:42:42 . 2013-08-06 15:42:42          127,488 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\pyexpat.pyd.vir
2013-08-06 15:42:42 . 2013-08-06 15:42:42          686,080 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\unicodedata.pyd.vir
2013-08-06 15:42:41 . 2013-08-06 15:42:42           10,240 ----a-w-  C:\Qoobox\Quarantine\C\Users\Your\AppData\Local\temp\_MEI10922\select.pyd.vir
2013-08-02 23:04:53 . 2013-08-13 15:36:06           22,849 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2013-08-02 22:59:51 . 2013-08-13 15:23:46              512 ----a-w-  C:\Qoobox\Quarantine\MBR_HardDisk0.mbr
2013-08-02 22:58:11 . 2013-08-13 15:24:03              629 ----a-w-  C:\Qoobox\Quarantine\catchme.log
2013-04-24 12:31:07 . 2013-04-12 13:45:29        1,211,752 ----a-w-  C:\Qoobox\Quarantine\C\Windows\System32\drivers\ntfs.sys.vir
2012-05-18 16:13:27 . 2010-11-20 12:21:04          551,424 ----a-w-  C:\Qoobox\Quarantine\C\Windows\System32\samsrv.dll.vir
2009-07-13 23:11:26 . 2009-07-14 01:14:36          259,072 ----a-w-  C:\Qoobox\Quarantine\C\Windows\System32\Services.exe.vir
 
Link to post
Share on other sites

Please download Malwarebytes Anti-Rootkit from here

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt
Link to post
Share on other sites

mbar-log.txt

 

Malwarebytes Anti-Rootkit BETA 1.06.1.1005
www.malwarebytes.org
 
Database version: v2013.08.14.04
 
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16660
Your :: YOUR-PC [administrator]
 
8/14/2013 10:30:54 AM
mbar-log-2013-08-14 (10-30-54).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 257748
Time elapsed: 24 minute(s), 32 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
 
------------------------------------------------------------------
system-log.txt
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.1.1005
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x86
 
Account is Administrative
 
Internet Explorer version: 10.0.9200.16660
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.828000 GHz
Memory total: 2137460736, free: 487149568
 
=======================================
 
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.1.1005
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x86
 
Account is Administrative
 
Internet Explorer version: 10.0.9200.16660
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.828000 GHz
Memory total: 2137460736, free: 542674944
 
Downloaded database version: v2013.08.14.04
Initializing...
------------ Kernel report ------------
     08/14/2013 10:30:46
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\pcmcia.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\aswSnx.SYS
\??\C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\??\C:\Windows\system32\drivers\OAmon.sys
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\Drivers\aswrdr2.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\??\C:\Windows\system32\drivers\oahlp32.sys
\??\C:\Windows\system32\drivers\OADriver.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\System32\Drivers\aswSP.SYS
\??\C:\Program Files\Emsisoft Anti-Malware\a2util32.sys
\??\C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\easytthr.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\igdkmd32.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\bcmwl6.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\bcm4sbxp.sys
\SystemRoot\system32\drivers\1394ohci.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\lmimirr.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\tap0901.sys
\SystemRoot\system32\DRIVERS\oanet.sys
\SystemRoot\system32\DRIVERS\pneteth.sys
\SystemRoot\system32\DRIVERS\pnetmdm.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\HSXHWAZL.sys
\SystemRoot\system32\DRIVERS\HSX_DPV.sys
\SystemRoot\system32\DRIVERS\HSX_CNXT.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\drivers\LVUSBSta.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\aswMonFlt.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\??\C:\Program Files\LogMeIn\x86\RaInfo.sys
\??\C:\Windows\system32\drivers\LMIRfsDriver.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\LVPr2Mon.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Users\Your\Downloads\virus-removal\cce_2.3.219500.176_x32\CCE\ccekrnl.dat
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\system32\DRIVERS\usb8023x.sys
\SystemRoot\system32\DRIVERS\RNDISMPX.SYS
\SystemRoot\system32\DRIVERS\WinUsb.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR4
Upper Device Object: 0xffffffff84e5f5a8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\000000c5\
Lower Device Object: 0xffffffff84c2fca8
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff85c54600
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000008d\
Lower Device Object: 0xffffffff861f7498
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff85a3e440
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xffffffff85587030
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff85a3e440, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff85a3f020, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff85a3e440, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff84ca4608, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff85587030, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 41AB2316
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 156092416
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 80026361856 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-156281488-156301488)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff85c54600, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff861fd500, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff85c54600, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff861f7498, DeviceName: \Device\0000008d\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C3072E18
 
Partition information:
 
    Partition 0 type is Other (0xb)
    Partition is ACTIVE.
    Partition starts at LBA: 32  Numsec = 7831520
    Partition file system is FAT32
    Partition is not bootable
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 4026531840 bytes
Sector size: 512 bytes
 
Done!
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff84e5f5a8, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff85e2c708, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff84e5f5a8, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff84c2fca8, DeviceName: \Device\000000c5\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_1_0_32_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_r.mbam...
Removal finished
 
Link to post
Share on other sites

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites
C:\Users\All Users\Codec\runtime.dll Win32/GenUpdater application

C:\ProgramData\Codec\runtime.dll Win32/GenUpdater application cleaned by deleting - quarantined

C:\Users\Your\Downloads\adt\PDAnet_For_Android_+_Crack_secure.exe Win32/TopMedia.B application cleaned by deleting - quarantined
Link to post
Share on other sites

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
  • Please copy/paste the contents or attach that log file to your next reply.
  • If needed the file can be located here: C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
Link to post
Share on other sites
ComboFix 13-08-11.02 - Your 08/15/2013  10:52:59.104.2 - x86

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2038.837 [GMT -4:00]

Running from: c:\users\Your\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

FW: Online Armor Firewall *Enabled* {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Your\AppData\Local\Temp\_MEI7682\_ctypes.pyd

c:\users\Your\AppData\Local\Temp\_MEI7682\_elementtree.pyd

c:\users\Your\AppData\Local\Temp\_MEI7682\_hashlib.pyd

c:\users\Your\AppData\Local\Temp\_MEI7682\_multiprocessing.pyd

c:\users\Your\AppData\Local\Temp\_MEI7682\_socket.pyd

c:\users\Your\AppData\Local\Temp\_MEI7682\_ssl.pyd

c:\users\Your\AppData\Local\temp\_MEI7682\pyexpat.pyd

c:\users\Your\AppData\Local\temp\_MEI7682\pysqlite2._sqlite.pyd

c:\users\Your\AppData\Local\temp\_MEI7682\python27.dll

c:\users\Your\AppData\Local\Temp\_MEI7682\pythoncom27.dll

c:\users\Your\AppData\Local\Temp\_MEI7682\PyWinTypes27.dll

c:\users\Your\AppData\Local\temp\_MEI7682\select.pyd

c:\users\Your\AppData\Local\Temp\_MEI7682\unicodedata.pyd

c:\users\Your\AppData\Local\Temp\_MEI7682\win32api.pyd

c:\users\Your\AppData\Local\Temp\_MEI7682\win32com.shell.shell.pyd

c:\users\Your\AppData\Local\Temp\_MEI7682\win32crypt.pyd

c:\users\Your\AppData\Local\temp\_MEI7682\win32event.pyd

c:\users\Your\AppData\Local\Temp\_MEI7682\win32file.pyd

c:\users\Your\AppData\Local\Temp\_MEI7682\win32inet.pyd

c:\users\Your\AppData\Local\temp\_MEI7682\win32pdh.pyd

c:\users\Your\AppData\Local\Temp\_MEI7682\win32process.pyd

c:\users\Your\AppData\Local\Temp\_MEI7682\win32profile.pyd

c:\users\Your\AppData\Local\temp\_MEI7682\win32security.pyd

c:\users\Your\AppData\Local\temp\_MEI7682\win32ts.pyd

c:\users\Your\AppData\Local\Temp\_MEI7682\windows._cacheinvalidation.pyd

c:\users\Your\AppData\Local\Temp\_MEI7682\wx._controls_.pyd

c:\users\Your\AppData\Local\Temp\_MEI7682\wx._core_.pyd

c:\users\Your\AppData\Local\temp\_MEI7682\wx._gdi_.pyd

c:\users\Your\AppData\Local\Temp\_MEI7682\wx._html2.pyd

c:\users\Your\AppData\Local\temp\_MEI7682\wx._misc_.pyd

c:\users\Your\AppData\Local\Temp\_MEI7682\wx._windows_.pyd

c:\users\Your\AppData\Local\Temp\_MEI7682\wx._wizard.pyd

c:\users\Your\AppData\Local\Temp\_MEI7682\wxbase294u_net_vc90.dll

c:\users\Your\AppData\Local\temp\_MEI7682\wxbase294u_vc90.dll

c:\users\Your\AppData\Local\temp\_MEI7682\wxmsw294u_adv_vc90.dll

c:\users\Your\AppData\Local\temp\_MEI7682\wxmsw294u_core_vc90.dll

c:\users\Your\AppData\Local\Temp\_MEI7682\wxmsw294u_html_vc90.dll

c:\users\Your\AppData\Local\Temp\_MEI7682\wxmsw294u_webview_vc90.dll

.

.

(((((((((((((((((((((((((   Files Created from 2013-07-15 to 2013-08-15  )))))))))))))))))))))))))))))))

.

.

2013-08-15 15:14 . 2013-08-15 15:20 -------- d-----w- c:\users\Your\AppData\Local\temp

2013-08-15 15:14 . 2013-08-15 15:14 -------- d-----w- c:\users\Public\AppData\Local\temp

2013-08-15 15:14 . 2013-08-15 15:14 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-08-15 15:14 . 2013-08-15 15:14 -------- d-----w- c:\users\Guest\AppData\Local\temp

2013-08-14 17:21 . 2013-08-14 17:21 -------- d-----w- c:\program files\ESET

2013-08-14 03:47 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL

2013-08-14 03:46 . 2013-07-09 05:03 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-08-14 03:46 . 2013-07-09 05:03 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-08-14 03:46 . 2013-07-09 04:53 1289096 ----a-w- c:\windows\system32\ntdll.dll

2013-08-14 03:46 . 2013-07-06 05:05 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-08-14 03:46 . 2013-07-09 04:52 175104 ----a-w- c:\windows\system32\wintrust.dll

2013-08-14 03:46 . 2013-07-09 04:46 140288 ----a-w- c:\windows\system32\cryptsvc.dll

2013-08-14 03:46 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\system32\crypt32.dll

2013-08-14 03:46 . 2013-07-09 04:46 103936 ----a-w- c:\windows\system32\cryptnet.dll

2013-08-14 03:46 . 2013-07-19 01:41 2048 ----a-w- c:\windows\system32\tzres.dll

2013-08-14 03:46 . 2013-06-15 03:38 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys

2013-08-13 20:38 . 2013-07-09 04:50 652800 ----a-w- c:\windows\system32\rpcrt4.dll

2013-08-13 16:20 . 2013-08-13 16:20 -------- d-----w- c:\users\Your\AppData\Roaming\FixZeroAccess

2013-08-13 16:20 . 2013-08-13 16:20 35752 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys

2013-08-13 16:15 . 2013-08-13 16:15 1805736 ----a-w- C:\FixZeroAccess.exe

2013-08-12 13:30 . 2013-08-12 13:30 -------- d-----w- C:\TDSSKiller_Quarantine

2013-08-10 21:56 . 2013-07-02 06:54 7143960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E2A9BE54-EAA1-47B4-B185-1CC7EFDAA524}\mpengine.dll

2013-08-09 13:45 . 2013-07-02 06:54 7143960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-07-30 19:43 . 2013-08-12 13:24 24416 ----a-w- c:\windows\system32\drivers\regguard.sys

2013-07-20 14:38 . 2013-07-20 14:38 -------- d-----w- C:\AppInventor

2013-07-20 13:51 . 2013-07-20 13:51 -------- d-----w- c:\program files\Common Files\Java

2013-07-20 13:50 . 2013-07-20 13:50 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-07-18 07:01 . 2013-08-14 07:11 -------- d-----w- c:\windows\system32\MRT

2013-07-17 12:56 . 2013-07-17 12:56 698504 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{88AA4B22-95F5-44C0-A1DD-B85538ED6C0D}\gapaengine.dll

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-07-20 13:50 . 2012-07-11 01:54 867240 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-07-20 13:50 . 2012-07-11 01:54 789416 ----a-w- c:\windows\system32\deployJava1.dll

2013-06-21 00:34 . 2012-06-12 23:22 724464 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2013-06-19 01:50 . 2013-06-19 01:50 211560 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2013-06-19 01:50 . 2011-04-27 19:25 107392 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2013-06-17 17:09 . 2012-05-17 17:28 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-06-17 17:09 . 2012-05-17 17:28 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-06-17 17:09 . 2013-06-17 17:09 9089416 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe

2013-06-10 03:53 . 2013-05-22 22:57 357814 ----a-w- C:\SDK Manager.exe

2013-06-09 19:20 . 2013-06-09 19:20 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys

2013-06-09 19:20 . 2013-06-09 19:20 2 --shatr- c:\windows\winstart.bat

2013-06-06 16:51 . 2013-06-06 16:51 40208 ----a-w- c:\windows\system32\Partizan.exe

2013-06-05 16:08 . 2013-06-09 19:20 12800 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys

2013-06-05 03:05 . 2013-07-13 14:20 2347520 ----a-w- c:\windows\system32\win32k.sys

2013-06-04 04:53 . 2013-07-13 14:20 509440 ----a-w- c:\windows\system32\qedit.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-10-30 23:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2013-06-07 03:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2013-06-07 03:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2013-06-07 03:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2013-06-07 03:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2013-06-07 03:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2013-06-07 03:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2013-06-07 19676256]

"EasyTether"="c:\program files\Mobile Stream\EasyTether\easytthr.exe" [2013-03-11 49960]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 995176]

"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]

"@OnlineArmor GUI"="c:\program files\Online Armor\oaui.exe" [2012-10-02 2415104]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

.

c:\users\Your\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

PdaNet Desktop.lnk - c:\program files\PdaNet for Android\PdaNetPC.exe [2013-6-18 1054320]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"EnableShellExecuteHooks"= 1 (0x1)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\ONLINE~1\oaevent.dll" [2012-10-02 366440]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ   autocheck autochk *\0Partizan

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]

@=""

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]

2007-05-11 02:46 624248 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

2012-02-21 01:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]

2010-03-13 18:54 91520 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]

2012-05-22 12:13 980920 ----a-w- c:\progra~1\Eraser\Eraser.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jing]

2013-01-07 19:56 2909640 ----a-w- c:\program files\TechSmith\Jing\Jing.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]

2009-10-14 17:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]

2012-10-10 15:22 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]

2012-05-25 08:25 6595928 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2012-04-19 00:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2012-07-13 17:33 17418928 ----a-r- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

2009-03-05 20:07 2260480 --s-a-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

2012-11-01 19:45 4763008 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THGuard]

2011-12-06 15:06 1088280 ----a-w- c:\program files\TrojanHunter 5.5\THGuard.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

2012-06-28 15:40 74752 ----a-w- c:\program files\Winamp\winampa.exe

.

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-09-14 116648]

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-06-07 160944]

R3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [2012-04-30 54072]

R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\smhwadb.sys [2009-12-24 25728]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-09-14 116648]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-09-03 227232]

R3 MFE_RR;MFE_RR;c:\users\Your\AppData\Local\Temp\mfe_rr.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-06-19 107392]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-06-20 295376]

R3 RegGuard;RegGuard;c:\windows\system32\Drivers\regguard.sys [2013-08-12 24416]

R3 smhwdev;SmartPhone dummy USB PNP Device (Normal);c:\windows\system32\DRIVERS\smhwdev.sys [2010-01-13 100864]

R3 smhwser;USB Device for Legacy Serial Communication (Normal);c:\windows\system32\DRIVERS\smhwser.sys [2010-02-04 108032]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-18 1343400]

S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [2011-05-19 17904]

S1 a2injectiondriver;a2injectiondriver;c:\program files\Emsisoft Anti-Malware\a2dix86.sys [2012-04-30 37856]

S1 a2util;a-squared Malware-IDS utility driver;c:\program files\Emsisoft Anti-Malware\a2util32.sys [2010-05-05 11776]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2012-10-02 208320]

S1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [2012-10-02 44992]

S1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2012-10-02 27648]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]

S2 a2AntiMalware;Emsisoft Anti-Malware 6.6 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2012-12-20 3089320]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 58680]

S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2012-10-19 374704]

S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2012-08-24 12856]

S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]

S2 OAcat;Online Armor Helper Service;c:\program files\Online Armor\OAcat.exe [2012-10-02 216072]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-07-12 3289472]

S2 SvcOnlineArmor;Online Armor;c:\program files\Online Armor\oasrv.exe [2012-10-02 4463864]

S3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [2013-03-11 18248]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]

S3 OAnet;OnlineArmor Service;c:\windows\system32\DRIVERS\oanet.sys [2012-10-02 31768]

S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2011-11-25 13440]

S3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm.sys [2006-09-28 9472]

.

.

Contents of the 'Scheduled Tasks' folder

.

2013-08-15 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-17 17:09]

.

2013-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-14 13:49]

.

2013-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-14 13:49]

.

2013-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3097053523-473510782-61955550-1001Core.job

- c:\users\Your\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-18 14:54]

.

2013-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3097053523-473510782-61955550-1001UA.job

- c:\users\Your\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-18 14:54]

.

2013-06-09 c:\windows\Tasks\UnHackMe Task Scheduler.job

- c:\program files\UnHackMe\hackmon.exe [2013-06-09 16:08]

.

.

------- Supplementary Scan -------

.


TCP: Interfaces\{0FA4536C-5362-43AF-9C7A-0F8687676AC1}: NameServer = 8.8.8.8,8.8.4.4

FF - ProfilePath - c:\users\Your\AppData\Roaming\Mozilla\Firefox\Profiles\p59bolky.default-1359738013182\


.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-02777654.sys

.

.

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(2172)

c:\windows\system32\dhcpcsvc.DLL

c:\windows\system32\dhcpcsvc6.DLL

c:\program files\SUPERAntiSpyware\SASSEH.DLL

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Microsoft Security Client\MsMpEng.exe

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\windows\System32\WUDFHost.exe

c:\windows\system32\taskhost.exe

c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

c:\windows\system32\conhost.exe

c:\program files\Windows Media Player\wmpnetwk.exe

.

**************************************************************************

.

Completion time: 2013-08-15  11:26:36 - machine was rebooted

ComboFix-quarantined-files.txt  2013-08-15 15:26

ComboFix2.txt  2013-08-13 15:54

ComboFix3.txt  2013-08-13 15:02

ComboFix4.txt  2013-08-13 03:38

ComboFix5.txt  2013-08-15 14:50

.

Pre-Run: 33,398,194,176 bytes free

Post-Run: 33,646,960,640 bytes free

.

- - End Of File - - 21C508602D81B521B86AE50F15E1DA80

A36C5E4F47E84449FF07ED3517B43A31
Link to post
Share on other sites
7-Zip 9.20

Add or Remove Adobe Creative Suite 3 Master Collection

Adobe Acrobat 8 Professional

Adobe After Effects CS3

Adobe After Effects CS3 Presets

Adobe After Effects CS3 Third Party Content

Adobe Anchor Service CS3

Adobe Asset Services CS3

Adobe Bridge CS3

Adobe Bridge Start Meeting

Adobe BridgeTalk Plugin CS3

Adobe Camera Raw 4.0

Adobe CMaps

Adobe Color - Photoshop Specific

Adobe Color Common Settings

Adobe Color EU Extra Settings

Adobe Color JA Extra Settings

Adobe Color NA Recommended Settings

Adobe Contribute CS3

Adobe Creative Suite 3 Master Collection

Adobe Default Language CS3

Adobe Device Central CS3

Adobe Dreamweaver CS3

Adobe Encore CS3

Adobe Encore CS3 Codecs

Adobe ExtendScript Toolkit 2

Adobe Extension Manager CS3

Adobe Fireworks CS3

Adobe Flash CS3

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Flash Video Encoder

Adobe Fonts All

Adobe Help Viewer CS3

Adobe Illustrator CS3

Adobe InDesign CS3

Adobe InDesign CS3 Icon Handler

Adobe Linguistics CS3

Adobe MotionPicture Color Files

Adobe PDF Library Files

Adobe Photoshop CS3

Adobe Premiere Pro CS3

Adobe Premiere Pro CS3 Functional Content

Adobe Premiere Pro CS3 Third Party Content

Adobe Setup

Adobe SING CS3

Adobe Soundbooth CS3 Codecs

Adobe Stock Photos CS3

Adobe Type Support

Adobe Update Manager CS3

Adobe Version Cue CS3 Client

Adobe Video Profiles

Adobe WAS CS3

Adobe WinSoft Linguistics Plugin

Adobe XMP DVA Panels CS3

Adobe XMP Panels CS3

AHV content for Acrobat and Flash

Android SDK Tools

Android Sync Manager WiFi

AppInventor Setup

Apple Application Support

Apple Software Update

Autodesk 3ds Max 8

Autodesk DWF Viewer

avast! Free Antivirus

AVG Anti-Rootkit Free

Backburner

CCleaner

Conexant HDA D110 MDC V.92 Modem

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

DriverTools 1.0

EasyTether

EasyTether ADB USB driver

Emsisoft Anti-Malware

Eraser 6.0.10.2620

ESET Online Scanner v3

FileZilla Client 3.6.0.2

Google Chrome

Google Drive

Google Gmail Notifier

Google Talk Plugin

Google Update Helper

Intel® Graphics Media Accelerator Driver

iWisoft Flash SWF to Video Converter 3.5

Java 7 Update 25

Java Auto Updater

Jing

Logitech Vid HD

Logitech Webcam Software

LogMeIn

Malwarebytes Anti-Malware version 1.75.0.1300

McAfee Security Scan Plus

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Security Client

Microsoft Security Essentials

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Mozilla Firefox 20.0.1 (x86 en-US)

Mozilla Maintenance Service

Online Armor 6.0

Pazera Free 3GP to AVI Converter 1.5

PdaNet+ for Android 4.12

PDF Settings

PHP protect

Pika Bot

QuickTime

Safari

Security Task Manager 1.8g

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition

Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition

Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

Skype Click to Call

Skype™ 5.10

Sonic Foundry ACID 4.0

Spybot - Search & Destroy

SUPERAntiSpyware

Tether

TrojanHunter 5.5

UnHackMe 5.99 release

Unity Web Player

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2836939)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

Winamp

Winamp Detector Plug-in

Windows Media Player Firefox Plugin

Yahoo! Messenger

Yahoo! Software Update

Yahoo! Toolbar

Zend Guard - 5.5.0
Link to post
Share on other sites

Step 1

I see you are running Teatimer.

I suggest you to disable it because it can interfere with the changes you'll make on your system.

When everything is done and your log is clean again, you can enable it again.

If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

How to disable TeaTimer <== click me for instructions.

After you disabled Teatimer, download ResetTeaTimer.exe to your desktop.

Then run ResetTeaTimer.exe.

This will only take a few seconds.

Step 2

I notice that you are using more than one antivirus program.

  • avast! Free Antivirus
  • Microsoft Security Essentials
This is very dangerous, as multiple Antivirus programs can interfere with one another and actually allow more viruses to get through. It is important that only one antivirus program is running realtime protection. Please uninstall one of them and reboot your PC.

Let me know how are things now.

Link to post
Share on other sites

ok have updated defender... decided not reinstall went with open source. seems to be functioning, but got a freeze the other day and internet connection seems to be intermittent. i am also tethered to droid for internet... is it possible i could have downloaded an app that has infected the phone and the phone is passing the infection into the computer.. i ran avg on the phone and seems cleared...

Link to post
Share on other sites

reran combofix and still finding and quartines the following

 

c:\users\Your\AppData\Local\Temp\_MEI24602\_ctypes.pyd
c:\users\Your\AppData\Local\Temp\_MEI24602\_elementtree.pyd
c:\users\Your\AppData\Local\Temp\_MEI24602\_hashlib.pyd
c:\users\Your\AppData\Local\Temp\_MEI24602\_multiprocessing.pyd
c:\users\Your\AppData\Local\Temp\_MEI24602\_socket.pyd
c:\users\Your\AppData\Local\Temp\_MEI24602\_ssl.pyd
c:\users\Your\AppData\Local\temp\_MEI24602\msvcp100.dll
c:\users\Your\AppData\Local\Temp\_MEI24602\msvcr100.dll
c:\users\Your\AppData\Local\Temp\_MEI24602\pyexpat.pyd
c:\users\Your\AppData\Local\Temp\_MEI24602\pysqlite2._sqlite.pyd
c:\users\Your\AppData\Local\Temp\_MEI24602\python27.dll
c:\users\Your\AppData\Local\temp\_MEI24602\pythoncom27.dll
c:\users\Your\AppData\Local\Temp\_MEI24602\PyWinTypes27.dll
c:\users\Your\AppData\Local\Temp\_MEI24602\select.pyd
c:\users\Your\AppData\Local\temp\_MEI24602\unicodedata.pyd
c:\users\Your\AppData\Local\Temp\_MEI24602\win32api.pyd
c:\users\Your\AppData\Local\Temp\_MEI24602\win32com.shell.shell.pyd
c:\users\Your\AppData\Local\Temp\_MEI24602\win32crypt.pyd
c:\users\Your\AppData\Local\temp\_MEI24602\win32event.pyd
c:\users\Your\AppData\Local\Temp\_MEI24602\win32file.pyd
c:\users\Your\AppData\Local\Temp\_MEI24602\win32inet.pyd
c:\users\Your\AppData\Local\temp\_MEI24602\win32pdh.pyd
c:\users\Your\AppData\Local\Temp\_MEI24602\win32process.pyd
c:\users\Your\AppData\Local\Temp\_MEI24602\win32profile.pyd
c:\users\Your\AppData\Local\Temp\_MEI24602\win32security.pyd
c:\users\Your\AppData\Local\Temp\_MEI24602\win32ts.pyd
c:\users\Your\AppData\Local\temp\_MEI24602\windows._cacheinvalidation.pyd
c:\users\Your\AppData\Local\Temp\_MEI24602\wx._controls_.pyd
c:\users\Your\AppData\Local\Temp\_MEI24602\wx._core_.pyd
c:\users\Your\AppData\Local\Temp\_MEI24602\wx._gdi_.pyd
c:\users\Your\AppData\Local\Temp\_MEI24602\wx._html2.pyd
c:\users\Your\AppData\Local\Temp\_MEI24602\wx._misc_.pyd
c:\users\Your\AppData\Local\Temp\_MEI24602\wx._windows_.pyd
c:\users\Your\AppData\Local\temp\_MEI24602\wx._wizard.pyd
c:\users\Your\AppData\Local\temp\_MEI24602\wxbase294u_net_vc90.dll
c:\users\Your\AppData\Local\temp\_MEI24602\wxbase294u_vc90.dll
c:\users\Your\AppData\Local\Temp\_MEI24602\wxmsw294u_adv_vc90.dll
c:\users\Your\AppData\Local\temp\_MEI24602\wxmsw294u_core_vc90.dll
c:\users\Your\AppData\Local\temp\_MEI24602\wxmsw294u_html_vc90.dll
c:\users\Your\AppData\Local\Temp\_MEI24602\wxmsw294u_webview_vc90.dll
Link to post
Share on other sites

not sure about that one... i dont have anything that is using python language....  can u direct me to the software that uses these files, also as stated i use my phone for tethering and have noticed screen shots showing up under my images on my phone... i believe that this may be a keylogger of some nature...

Link to post
Share on other sites

There is no way to choose which of your programs using Pithon, because I have to install them all one by one and check them. If you do not believe me that they are legitimate, do some research into Google and you will find out.

There is no chance keylogger to be transfered from your smartphone to your PC. You should transfer it manually and to run in your PC.

Link to post
Share on other sites

Thank you! :)

One last additional scan:

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.