Jump to content

rootkit.win32.backboot.gen, need help in removing

FonceAigle
 Share

Recommended Posts

FonceAigle

FonceAigle

Posted
Posted
DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK

Internet Explorer: 8.0.6001.19088

Run by FonceAigle at 13:07:44 on 2013-08-28

Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.1.1033.18.6142.4911 [GMT -5:00]

.

AV: Panda Cloud Antivirus *Enabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}

AV: Norton Internet Security *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

SP: Panda Cloud Antivirus *Enabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

FW: Cloud Antivirus Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\explorer.exe

C:\Users\FonceAigle\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\FonceAigle\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\FonceAigle\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Orbitdownloader\orbitdm.exe

C:\Program Files (x86)\Orbitdownloader\orbitnet.exe

C:\Users\FonceAigle\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\FonceAigle\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uURLSearchHooks: Panda Security Toolbar: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll

mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo2.dll

BHO: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll

BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\IPSBHO.dll

BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - <orphaned>

BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll

BHO: Panda Security Toolbar: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll

BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo2.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll

TB: uTorrentBar Toolbar: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files (x86)\uTorrentBar\prxtbuTo2.dll

TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll

TB: Grab Pro: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll

TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo2.dll

TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll

TB: Grab Pro: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll

TB: Panda Security Toolbar: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

uRun: [HP Officejet Pro 8600 (NET)] "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN2BEBWJCD05KD:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1

mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe

mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe

mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe

mRun: [ADSMTray] "C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe"

mRun: [DirectConsole2] C:\Program Files (x86)\ASUS\Direct Console\Direct Console.exe

mRun: [Turbo Gear Help] "C:\Program Files\ASUS\Turbo Gear\GearHelp.exe"

mRun: [Turbo Gear] "C:\Program Files\ASUS\Turbo Gear\TurboGear.exe" -r

mRun: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

mRun: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe

mRun: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe

mRun: [HPUsageTracking] "C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT\"

mRun: [TRUUpdater] "C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe" /bkground

mRun: [WatcherHelper] "C:\Program Files (x86)\Sierra Wireless Inc\3G Watcher\WaHelper.exe"

mRun: [Panda Security URL Filtering] "C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe"

mRun: [WinPatrol] "C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe" -expressboot

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot

mRun: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" /LaunchSysTray

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"

mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

StartupFolder: C:\Users\FONCEA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\FonceAigle\AppData\Roaming\Dropbox\bin\Dropbox.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:255

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204

IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200

IE: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm













TCP: NameServer = 192.168.1.254

TCP: Interfaces\{0418B6E6-876E-4B30-9143-5844C83F76F6} : DHCPNameServer = 204.117.214.10 199.2.252.10

TCP: Interfaces\{74D279C6-87DE-481E-9615-930F2CB89285} : DHCPNameServer = 204.117.214.10 199.2.252.10

TCP: Interfaces\{B5F2DF38-835D-4FBC-AEA6-7BBE569293CA} : DHCPNameServer = 192.168.1.254

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.4.0\ViProtocol.dll

Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll

SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll

STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll

SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL

LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg

x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg64.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

x64-Run: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe

x64-Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup

x64-mPolicies-Explorer: NoDrives = dword:0

x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

x64-mPolicies-System: ConsentPromptBehaviorUser = dword:3

x64-mPolicies-System: EnableLUA = dword:0

x64-mPolicies-System: EnableUIADesktopToggle = dword:0





x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - LocalServer32 - <no file>

x64-Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - <orphaned>

x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>

x64-SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll

x64-STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll

.

============= SERVICES / DRIVERS ===============

.

R0 lullaby;lullaby;C:\Windows\System32\drivers\lullaby.sys [2010-6-12 16440]

R0 PsBoot;Panda boot driver;C:\Windows\System32\drivers\PsBoot.sys [2013-8-28 37128]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1008000.029\SymEFA64.sys [2010-7-5 402992]

R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-6-29 45856]

R1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;C:\Windows\System32\drivers\NNSNAHSL.sys [2012-6-27 33320]

R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2010-6-12 60928]

S1 BHDrvx64;Symantec Heuristics Driver;C:\Windows\System32\drivers\NISx64\1008000.029\BHDrvx64.sys [2010-7-5 334384]

S1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\NISx64\1008000.029\cchpx64.sys [2010-7-5 583296]

S1 EIO64;EIO Driver;C:\Windows\System32\drivers\EIO64.sys [2010-6-12 15872]

S1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100930.005\IDSviA64.sys [2010-10-1 463408]

S1 NNSALPC;NNSAlpc;C:\Windows\System32\drivers\NNSAlpc.sys [2012-6-27 89128]

S1 NNSHTTP;NNSHttp;C:\Windows\System32\drivers\NNSHttp.sys [2012-6-27 116776]

S1 NNSIDS;NNSids;C:\Windows\System32\drivers\NNSIds.sys [2012-6-27 113192]

S1 NNSPICC;NNSPicc;C:\Windows\System32\drivers\NNSpicc.sys [2012-6-27 93224]

S1 NNSPOP3;NNSPop3;C:\Windows\System32\drivers\NNSPop3.sys [2012-6-27 116776]

S1 NNSPROT;NNSProt;C:\Windows\System32\drivers\NNSProt.sys [2012-6-27 304680]

S1 NNSPRV;NNSPrv;C:\Windows\System32\drivers\NNSPrv.sys [2012-6-27 109096]

S1 NNSSMTP;NNSSmtp;C:\Windows\System32\drivers\NNSSmtp.sys [2012-6-27 112680]

S1 NNSSTRM;NNSStrm;C:\Windows\System32\drivers\NNSStrm.sys [2012-7-12 219688]

S1 NNSTLSC;NNSTlsc;C:\Windows\System32\drivers\NNStlsc.sys [2012-6-27 105000]

S1 PSINKNC;PSINKnc;C:\Windows\System32\drivers\PSINKNC.sys [2012-8-26 205352]

S1 SASDIFSV;SASDIFSV;C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [2010-1-5 12872]

S1 SASKUTIL;SASKUTIL;C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS [2010-1-5 67656]

S1 Spyshelter;Spyshelter;C:\Program Files (x86)\SpyShelter Premium\SpyShelter.sys [2012-1-20 216888]

S2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2010-6-12 14904]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

S2 HTCMonitorService;HTCMonitorService;C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [2012-10-26 87368]

S2 NanoServiceMain;Panda Cloud Antivirus Service;C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2012-8-26 140064]

S2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-10-8 166912]

S2 PSINAflt;PSINAflt;C:\Windows\System32\drivers\PSINAflt.sys [2012-8-26 168488]

S2 PSINFile;PSINFile;C:\Windows\System32\drivers\PSINFile.sys [2012-8-26 120872]

S2 PSINProc;PSINProc;C:\Windows\System32\drivers\PSINProc.sys [2012-8-26 124456]

S2 PSINProt;PSINProt;C:\Windows\System32\drivers\PSINProt.sys [2012-8-26 130088]

S2 PSUAService;Panda Product Service;C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe [2012-8-26 36640]

S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

S2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [2013-8-15 1643184]

S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\System32\drivers\motfilt.sys [2009-1-29 6144]

S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;C:\Windows\System32\drivers\BVRPMPR5a64.SYS [2012-1-1 35840]

S3 cbfs3;EldoS Callback File System driver v3;C:\Windows\System32\drivers\cbfs3.sys [2013-1-4 352144]

S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2010-6-25 36928]

S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\System32\drivers\motoandroid.sys [2009-7-10 31744]

S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\System32\drivers\motccgp.sys [2012-6-11 22016]

S3 motccgpfl;MotCcgpFlService;C:\Windows\System32\drivers\motccgpfl.sys [2012-1-25 9728]

S3 MotDev;Motorola Inc. USB Device;C:\Windows\System32\drivers\motodrv.sys [2009-5-8 53632]

S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\System32\drivers\Motousbnet.sys [2012-6-8 27136]

S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]

S3 PSKMAD;PSKMAD;C:\Windows\System32\drivers\PSKMAD.sys [2013-8-21 57928]

S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2011-8-25 31800]

S3 SASENUM;SASENUM;C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [2010-1-5 12872]

S3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]

S3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]

S3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]

S3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]

S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

S3 SWNC8U56;Sierra Wireless MUX NDIS Driver (UMTS56);C:\Windows\System32\drivers\swnc8u56.sys [2009-8-12 235008]

S3 SWNC8U90;Sierra Wireless MUX NDIS Driver (UMTS90);C:\Windows\System32\drivers\swnc8u90.sys [2009-8-12 235008]

S3 SWUMX56;Sierra Wireless USB MUX Driver (UMTS56);C:\Windows\System32\drivers\swumx56.sys [2009-7-22 199552]

S3 SWUMX90;Sierra Wireless USB MUX Driver (UMTS90);C:\Windows\System32\drivers\swumx90.sys [2009-7-22 199552]

S3 SYMNDISV;Symantec Network Filter Driver;C:\Windows\System32\drivers\NISx64\1008000.029\symndisv.sys [2010-7-5 56880]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]

S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk60x64.sys [2006-11-2 273408]

S4 BackupStack;Computer Backup (MyPC Backup);C:\Program Files (x86)\MyPC Backup\BackupStack.exe [2013-5-31 32808]

S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-6-13 93184]

S4 Giraffic;Veoh Giraffic Video Accelerator;C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service --> C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe --service [?]

S4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-6-27 2369960]

S4 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2011-2-10 517632]

S4 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-7-13 116632]

S4 NNSPIHSW;NNSPihsw;C:\Windows\System32\drivers\NNSPihsw.sys [2012-6-27 68648]

S4 Norton Internet Security;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [2010-7-5 117640]

S4 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2012-7-26 65657]

S4 WBVGAservice;WB VGA Service;C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe [2010-6-12 72248]

.

=============== File Associations ===============

.

FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

.

=============== Created Last 30 ================

.

.

==================== Find3M  ====================

.

2040-01-01 22:08:26 3229943 ----a-w- C:\Program Files (x86)\ACE_64bit_setup.exe

2040-01-01 22:02:54 1024958 ----a-w- C:\Program Files (x86)\jmacro.exe

2013-08-10 15:48:58 45856 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys

2013-08-05 21:10:39 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-08-05 21:10:39 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-06-29 22:00:05 2869264 ----a-w- C:\Program Files (x86)\dotNetFx35setup.exe

2013-03-20 06:05:12 30780592 ----a-w- C:\Program Files (x86)\Dropbox 2.0.0.exe

2013-03-08 01:11:33 1669632 ----a-w- C:\Program Files (x86)\SteamInstall.msi

2013-02-11 23:05:31 5073240 ----a-w- C:\Program Files (x86)\vcredist_x86.exe

2013-01-04 20:21:36 88946664 ----a-w- C:\Program Files (x86)\iTunes64Setup.exe

2012-12-09 00:23:59 110473712 ----a-w- C:\Program Files (x86)\setup_1.1.66.0_htc.exe

2012-12-08 23:48:07 13783568 ----a-w- C:\Program Files (x86)\HTCDriver3.0.0.007.exe

2012-12-08 23:36:04 3765330 ----a-w- C:\Program Files (x86)\siinst.exe

2012-10-30 12:40:26 218176 ----a-w- C:\Program Files (x86)\oi_setup.exe

2012-10-30 02:07:59 924552 ----a-w- C:\Program Files (x86)\PandaCloudAntivirus.exe

2012-10-15 00:35:47 11494690 ----a-w- C:\Program Files (x86)\stone_soup-0.11.0-win32-installer.exe

2012-10-02 06:07:56 591224 ----a-w- C:\Program Files (x86)\UnityWebPlayer.exe

2012-09-22 02:26:16 29024860 ----a-w- C:\Program Files (x86)\Foldit-win_x86.exe

2012-09-08 17:37:42 6480958 ----a-w- C:\Program Files (x86)\DesktopDungeons_v021.exe

2012-08-29 17:51:45 9597502 ----a-w- C:\Program Files (x86)\stone_soup-0.10.3-win32-installer.exe

2012-07-31 03:08:32 514864 ----a-w- C:\Program Files (x86)\IE9-WindowsVista-x64-enu.exe

2012-07-27 04:36:31 5145088 ----a-w- C:\Program Files (x86)\unetbootin-windows-578.exe

2012-07-26 22:01:36 740088 ----a-w- C:\Program Files (x86)\googledrivesync.exe

2012-07-19 05:38:52 2443264 ----a-w- C:\Program Files (x86)\Motorola_End_User_Driver_Installation_5.2.0_64bit.msi

2012-06-14 22:48:29 1762304 ----a-w- C:\Program Files (x86)\inSSIDer-Installer-2.1.1.13.msi

2012-05-08 20:56:32 2288128 ----a-w- C:\Program Files (x86)\LeagueofLegends.exe

2012-05-02 15:08:46 28102411 ----a-w- C:\Program Files (x86)\Pokemon-Online-Setup.exe

2012-03-16 13:01:18 910112 ----a-w- C:\Program Files (x86)\jre-6u31-windows-i586-iftw.exe

2012-03-08 05:42:27 463080 ----a-w- C:\Program Files (x86)\cnet2_wincron_zip.exe

2012-02-14 23:59:04 21449608 ----a-w- C:\Program Files (x86)\jre-7u2-windows-x64.exe

2012-02-14 23:54:19 84132744 ----a-w- C:\Program Files (x86)\jdk-7u1-windows-x64.exe

2012-01-21 04:53:13 5825056 ----a-w- C:\Program Files (x86)\setup.exe

2012-01-21 04:44:04 834632 ----a-w- C:\Program Files (x86)\wpsetup.exe

2012-01-21 04:37:10 5537328 ----a-w- C:\Program Files (x86)\setupfree.exe

2012-01-01 21:23:15 6404704 ----a-w- C:\Program Files (x86)\Total-Uninstall-Setup-5.9.1.exe

2011-11-20 23:50:46 462230 ----a-w- C:\Program Files (x86)\PlugY_The_Survival_Kit_v10.00.exe

2011-11-03 14:27:54 1690718 ----a-w- C:\Program Files (x86)\wssetup.exe

2011-10-20 04:55:33 684288 ----a-w- C:\Program Files (x86)\RealPlayer.exe

2011-09-22 03:51:27 3001411 ----a-w- C:\Program Files (x86)\px5advancedsoundeditorsetup.exe

2011-09-20 16:51:53 4380272 ----a-w- C:\Program Files (x86)\OrbitSetup4.1.02.exe

2011-09-20 16:36:22 454120 ----a-w- C:\Program Files (x86)\cnet_avc-free_exe.exe

2011-09-20 16:23:12 13396220 ----a-w- C:\Program Files (x86)\VDownloaderSetup.exe

2011-09-19 01:40:47 3480352 ----a-w- C:\Program Files (x86)\ccsetup310.exe

2011-09-19 00:55:57 8309468 ----a-w- C:\Program Files (x86)\ContentCleaner(Demo_Vista)Setup.exe

2011-09-11 03:56:40 10165440 ----a-w- C:\Program Files (x86)\mseinstall.exe

2011-09-04 17:03:59 2080797 ----a-w- C:\Program Files (x86)\setup Project64 1.6.exe

2011-08-30 22:55:48 7735 ----a-w- C:\Program Files (x86)\CambridgeSoft_ChemDraw_McGraw-Hill_12.0.msi

2011-08-25 22:35:20 1674560 ----a-w- C:\Program Files (x86)\WRCFree.exe

2011-08-25 22:34:00 1940656 ----a-w- C:\Program Files (x86)\RegCureSetup_RW.exe

2011-08-25 22:29:37 7812840 ----a-w- C:\Program Files (x86)\RevoUninProSetup.exe

2011-07-12 18:50:28 889416 ----a-w- C:\Program Files (x86)\dotNetFx40_Full_setup.exe

2011-07-12 18:37:18 34939904 ----a-w- C:\Program Files (x86)\NETCFSetupv35.msi

2011-07-12 17:45:19 50449456 ----a-w- C:\Program Files (x86)\dotNetFx40_Full_x86_x64.exe

2011-07-02 19:28:49 16920864 ----a-w- C:\Program Files (x86)\jre-6u26-windows-x64.exe

2011-07-02 19:28:09 70699288 ----a-w- C:\Program Files (x86)\jdk-6u26-windows-x64.exe

2011-07-02 00:36:31 900384 ----a-w- C:\Program Files (x86)\jre-6u26-windows-i586-iftw.exe

2011-06-20 01:12:55 292184 ----a-w- C:\Program Files (x86)\dxwebsetup.exe

2011-06-16 22:04:42 21022914 ----a-w- C:\Program Files (x86)\vlc-1.1.10-win32.exe

2011-06-16 21:41:46 4494354 ----a-w- C:\Program Files (x86)\SwiffPlayerSetup172.exe

2011-06-13 04:12:36 1554552 ----a-w- C:\Program Files (x86)\epicbot_520.exe

2011-06-01 23:03:42 3184099 ----a-w- C:\Program Files (x86)\DesktopDungeons.exe

2011-05-20 18:51:39 9130812 ----a-w- C:\Program Files (x86)\stone_soup-0.8.0-win32-installer.exe

2011-04-22 07:22:00 1683456 ----a-w- C:\Program Files (x86)\AxCrypt-1.7.2126.0-x64-en-US.msi

2011-03-16 23:52:44 807424 ----a-w- C:\Program Files (x86)\MicrosoftFixit50154.msi

2011-03-13 17:03:11 516750157 ----a-w- C:\Program Files (x86)\Setup3.exe

2011-03-11 00:34:25 542673408 ----a-w- C:\Program Files (x86)\Dune 2000.msi

2011-03-10 23:46:50 32005504 ----a-w- C:\Program Files (x86)\setup2.exe

2011-02-05 21:27:56 367950 ----a-w- C:\Program Files (x86)\Brothersoftdownloader_for_Diablo_II.exe

2010-12-10 18:11:36 1611432 ----a-w- C:\Program Files (x86)\reginout_setup.exe

2010-09-27 20:58:57 155184736 ----a-w- C:\Program Files (x86)\OOo_3.2.1_Win_x86_install-wJRE_en-US.exe

2010-09-26 18:06:26 472064 ----a-w- C:\Program Files (x86)\tatertot.scr.exe

2010-09-26 18:04:27 50688 ----a-w- C:\Program Files (x86)\ATF-Cleaner.exe

2010-09-26 17:14:33 7520288 ----a-w- C:\Program Files (x86)\SUPERAntiSpyware4.33.exe

2010-09-26 17:11:00 293376 ----a-w- C:\Program Files (x86)\7tud1t5w.exe

2010-09-26 17:06:58 133582520 ----a-w- C:\Program Files (x86)\Ad-AwareInstall.exe

2010-09-26 15:57:26 6153352 ----a-w- C:\Program Files (x86)\mbam-setup-1.46.exe

2010-08-16 06:06:38 1531593 ----a-w- C:\Program Files (x86)\winrar-x64-393.exe

2010-08-15 21:40:23 231424 ----a-w- C:\Program Files (x86)\autoclicker.exe

2010-08-15 20:35:08 875296 ----a-w- C:\Program Files (x86)\jre-6u21-windows-i586-iftw-rv.exe

2010-08-15 06:13:48 86016 ----a-w- C:\Program Files (x86)\RecKeyll.dll

2010-08-15 06:13:48 425984 ----a-w- C:\Program Files (x86)\RecKey.exe

2010-08-15 06:13:48 335872 ----a-w- C:\Program Files (x86)\RecKeyhh.exe

2010-08-03 23:06:38 4660350 ----a-w- C:\Program Files (x86)\CheatEngine561.exe

2010-08-02 01:34:22 53248 ----a-w- C:\Program Files (x86)\PlugY.exe

2010-08-02 00:44:26 73728 ----a-w- C:\Program Files (x86)\RestoreD2gfxDll.exe

2010-08-02 00:44:08 77824 ----a-w- C:\Program Files (x86)\PatchD2gfxDll.exe

2010-08-02 00:12:18 253952 ----a-w- C:\Program Files (x86)\PlugY.dll

2010-07-24 22:58:31 997744 ----a-w- C:\Program Files (x86)\SkypeSetup.exe

2010-07-23 19:13:18 25492336 ----a-w- C:\Program Files (x86)\IE8-WindowsVista-x64-ENU.exe

2010-07-23 19:11:53 13944160 ----a-w- C:\Program Files (x86)\IE8-WindowsVista-x86-ENU.exe

2010-06-15 22:37:36 3366312 ----a-w- C:\Program Files (x86)\ventrilo-3.0.5-Windows-x64.exe

2010-06-15 17:27:08 4614113 ----a-w- C:\Program Files (x86)\SetupImgBurn_2.5.1.0.exe

2010-06-15 16:49:29 322352 ----a-w- C:\Program Files (x86)\utorrent.exe

2009-04-23 02:35:10 2364416 ----a-w- C:\Program Files (x86)\Ventrilo.exe

2009-04-08 17:31:56 106496 ----a-w- C:\Program Files (x86)\Common Files\CPInstallAction.dll

2008-08-05 15:45:54 8245760 ----a-w- C:\Program Files (x86)\Content Cleaner.msi

.

============= FINISH: 13:08:02.51 ===============

 

attach.txt

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Welcome to the forum.

Please uninstall these from your add/remove programs:

Orbit Downloader
DAEMON Tools Toolbar

----------------------------

I also recommend you uninstall these also:

Panda Security Toolbar
http://www.systemlookup.com/CLSID/71599-PandaSecurityDx_dll.html

uTorrentBar Toolbar
http://www.systemlookup.com/CLSID/71935-tbuTor_dll_tbuTo0_dll_tbuTo1_dll_tbuTo2_dll_prxtbuTor_dll_prxtbuTo0_dll_prxtbuTo1_dll_prxtbuTo2_dll_prxtbuTo3_dll.html

Google Toolbar Notifier
http://www.systemlookup.com/CLSID/4092-swg_dll_swg64_dll.html

AVG Secure Search
http://www.systemlookup.com/O18/268-ViProtocol_dll.html

----------------------------------------

Then.........

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes)

P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
2. If you have illegal/cracked software, cracks, keygens, Adobe host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.
Failure to remove such software will result in your topic being closed and no further assistance being provided.


MrC


Note:
Please read all of my instructions completely including these.

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly


Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive


<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.


<+>The removal of malware isn't instantaneous, please be patient.


<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs


<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.


------->Your topic will be closed if you haven't replied within 3 days!<--------
(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites
FonceAigle

FonceAigle

Posted
  • Author
Posted
RogueKiller V8.6.7 _x64_ [Aug 28 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com




 

Operating System : Windows Vista (6.0.6001 Service Pack 1) 64 bits version

Started in : Normal mode

User : FonceAigle [Admin rights]

Mode : Scan -- Date : 08/28/2013 15:02:34

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 7 ¤¤¤

[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\[...]\Run : ASUS Camera ScreenSaver (C:\Windows\AsScrProlog.exe [7]) -> FOUND

[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ POL] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : EnableLUA (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Scheduled tasks : 0 ¤¤¤

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection :  ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

127.0.0.1       localhost

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: ST9500325AS +++++

--- User ---

[MBR] 758bce03991e35a97a1d093ee8ef88de

[bSP] 68a9a69bc00139773c4fa2984750dba9 : Windows Vista/7/8 MBR Code

Partition table:

0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 63 | Size: 12001 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 24579450 | Size: 464937 Mo

User != LL1 ... KO!

--- LL1 ---

[MBR] 6e9ead160f30d713cd28a3da8954ff43

[bSP] cf5ab98ea58a897337275d59ccbf1fad : Windows Vista/7/8 MBR Code

Partition table:

0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 63 | Size: 12001 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 24579450 | Size: 464937 Mo

User != LL2 ... KO!

--- LL2 ---

[MBR] 6e9ead160f30d713cd28a3da8954ff43

[bSP] cf5ab98ea58a897337275d59ccbf1fad : Windows Vista/7/8 MBR Code

Partition table:

0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 63 | Size: 12001 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 24579450 | Size: 464937 Mo

 

Finished : << RKreport[0]_S_08282013_150234.txt >>

 

 

 

 

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Not much showing....lets run some scans:

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt
To attach a log if needed:

Bottom right corner of this page.

more-reply-options.jpg

New window that comes up.

choose-files1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that they are now functioning normally.

MrC

Link to post
Share on other sites
FonceAigle

FonceAigle

Posted
  • Author
Posted

Internet access, Windows Update, and Windows Firewall are all operational. The problem seems to be resolved, though I do not know if remnants of the virus still exist. Thank you for your precious time. If I had known it would have been this simple to be rid of, then I would have never bothered you, sorry.

mbar-log-2013-08-28 (15-33-31).txt

system-log.txt

mbar-log-2013-08-28 (16-41-34).txt

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

You were right, you had a rootkit.

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites
FonceAigle

FonceAigle

Posted
  • Author
Posted

Results of screen317's Security Check version 0.99.73  

 Windows Vista Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 8 Out of date! 
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
Panda Cloud Antivirus      
Norton Internet Security   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Super Winspy v4.0   
 SUPERAntiSpyware Free Edition   
 Sophos Anti-Rootkit 1.5.20   
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Wise Registry Cleaner 6.14  
 Java 6 Update 35  
 Java version out of Date! 
 Adobe Reader 10.1.7 Adobe Reader out of Date!  
 Google Chrome 28.0.1500.72  
 Google Chrome 28.0.1500.95  
 Google Chrome 29.0.1547.57  
 Google Chrome Plugins...  
````````Process Check: objlist.exe by Laurent````````  
 WinPatrol winpatrol.exe 
 Panda Security Panda Cloud Antivirus PSUAService.exe  
 Panda Security Panda Cloud Antivirus PSANHost.exe  
 Panda Security Panda Cloud Antivirus PSUAMain.exe  
 BillP Studios WinPatrol WinPatrol.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 2 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 
 
Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Out dated programs on the system are vulnerable to malware.
Please update or uninstall them:

--------------------------------------

Windows Vista Service Pack 1 x64 (UAC is disabled!)
Out of date service pack!! <----please check Windows Update for this
Internet Explorer 8 Out of date! <----please check Windows Update for this

-------------------------------------------

Java™ 6 Update 35 <------please uninstall from your add/remove programs
Java version out of Date! <-------Download and install the latest version (Java™ 7 Update 25) from Here. Uncheck the box to install the Ask toolbar!!! and any other free "stuff".

------------------------------------

Adobe Reader 10.1.7 Adobe Reader out of Date! <---please check for an update if available or uninstall and download and install Foxit Reader which is less vulnerable to malware and much better than Adobe. Don't install any toolbars that may come with it (ASK Toolbar).

---------------------------------

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

If you used FRST:
Download the fixlist.txt to the same folder as FRST.
Run FRST and click Fix only once and wait
That will delete the quarantine folder created by FRST.

-----------------------------

If you used DeFogger to disable your CD Emulation drivers, please re-enable them.

-------------------------------

Please download OTC to your desktop.
http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")
Click on the CleanUp! button and follow the prompts.
(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)
You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete.
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.