Jump to content

Infected with WMP x264 codec pack virus


Recommended Posts

Hello i'm totally screwed with this virus. I did https://forums.malwarebytes.org/index.php?showtopic=9573 until asking for help also i saw the post

 https://forums.malwarebytes.org/index.php?showtopic=139121&hl=%2Bx264+%2Bcodec+%2Bpack+%2Bvirus#entry776006

and did the Farbar run and i have all the data. Please help my computer is almost useless...

Link to post
Share on other sites

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
Please post up the logs from FRST.
 
Also, do the following:
 
 
Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )

    [*]Leave everything else as it is. [*]Close all other running programs as well as your Browser. [*]Click the Scan button & wait for it to finish. [*]Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. [*]Save it where you can easily find it, such as your desktop. [*]Please post the content of the ark.txt here.


**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Link to post
Share on other sites

Hello Marius thank you for helping me,

 

As you've asked, the logs from FRST (i'm still running the Gmer):

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-02-2014 01
Ran by Camilo (administrator) on SPOT on 11-02-2014 11:05:29
Running from C:\Users\Camilo\Desktop
Windows 8 Enterprise (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version:
Download link for 64-Bit Version:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Wacom Technology, Corp.) C:\Program Files\WTouch\WTouchService.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Wacom Technology, Corp.) C:\Windows\system32\Pen_Tablet.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Wacom Technology, Corp.) C:\Windows\system32\WTablet\Pen_TabletUser.exe
(Wacom Technology, Corp.) C:\Windows\system32\Pen_Tablet.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Safer Networking Limited) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Dropbox, Inc.) C:\Users\Camilo\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Wacom Technology, Corp.) C:\Program Files\WTouch\WTouchUser.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
() C:\Users\Camilo\Desktop\0jfg27vb.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [3382680 2011-04-20] (ESET)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [VirtualCloneDrive] - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [switchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2013-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-12-18] (Adobe Systems Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2684815938-1729287829-1981941148-1001\...\Run: [Facebook Update] - C:\Users\Camilo\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-06-24] (Facebook Inc.)
HKU\S-1-5-21-2684815938-1729287829-1981941148-1001\...\Run: [spotify] - C:\Users\Camilo\AppData\Roaming\Spotify\Spotify.exe [6118400 2014-01-16] (Spotify Ltd)
HKU\S-1-5-21-2684815938-1729287829-1981941148-1001\...\Run: [spotify Web Helper] - C:\Users\Camilo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-16] (Spotify Ltd)
HKU\S-1-5-21-2684815938-1729287829-1981941148-1001\...\Run: [skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2684815938-1729287829-1981941148-1001\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [405504 2012-07-25] (Microsoft Corporation)
HKU\S-1-5-21-2684815938-1729287829-1981941148-1001\...\Run: [GoogleChromeAutoLaunch_34755216D581CAD11B8CBEDDCC198B5A] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [866632 2014-02-01] (Google Inc.)
HKU\S-1-5-21-2684815938-1729287829-1981941148-1001\...\Run: [spybotSD TeaTimer] - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-09-05] (NVIDIA Corporation)
Startup: C:\Users\Camilo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Camilo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Camilo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.co.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x116CDF72D514CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es-CO
SearchScopes: HKCU - {6C4B57F7-B7E9-4F5E-A8E8-ADA5DF040624} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2411669&CUI=UN41578265273677161&UM=1
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 200.75.51.132 200.75.51.133
 
Chrome: 
=======
CHR DefaultSearchKeyword: google.com.co
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Extension: (Google Docs) - C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-24]
CHR Extension: (Google Drive) - C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-24]
CHR Extension: (YouTube) - C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-24]
CHR Extension: (Adblock Plus) - C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-06-24]
CHR Extension: (Búsqueda de Google) - C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-24]
CHR Extension: (Cloud Reader) - C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2013-10-08]
CHR Extension: (Ghostery) - C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2013-06-24]
CHR Extension: (Hangouts) - C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2014-01-23]
CHR Extension: (Google Wallet) - C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR Extension: (Gmail) - C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-24]
 
==================== Services (Whitelisted) =================
 
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [958464 2011-04-20] (ESET)
S3 ESHASRV; C:\Program Files\ESET\ESET NOD32 Antivirus\EShaSrv.exe [184512 2011-04-20] (ESET)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-01] (Microsoft Corporation)
R2 WTouchService; C:\Program Files\WTouch\WTouchService.exe [127272 2009-07-15] (Wacom Technology, Corp.)
 
==================== Drivers (Whitelisted) ====================
 
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [5139968 2012-06-02] (Broadcom Corporation)
R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [199992 2011-04-27] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [146432 2011-04-20] (ESET)
R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [130952 2011-04-20] (ESET)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-08-02] (Windows ® Win 7 DDK provider)
U3 uxloypow; \??\C:\Users\Camilo\AppData\Local\Temp\uxloypow.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-02-11 10:59 - 2014-02-11 10:59 - 00380416 _____ () C:\Users\Camilo\Desktop\0jfg27vb.exe
2014-02-11 00:34 - 2014-02-11 09:54 - 00017143 _____ () C:\Users\Camilo\Desktop\dds.txt
2014-02-11 00:34 - 2014-02-11 09:54 - 00004323 _____ () C:\Users\Camilo\Desktop\attach.txt
2014-02-11 00:32 - 2014-02-11 00:32 - 00001124 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-11 00:32 - 2014-02-11 00:32 - 00000000 ____D () C:\Users\Camilo\AppData\Roaming\Malwarebytes
2014-02-11 00:32 - 2014-02-11 00:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-11 00:32 - 2014-02-11 00:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-11 00:32 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-11 00:27 - 2014-02-11 00:32 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-02-11 00:27 - 2014-02-11 00:27 - 00001273 _____ () C:\Users\Camilo\Desktop\Spybot - Search & Destroy.lnk
2014-02-11 00:27 - 2014-02-11 00:27 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-02-11 00:26 - 2014-02-11 00:27 - 00688992 ____R (Swearware) C:\Users\Camilo\Desktop\dds.scr
2014-02-11 00:26 - 2014-02-11 00:27 - 00688992 _____ (Swearware) C:\Users\Camilo\Desktop\dds.com
2014-02-11 00:25 - 2014-02-11 00:27 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Camilo\Desktop\mbam-setup-1.75.0.1300.exe
2014-02-11 00:21 - 2014-02-11 00:23 - 16409960 _____ (Safer Networking Limited ) C:\Users\Camilo\Desktop\spybotsd162.exe
2014-02-11 00:05 - 2014-02-11 00:09 - 00000000 ____D () C:\AdwCleaner
2014-02-11 00:05 - 2014-02-11 00:05 - 01166132 _____ () C:\Users\Camilo\Desktop\adwcleaner.exe
2014-02-11 00:00 - 2014-02-11 10:01 - 00025726 _____ () C:\Users\Camilo\Desktop\Addition.txt
2014-02-10 23:58 - 2014-02-11 11:05 - 00014534 _____ () C:\Users\Camilo\Desktop\FRST.txt
2014-02-10 23:58 - 2014-02-11 11:04 - 00000000 ____D () C:\FRST
2014-02-10 23:42 - 2014-02-10 23:42 - 02347384 _____ (ESET) C:\Users\Camilo\Desktop\esetsmartinstaller_enu.exe
2014-02-10 23:40 - 2014-02-10 23:40 - 02151424 _____ (Farbar) C:\Users\Camilo\Desktop\FRST64.exe
2014-02-10 23:34 - 2014-02-10 23:34 - 00003376 _____ () C:\Windows\System32\Tasks\BackgroundContainer Startup Task
2014-02-10 20:15 - 2013-08-10 00:21 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2014-02-10 20:15 - 2013-08-09 22:58 - 00356352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2014-02-10 20:15 - 2013-08-02 01:28 - 19758080 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-02-10 20:15 - 2013-08-02 01:28 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2014-02-10 20:15 - 2013-08-02 00:08 - 17561088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-02-10 20:15 - 2013-08-01 05:41 - 02233688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-02-10 20:15 - 2013-07-24 18:06 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\mbsmsapi.dll
2014-02-10 20:15 - 2013-07-13 01:15 - 00459776 _____ (Microsoft Corporation) C:\Windows\system32\appmgr.dll
2014-02-10 20:15 - 2013-07-12 23:23 - 00366592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appmgr.dll
2014-02-10 20:15 - 2013-04-09 18:17 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2014-02-10 20:15 - 2013-04-09 17:29 - 00893952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2014-02-10 20:14 - 2013-08-10 00:21 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncInfo.dll
2014-02-10 20:14 - 2013-08-02 00:08 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2014-02-10 20:14 - 2013-07-24 18:10 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mbsmsapi.dll
2014-02-10 20:14 - 2013-03-02 03:23 - 00100864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncInfo.dll
2014-02-10 14:17 - 2014-02-10 15:14 - 00000000 ____D () C:\Users\Camilo\Desktop\Software de prospectiva
2014-02-10 11:13 - 2013-08-03 01:40 - 01374208 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2014-02-10 11:13 - 2013-08-03 01:40 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2014-02-10 11:13 - 2013-08-03 01:40 - 00462336 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2014-02-10 11:13 - 2013-08-03 00:14 - 00399360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2014-02-10 11:13 - 2013-08-03 00:13 - 01245696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2014-02-10 11:13 - 2013-08-03 00:13 - 00437248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2014-02-10 09:19 - 2013-10-25 01:19 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-10 09:19 - 2013-10-25 01:19 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-10 09:19 - 2013-10-25 01:19 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-02-10 09:19 - 2013-10-25 01:19 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-10 09:19 - 2013-10-25 01:18 - 19271168 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-10 09:19 - 2013-10-25 01:18 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-10 09:19 - 2013-10-25 01:17 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-10 09:19 - 2013-10-25 01:17 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-10 09:19 - 2013-10-25 01:17 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-10 09:19 - 2013-10-25 01:17 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-10 09:19 - 2013-10-24 23:45 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-10 09:19 - 2013-10-24 23:44 - 14356992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-10 09:19 - 2013-10-24 23:44 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-10 09:19 - 2013-10-24 23:43 - 13761536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-10 09:19 - 2013-10-24 23:43 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-10 09:19 - 2013-10-24 23:43 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-10 09:19 - 2013-10-24 23:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-10 09:19 - 2013-10-24 23:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-01-31 11:19 - 2014-01-31 11:19 - 00000827 _____ () C:\Users\Camilo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\lcsebody.lnk
2014-01-18 10:56 - 2013-10-31 00:56 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2014-01-18 10:56 - 2013-10-31 00:56 - 00758784 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2014-01-18 10:56 - 2013-10-30 23:01 - 00550400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2014-01-18 10:56 - 2013-10-30 22:42 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2014-01-18 10:56 - 2013-10-28 00:50 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-01-18 10:56 - 2013-10-27 23:05 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-01-18 10:56 - 2013-10-13 15:49 - 00100696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2014-01-18 10:56 - 2013-08-27 00:21 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-01-18 10:56 - 2013-08-27 00:19 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-01-18 10:56 - 2013-08-26 17:29 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-01-18 10:56 - 2013-08-26 17:28 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2014-01-18 10:56 - 2012-10-11 00:46 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll
2014-01-18 10:56 - 2012-10-11 00:44 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll
2014-01-18 10:56 - 2012-10-11 00:07 - 00019968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wfapigp.dll
2014-01-16 20:52 - 2014-01-18 10:38 - 00000000 ____D () C:\Windows\softwaredistribution.bak1
2014-01-15 00:05 - 2013-12-07 01:37 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-01-15 00:05 - 2013-12-07 00:15 - 00562688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-01-15 00:04 - 2013-12-07 01:37 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 00:04 - 2013-12-07 00:15 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
 
==================== One Month Modified Files and Folders =======
 
2014-02-11 11:05 - 2014-02-10 23:58 - 00014534 _____ () C:\Users\Camilo\Desktop\FRST.txt
2014-02-11 11:05 - 2014-02-10 23:58 - 00000000 ____D () C:\FRST
2014-02-11 11:00 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\system32\sru
2014-02-11 10:59 - 2014-02-11 10:59 - 00380416 _____ () C:\Users\Camilo\Desktop\0jfg27vb.exe
2014-02-11 10:58 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-02-11 10:11 - 2013-06-24 14:07 - 01561347 _____ () C:\Windows\WindowsUpdate.log
2014-02-11 10:01 - 2014-02-11 00:00 - 00025726 _____ () C:\Users\Camilo\Desktop\Addition.txt
2014-02-11 09:58 - 2013-07-26 20:02 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-11 09:54 - 2014-02-11 00:34 - 00017143 _____ () C:\Users\Camilo\Desktop\dds.txt
2014-02-11 09:54 - 2014-02-11 00:34 - 00004323 _____ () C:\Users\Camilo\Desktop\attach.txt
2014-02-11 09:48 - 2013-06-25 19:43 - 00000000 ___RD () C:\Users\Camilo\Dropbox
2014-02-11 09:48 - 2013-06-25 19:40 - 00000000 ____D () C:\Users\Camilo\AppData\Roaming\Dropbox
2014-02-11 09:47 - 2013-11-20 19:46 - 00000000 ____D () C:\Users\Camilo\AppData\Roaming\WTablet
2014-02-11 09:47 - 2013-06-24 16:02 - 00001042 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-11 09:46 - 2013-06-24 15:35 - 00034042 _____ () C:\Windows\PFRO.log
2014-02-11 09:46 - 2012-07-26 02:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-11 09:36 - 2013-07-24 14:07 - 00000000 ____D () C:\Users\Camilo\AppData\Roaming\Adobe64
2014-02-11 09:28 - 2013-06-24 16:02 - 00001046 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-11 09:19 - 2013-06-24 17:14 - 00000942 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2684815938-1729287829-1981941148-1001UA.job
2014-02-11 03:03 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\rescache
2014-02-11 02:05 - 2013-06-24 20:39 - 00000000 ____D () C:\Users\Camilo\AppData\Local\Adobe
2014-02-11 00:32 - 2014-02-11 00:32 - 00001124 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-11 00:32 - 2014-02-11 00:32 - 00000000 ____D () C:\Users\Camilo\AppData\Roaming\Malwarebytes
2014-02-11 00:32 - 2014-02-11 00:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-11 00:32 - 2014-02-11 00:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-11 00:32 - 2014-02-11 00:27 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-02-11 00:28 - 2013-08-07 15:33 - 00000000 ____D () C:\Program Files (x86)\InstallShield Installation Information
2014-02-11 00:27 - 2014-02-11 00:27 - 00001273 _____ () C:\Users\Camilo\Desktop\Spybot - Search & Destroy.lnk
2014-02-11 00:27 - 2014-02-11 00:27 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-02-11 00:27 - 2014-02-11 00:26 - 00688992 ____R (Swearware) C:\Users\Camilo\Desktop\dds.scr
2014-02-11 00:27 - 2014-02-11 00:26 - 00688992 _____ (Swearware) C:\Users\Camilo\Desktop\dds.com
2014-02-11 00:27 - 2014-02-11 00:25 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Camilo\Desktop\mbam-setup-1.75.0.1300.exe
2014-02-11 00:27 - 2013-10-08 22:09 - 00000000 ____D () C:\Program Files (x86)\eBookConverter
2014-02-11 00:23 - 2014-02-11 00:21 - 16409960 _____ (Safer Networking Limited ) C:\Users\Camilo\Desktop\spybotsd162.exe
2014-02-11 00:09 - 2014-02-11 00:05 - 00000000 ____D () C:\AdwCleaner
2014-02-11 00:05 - 2014-02-11 00:05 - 01166132 _____ () C:\Users\Camilo\Desktop\adwcleaner.exe
2014-02-10 23:42 - 2014-02-10 23:42 - 02347384 _____ (ESET) C:\Users\Camilo\Desktop\esetsmartinstaller_enu.exe
2014-02-10 23:40 - 2014-02-10 23:40 - 02151424 _____ (Farbar) C:\Users\Camilo\Desktop\FRST64.exe
2014-02-10 23:34 - 2014-02-10 23:34 - 00003376 _____ () C:\Windows\System32\Tasks\BackgroundContainer Startup Task
2014-02-10 23:27 - 2013-06-24 14:11 - 00000000 ___RD () C:\Users\Camilo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-10 23:27 - 2013-06-24 14:11 - 00000000 ___RD () C:\Users\Camilo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-02-10 23:26 - 2012-07-26 00:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-02-10 23:25 - 2012-07-26 03:12 - 00000000 ___RD () C:\Windows\ToastData
2014-02-10 23:18 - 2014-01-04 21:54 - 00000000 ____D () C:\Users\Camilo\AppData\Roaming\Azureus
2014-02-10 23:18 - 2013-08-22 20:18 - 00000000 ____D () C:\Users\Camilo\AppData\Roaming\Skype
2014-02-10 23:08 - 2013-07-31 14:13 - 00000000 ____D () C:\Users\Camilo\AppData\Roaming\vlc
2014-02-10 23:05 - 2013-12-17 15:24 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-02-10 23:05 - 2013-12-04 12:04 - 00000000 ____D () C:\Program Files\CCleaner
2014-02-10 23:05 - 2013-11-20 19:45 - 00000000 ____D () C:\Program Files\WTouch
2014-02-10 23:05 - 2013-10-04 15:59 - 00000000 ____D () C:\Program Files\MATLAB
2014-02-10 23:05 - 2013-07-24 14:54 - 00000000 ____D () C:\Program Files\Adobe
2014-02-10 23:05 - 2013-06-27 20:47 - 00000000 ____D () C:\Program Files\Dell_HostCD
2014-02-10 23:05 - 2013-06-24 16:46 - 00000000 ____D () C:\Program Files\ESET
2014-02-10 23:05 - 2013-06-24 16:42 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2014-02-10 23:05 - 2013-06-24 16:40 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2014-02-10 23:05 - 2013-06-24 16:39 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-02-10 23:05 - 2012-07-26 03:12 - 00000000 __SHD () C:\Program Files\Windows Sidebar
2014-02-10 23:05 - 2012-07-26 03:12 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2014-02-10 23:05 - 2012-07-26 03:12 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-02-10 23:05 - 2012-07-26 03:12 - 00000000 ____D () C:\Program Files\Windows NT
2014-02-10 23:05 - 2012-07-26 03:12 - 00000000 ____D () C:\Program Files\Windows Multimedia Platform
2014-02-10 23:05 - 2012-07-26 03:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-02-10 23:05 - 2012-07-26 02:53 - 00000000 ____D () C:\Program Files\Windows Journal
2014-02-10 22:00 - 2013-06-24 17:11 - 00000000 ____D () C:\Users\Camilo\AppData\Roaming\Spotify
2014-02-10 15:19 - 2013-06-24 17:14 - 00000920 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2684815938-1729287829-1981941148-1001Core.job
2014-02-10 15:14 - 2014-02-10 14:17 - 00000000 ____D () C:\Users\Camilo\Desktop\Software de prospectiva
2014-02-10 12:36 - 2013-06-24 17:12 - 00000000 ____D () C:\Users\Camilo\AppData\Local\Spotify
2014-02-10 12:07 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-10 00:04 - 2012-08-25 18:14 - 00000000 ____D () C:\Users\Camilo\Documents\4. Curriculo
2014-02-09 23:58 - 2013-07-26 20:02 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-03 14:14 - 2012-08-25 18:07 - 00000000 ____D () C:\Users\Camilo\Documents\1. TEC
2014-02-03 14:14 - 2012-08-25 18:02 - 00000000 ____D () C:\Users\Camilo\Documents\0. Varios
2014-02-03 14:06 - 2013-06-24 14:10 - 00000000 ____D () C:\Users\Camilo\AppData\Local\Packages
2014-01-31 11:19 - 2014-01-31 11:19 - 00000827 _____ () C:\Users\Camilo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\lcsebody.lnk
2014-01-31 09:31 - 2012-08-25 18:13 - 00000000 ____D () C:\Users\Camilo\Documents\3. Idiomas
2014-01-31 09:26 - 2012-10-13 13:11 - 00000000 ____D () C:\Users\Camilo\Documents\10. Tesis
2014-01-30 16:10 - 2013-11-15 19:43 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-30 16:10 - 2013-11-15 19:43 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-23 14:32 - 2012-07-26 02:28 - 00803370 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-01-20 18:52 - 2012-07-26 02:21 - 00040214 _____ () C:\Windows\setupact.log
2014-01-19 09:48 - 2013-06-24 14:19 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2684815938-1729287829-1981941148-1001
2014-01-18 23:43 - 2013-06-29 13:26 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-01-18 21:21 - 2013-10-01 13:07 - 00000000 ____D () C:\Users\Camilo\Desktop\HarukoiOtome
2014-01-18 21:08 - 2012-08-25 18:08 - 00000000 ____D () C:\Users\Camilo\Documents\2. Cátedra ExOp
2014-01-18 10:38 - 2014-01-16 20:52 - 00000000 ____D () C:\Windows\softwaredistribution.bak1
2014-01-15 01:10 - 2013-08-10 12:12 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-15 01:08 - 2013-06-24 20:06 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 01:07 - 2012-07-26 03:12 - 00000000 ____D () C:\Windows\WinStore
2014-01-14 16:56 - 2013-11-28 05:44 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-01-14 16:52 - 2013-06-24 19:53 - 00000000 ____D () C:\Users\Camilo\AppData\Roaming\uTorrent
 
Some content of TEMP:
====================
C:\Users\Camilo\AppData\Local\Temp\bassmod.dll
C:\Users\Camilo\AppData\Local\Temp\ginst0.dll
C:\Users\Camilo\AppData\Local\Temp\htmlayout.dll
C:\Users\Camilo\AppData\Local\Temp\i4jdel1.exe
C:\Users\Camilo\AppData\Local\Temp\i4jdel2.exe
C:\Users\Camilo\AppData\Local\Temp\InstallPlugin.exe
C:\Users\Camilo\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Camilo\AppData\Local\Temp\KXUF.exe
C:\Users\Camilo\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-02-10 03:03
 
==================== End Of Log ============================
Link to post
Share on other sites

Hi Marius the work is done, this is the ark.txt content:

 

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-02-11 11:30:42
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\0000003f ST9500420AS rev.0001TSM1 465,76GB
Running: 0jfg27vb.exe; Driver: C:\Users\Camilo\AppData\Local\Temp\uxloypow.sys
 
 
---- Threads - GMER 2.1 ----
 
Thread   C:\Windows\system32\csrss.exe [600:624]                                                                                                                                                          fffff960008fb5e8
---- Processes - GMER 2.1 ----
 
Library  C:\Users\Camilo\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\Camilo\AppData\Roaming\Dropbox\bin\Dropbox.exe [3752](2014-01-03 00:45:04)                          0000000003ee0000
Library  C:\Users\Camilo\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\Camilo\AppData\Roaming\Dropbox\bin\Dropbox.exe [3752](2013-10-18 23:55:02)                                000000006a720000
Library  C:\Users\Camilo\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\Camilo\AppData\Roaming\Dropbox\bin\Dropbox.exe [3752] (ICU Data DLL/The ICU Project)(2013-10-18 23:55:00)  0000000069d90000
 
---- Registry - GMER 2.1 ----
 
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed                                                                                                                1162621783
 
---- EOF - GMER 2.1 ----
Link to post
Share on other sites

Full System Scan with Malwarebytes Antimalware


  • If not existing, please download
Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.



If the program is already installed:

  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

 

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

Link to post
Share on other sites

The result of the Malwarebytes Anti-Malware (i'm still 29% of ESET), thanks a lot

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org
 
Database version: v2014.02.11.06
 
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16750
Camilo :: SPOT [administrator]
 
Protection: Enabled
 
11/02/2014 11:48:22 a. m.
mbam-log-2014-02-11 (11-48-22).txt
 
Scan type: Full scan (C:\|D:\|G:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 660098
Time elapsed: 2 hour(s), 33 minute(s), 41 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
Link to post
Share on other sites

This is the last scan....

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.02.11.02
 
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16750
Camilo :: SPOT [administrator]
 
Protection: Enabled
 
11/02/2014 12:45:04 a. m.
mbam-log-2014-02-11 (00-45-04).txt
 
Scan type: Full scan (C:\|D:\|G:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 662015
Time elapsed: 1 hour(s), 59 minute(s), 7 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|AdobeUpdate (Trojan.Agent) -> Data: wscript "C:\Users\Camilo\AppData\Roaming\Adobe64\invis.vbs" "C:\Users\Camilo\AppData\Roaming\Adobe64\bat.exe" -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|BackgroundContainer (PUP.Optional.Conduit) -> Data: "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Camilo\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun -> Quarantined and deleted successfully.
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 11
C:\ProgramData\svchost0 (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\Camilo\AppData\Local\Temp\CT2411669 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Camilo\AppData\Local\Temp\ct2504091 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon (PUP.Optional.ValueApps) -> Quarantined and deleted successfully.
C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon\1.7.0.2_1 (PUP.Optional.ValueApps) -> Quarantined and deleted successfully.
C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon\1.7.0.2_1\images (PUP.Optional.ValueApps) -> Quarantined and deleted successfully.
C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon\1.7.0.2_1\js (PUP.Optional.ValueApps) -> Quarantined and deleted successfully.
C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon\1.7.0.2_1\js\js (PUP.Optional.ValueApps) -> Quarantined and deleted successfully.
C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon\1.7.0.2_1\mam (PUP.Optional.ValueApps) -> Quarantined and deleted successfully.
C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon\1.7.0.2_1\mam\scripts (PUP.Optional.ValueApps) -> Quarantined and deleted successfully.
C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon\1.7.0.2_1\mam\scripts\contentScripts (PUP.Optional.ValueApps) -> Quarantined and deleted successfully.
 
Files Detected: 35
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TenchisTV\TenchisTVToolbarHelper.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Camilo\AppData\Local\Conduit\CT2411669\TenchisTVAutoUpdateHelper.exe.vir (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Camilo\AppData\LocalLow\TenchisTV\hk64tbTen2.dll.vir (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Camilo\AppData\LocalLow\TenchisTV\hktbTen2.dll.vir (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Camilo\AppData\LocalLow\TenchisTV\ldrtbTen2.dll.vir (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Camilo\AppData\LocalLow\TenchisTV\tbTen2.dll.vir (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\Users\Camilo\AppData\Roaming\Adobe64\postgres.exe (PUP.BitCoinMiner) -> Quarantined and deleted successfully.
C:\Users\Camilo\Documents\guitar_pro_5.2_+_keygen.rar (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage (PUP.Optional.Pricegong) -> Quarantined and deleted successfully.
C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pricegong.conduitapps.com_0.localstorage-journal (PUP.Optional.Pricegong) -> Quarantined and deleted successfully.
C:\Users\Camilo\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
C:\Users\Camilo\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Camilo\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Camilo\AppData\Roaming\Adobe64\invis.vbs (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Camilo\AppData\Local\Temp\CT2411669\ddt.csf (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Camilo\AppData\Local\Temp\ct2504091\ism.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon\1.7.0.2_1\background.html (PUP.Optional.ValueApps) -> Quarantined and deleted successfully.
C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon\1.7.0.2_1\icon.png (PUP.Optional.ValueApps) -> Quarantined and deleted successfully.
C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon\1.7.0.2_1\icon128.png (PUP.Optional.ValueApps) -> Quarantined and deleted successfully.
C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon\1.7.0.2_1\icon16.png (PUP.Optional.ValueApps) -> Quarantined and deleted successfully.
C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon\1.7.0.2_1\icon48.png (PUP.Optional.ValueApps) -> Quarantined and deleted successfully.
C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon\1.7.0.2_1\manifest.json (PUP.Optional.ValueApps) -> Quarantined and deleted successfully.
C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon\1.7.0.2_1\options.html (PUP.Optional.ValueApps) -> Quarantined and deleted successfully.
C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon\1.7.0.2_1\popup.html (PUP.Optional.ValueApps) -> Quarantined and deleted successfully.
C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon\1.7.0.2_1\Thumbs.db (PUP.Optional.ValueApps) -> Quarantined and deleted successfully.
C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon\1.7.0.2_1\js\background.js (PUP.Optional.ValueApps) -> Quarantined and deleted successfully.
C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon\1.7.0.2_1\js\options.js (PUP.Optional.ValueApps) -> Quarantined and deleted successfully.
C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon\1.7.0.2_1\mam\background.html (PUP.Optional.ValueApps) -> Quarantined and deleted successfully.
C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon\1.7.0.2_1\mam\settings.json (PUP.Optional.ValueApps) -> Quarantined and deleted successfully.
C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon\1.7.0.2_1\mam\scripts\background.js (PUP.Optional.ValueApps) -> Quarantined and deleted successfully.
C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon\1.7.0.2_1\mam\scripts\iframeHost.html (PUP.Optional.ValueApps) -> Quarantined and deleted successfully.
C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon\1.7.0.2_1\mam\scripts\iframeHost.js (PUP.Optional.ValueApps) -> Quarantined and deleted successfully.
C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon\1.7.0.2_1\mam\scripts\popup.js (PUP.Optional.ValueApps) -> Quarantined and deleted successfully.
C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon\1.7.0.2_1\mam\scripts\contentScripts\contentScript.js (PUP.Optional.ValueApps) -> Quarantined and deleted successfully.
 
(end)
Link to post
Share on other sites

Here it is finally:

 

C:\Windows.old\Documents and Settings\Spot\Datos de programa\uTorrent\uTorrent.exe a variant of Win32/Bunndle potentially unsafe application
C:\Windows.old\Users\Spot\AppData\Roaming\uTorrent\uTorrent.exe a variant of Win32/Bunndle potentially unsafe application
C:\Windows.old\Users\Spot\Datos de programa\uTorrent\uTorrent.exe a variant of Win32/Bunndle potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TenchisTV\hk64tbTenc.dll.vir Win64/Toolbar.Conduit.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TenchisTV\hktbTenc.dll.vir Win32/Toolbar.Conduit.W potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TenchisTV\ldrtbTenc.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TenchisTV\prxtbTenc.dll.vir Win32/Toolbar.Conduit.W potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\TenchisTV\tbTenc.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Camilo\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Camilo\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.1.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Camilo\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.2.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Camilo\AppData\LocalLow\TenchisTV\hk64tbTen0.dll.vir Win64/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Camilo\AppData\LocalLow\TenchisTV\hk64tbTenc.dll.vir Win64/Toolbar.Conduit.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Camilo\AppData\LocalLow\TenchisTV\hktbTen0.dll.vir Win32/Toolbar.Conduit.X potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Camilo\AppData\LocalLow\TenchisTV\hktbTenc.dll.vir Win32/Toolbar.Conduit.W potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Camilo\AppData\LocalLow\TenchisTV\ldrtbTen0.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Camilo\AppData\LocalLow\TenchisTV\ldrtbTenc.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Camilo\AppData\LocalLow\TenchisTV\tbTen0.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Camilo\AppData\LocalLow\TenchisTV\tbTen1.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Camilo\AppData\LocalLow\TenchisTV\tbTenc.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Camilo\AppData\LocalLow\TenchisTV\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll.vir a variant of Win32/PriceGong.A potentially unwanted application deleted - quarantined
C:\Users\Camilo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A14QMM84\html_comp[1].htm Win32/PriceGong.B potentially unwanted application deleted - quarantined
C:\Users\Camilo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VPYVIUUR\TBUpdaterLogic[1].dll Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
C:\Users\Camilo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z1LKJ4DI\TBUpdaterLogic[1].dll Win32/Toolbar.Conduit.Y potentially unwanted application deleted - quarantined
C:\Windows.old\Documents and Settings\Spot\AppData\Roaming\uTorrent\uTorrent.exe a variant of Win32/Bunndle potentially unsafe application deleted - quarantined
D:\4. Books\strategic_management_of_technology_and_innovation_ebook_free_download_downloader.exe a variant of Win32/ExpressDownloader.H potentially unwanted application deleted - quarantined
Link to post
Share on other sites

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[s1].txt also


SecurityCheck

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.

Link to post
Share on other sites

Hello, there are the results:

 

# AdwCleaner v3.018 - Report created 12/02/2014 at 10:43:27
# Updated 28/01/2014 by Xplode
# Operating System : Windows 8 Enterprise  (64 bits)
# Username : Camilo - SPOT
# Running from : C:\Users\Camilo\Desktop\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16537
 
 
-\\ Google Chrome v32.0.1700.107
 
[ File : C:\Users\Camilo\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [3105 octets] - [11/02/2014 00:05:28]
AdwCleaner[R1].txt - [864 octets] - [12/02/2014 10:40:04]
AdwCleaner[s0].txt - [3199 octets] - [11/02/2014 00:07:49]
AdwCleaner[s1].txt - [786 octets] - [12/02/2014 10:43:27]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [845 octets] ##########
 
 
And there is the security check results:
 
 Results of screen317's Security Check version 0.99.79  
   x64 (UAC is enabled)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
ESET NOD32 Antivirus 5.0   
Windows Defender           
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 45  
 Java version out of Date! 
 Adobe Flash Player 12.0.0.44  
 Adobe Reader XI  
 Google Chrome 32.0.1700.107  
 Google Chrome 32.0.1700.76  
````````Process Check: objlist.exe by Laurent````````  
 ESET NOD32 Antivirus egui.exe  
 ESET NOD32 Antivirus ekrn.exe  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 
Link to post
Share on other sites

Your system is clean now! :)

 

 

Internet Explorer out of date

Your version of Internet Explorer is outdated.

  1. Please download IE 10 from http://windows.microsoft.com/en-US/internet-explorer/downloads/ie-10/worldwide-languages
  2. Save it to your desktop.
  3. Double click on the file on your desktop to start the installation process.
  4. Reboot

 

 

 

Java runtime Environment out of date

Your Java runtime environment is outdated. We will fix this.

  • Get the actual JRE from here
  • Save jxpiinstall.exe to your desktop
  • Close all running programs, especially your browser(s)
  • Run jxpiinstall.exe. This will download the newest JRE installer and install the software
  • when finished, go to
    Start-->control panel-->add/remove programs and remove all older Java versions. (if existing)
  • When finished, reboot your computer.


After the reboot

  • Open control panel again and click the java symbol.
  • Click Settings under Temporary Internet Files.
    The Temporary Files Settings dialog box appears.
  • Click Delete Files.
    The Delete Temporary Files dialog box appears
  • Click OK on Delete Temporary Files window.
  • Click OK again.

 

 

 

Uninstall our tools using delfix

Please follow these steps in order:

  1. In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  2. In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  3. In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process

[*] If there is still something left please delete it manualy.

 

 

 

Recommendations: How to protect yourself

  • System Updates
    Please ensure to have automatic updates activated in your control panel.
    For further information and a tutorial, see this Microsoft Support article.
  • Protection
    What you need is one (not more) virus scanner with background protection. Additionally I recommend a special malware scanner to run on demand weekly.
    Personally I am using avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer good protection for free.
    • To keep your browser free of advertising, you may install the Adblock Plus browser extension.
      It will filter unwanted advertising out of the website´s content.
    • To protect yourself from accidentally visiting malicious web sites, install the Web of Trust (WOT) browser extension.
      It will display a green (safe), yellow (unknown) or red (potentially dangerous) icon for a visited website within your browser.
      In addition, before accessing a dangerous classified web site, a warning screen is displayed.


    [*]Up to date Software
    Keep your Windows and your third party software up to date. The easiest way to get infected is an outdated windows, followed by: browser(s) (including add-ons and plug-ins), Adobe Flash Player and Adobe Reader, Java Runtime Environment, your antivirus program and so on. These links may help you to check:

    [*]Backup
    Hardware issues, malware, fire, lightning strike: There is a long list of different ways to loose all your data. Back up your files regularly. Use the windows internal backup function or a third party tool and save your data onto an external hard drive, cloud storage, optical media like CDs or DVDs or (if available) a professional network backup system. [*]Behaviour
    The commonest error when using a computer is "error 80" - what means that the error is located about 80cm in front of the monitor. This is a common joke between IT support technicians but it shows that all the safety mechanisms won´t help if you aren´t careful enough.

    • While surfing the internet, don´t click on anything you don´t know. In the worst case, it infects your system with malware.
    • Watch your step in social networks! Many cyber criminals use them to spread malware, mine personal pata (to be sold to advertising companies, for example) or simply do damage to other users. Even if a received hyperlink within a message seems to be coming from one of your friends, have a closer look. In addition, don´t click everything.
    • When installing software, have a look to each of the setup windows and uncheck any additional toolbars or free programs that may be offered additionally. Most of today´s setup procedures contain potentially unwanted programs so keep them off your system.
    • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
      They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.



Link to post
Share on other sites

I'm so sorry being a nuisance but the problem still here. Every minute my computer shut down most of windows proccesses, like the windows explorer, configuration windows etc. I can't work i don't know what it is, because i ran out of ideas... i tried with restoration points but it seems to be impossible i tried a couple of times. Help me please

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.