the first page of her nightmare

Transcription

HOME › FORUMS › TECH SUPPORT › VIRUS AND MALWARE REMOVAL
C:\Windows\SysWOW64\cmd.exe ..box pops u
By Aehlex
Inactive-A
Page 1 of 2
1
Jul 12, 2013
2
Next >
I believe this is a virus. I have read several post in hopes of figuring out how to remove it but need s
have Ad-aware and Norton and intend to keep both because Norton now has a compatibility adjustm
This C:\Windows\SysWOW64\cmd.exe window began showing up after a Trojan virus shut down m
so I was able to remove it on my own. HOWEVER the maybe Norton tech told me my comp was all
stuff that I refused. He kept going down in price but I had no $ to buy anything. The tech refused to h
get in and then he hung up on me. We had a chat window up and he said, "is that all?". I repeated m
your virus!" I figured out how to get out of safe mode and was able to find the folder the virus was in
problem. Then I reboot and this weird window starts showing up. Also my comp moved super slow..
suspicious "Norton tech" so I uninstalled and reinstalled Norton and my comp was pretty much back
\SysWOW64\cmd.exe window shows up briefly at start up and I recently noticed weird stuff happen
themselves etc.. Please HELP! My comp is a Gateway 64bit Windows 7 laptop. Its not even 2 years
Aehlex, Jul 12, 2013
1 of 36
TRENDING
REVIEWS
FEATURES
PRODUCT FINDER
Remove Malware - Free
FORUMS
DOWNLOADS
free-malware-removal.sparktrust.com
Quick Malware Removal in 2 minutes. Free Download (Highly
Recommended)
Welcome aboard
Broni
Malware
Annihilator
Posts: 46,935
+254
Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, s
Attached logs won't be reviewed.
Please, observe following rules:
Read all of my instructions very carefully. Your mistakes during cleaning
like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing
Please refrain from running any tools, fixes or applying any changes to your
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your comp
2 of 36
TRENDING
REVIEWS
FEATURES
PRODUCT FINDER
FORUMS
DOWNLOADS
I close my topics if you have not replied in 5 days. If you need more time
you need it to be reopened, simply PM me.
Broni, Jul 12, 2013
Thanx Broni..here is the malware bites report: (minus my comps name) is my IP ad
Aehlex
TS Rookie
Topic Starter
Posts: 19
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.07.13.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
****** ::********** [administrator]
7/12/2013 7:25:25 PM
mbam-log-2013-07-12 (19-25-25).txt
Scan type: Full scan (C:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra |
Scan options disabled: P2P
Objects scanned: 419424
Time elapsed: 1 hour(s), 32 minute(s), 2 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
Registry Keys Detected: 6
HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} (PUP.Software.Upda
HKCR\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Software.Upda
HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Software.Up
successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B
3 of 36
TRENDING
REVIEWS
FEATURES
PRODUCT FINDER
FORUMS
DOWNLOADS
Registry Values Detected: 0
Registry Data Items Detected: 0
Folders Detected: 0
Files Detected: 2
C:\Users\******\AppData\Local\SwvUpdater\Updater.exe (PUP.Software.Updater) ->
C:\Windows\Tasks\AmiUpdXp.job (PUP.Software.Updater) -> Quarantined and dele
(end)
So I noticed today that the graphics on youtube videos would be clear then in 3 sec
8 items..the videos are playing clearly again
Aehlex
TS Rookie
Topic Starter
Posts: 19
but when I type the letters and words rearrange themselves (last few days) its very
ok Im going to start on Step 3: DDS tonight or tomorrow THANX AGAIN!
Oh and the SysWOW64 window still comes up at start up
Aehlex
TS Rookie
Topic Starter
Posts: 19
4 of 36
TRENDING
REVIEWS
FEATURES
PRODUCT FINDER
update Adobe Flash a few days ago.
FORUMS
DOWNLOADS
Aehlex
TS Rookie
Topic Starter
Posts: 19
I still need DDS logs.
Broni
Malware
Annihilator
Broni, Jul 13, 2013
Posts: 46,935
+254
Norton said both DDS links were bad and removed them. This all makes me nervou
hurt my comp. Think I'll take my chances with the virus for now..thanx anyway!
Aehlex
TS Rookie
Topic Starter
Posts: 19
Well if you think that I have nothing better to do but to hurt your computer that's fine
I'll have more time to help other people around here.
I'm closing this one.
Broni
Broni, Jul 13, 2013
5 of 36
TRENDING
REVIEWS
FEATURES
PRODUCT FINDER
FORUMS
DOWNLOADS
Ok again I apologize I meant no disrespect. Thank u for reopening this topic. I just d
asap
Aehlex
TS Rookie
Topic Starter
Posts: 19
Aehlex
TS Rookie
Topic Starter
Posts: 19
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16635
14:09:48 on 2013-07-17
Microsoft Windows 7 Home Premium [GMT -7:00]
.
AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C
SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B46268
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
6 of 36
TRENDING
REVIEWS
FEATURES
PRODUCT FINDER
FORUMS
DOWNLOADS
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileD
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
C:\Program Files (x86)\Launch Manager\LMutilps32.exe
C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVH
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
7 of 36
TRENDING
REVIEWS
FEATURES
PRODUCT FINDER
FORUMS
DOWNLOADS
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\igfxext.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\PROGRA~2\AD-AWA~1\AdAware.exe
C:\Windows\splwow64.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.
C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.e
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.e
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.e
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.e
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\Office
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Internet Explorer\iexplore.exe
8 of 36
TRENDING
REVIEWS
FEATURES
PRODUCT FINDER
FORUMS
DOWNLOADS
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
mStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042
B2D3-DC0EA1019A5D}
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FE
WebPrint EX\ewpexbho.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} Security\Engine\20.4.0.40\coieplg.dll
BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\P
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010
Security\Engine\20.4.0.40\ips\ipsbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D4
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863
Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} BHO: Wishpot Button: {9E40F4A8-6896-4b67-91F5-F6F287ECB5D9} - C:\Program
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\P
Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\P
Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588
\jp2ssv.dll
BHO: SweetPacks Browser Helper: {EEE6C35C-6118-11DC-9C72-001320C79847}
\Internet Explorer\mgToolbarIE.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C
EX\ewpexhlp.dll
9 of 36
TRENDING
REVIEWS
FEATURES
PRODUCT FINDER
FORUMS
DOWNLOADS
EX\ewpexhlp.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} TB: Wishpot Button: {7DAAFFD0-5A88-447d-96C6-E6CA06AF0758} - C:\Program
TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Pro
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program
\20.4.0.40\coieplg.dll
TB: SweetPacks Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-00132
\Toolbars\Internet Explorer\mgToolbarIE.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program F
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\P
EX\ewpexhlp.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarN
mRun: [BackupManagerTray] "C:\Program Files (x86)\NTI\Gateway MyBackup\Bac
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Ba
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD1
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\C
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Applicat
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\Adobe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottim
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Prote
mRun: [SearchProtection] C:\ProgramData\Search Protection\_run.bat
mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareL
StartupFolder: C:\Users\**\AppData\Roaming\MICROS~1\Windows\STARTM~1\Pro
\*\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
10 of 36
TRENDING
REVIEWS
FEATURES
PRODUCT FINDER
FORUMS
DOWNLOADS
(x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://qtinstall.apple.com/
DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} - hxxps://lowes.2020.net/pla
/2020PlayerAX_WEB_Win32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/upda
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/upd
TCP: NameServer = 10.128.128.128
TCP: Interfaces\{DCA611EE-D527-4383-B71E-19CE89F806B5} : DHCPNameServ
TCP: Interfaces\{E9847492-48FC-42DD-9B62-4401A562EF7C} : DHCPNameServ
TCP: Interfaces\{E9847492-48FC-42DD-9B62-4401A562EF7C}\45753475966496 :
209.18.47.62
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\P
Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program
\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files
Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760
Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7
\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Progra
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
11 of 36
TRENDING
REVIEWS
FEATURES
PRODUCT FINDER
FORUMS
DOWNLOADS
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8
(x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8}
\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orph
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Aehlex
================ FIREFOX ===================
.
FF - ProfilePath - C:\Users\Aehlex\AppData\Roaming\Mozilla\Firefox\Profiles\2ce9a
FF - prefs.js: browser.search.defaulturl FF - prefs.js: browser.search.selectedEngine - Bing
12 of 36
TRENDING
REVIEWS
FEATURES
PRODUCT FINDER
FORUMS
DOWNLOADS
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dl
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Re
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-05-26 13:30; {87934c42-161d-45bc-8cef-ef18abe2a30c}; C:\Use
\Profiles\2ce9ac5e.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
FF - ExtSQL: 2013-05-26 13:30; jid1-yZwVFzbsyfMrqQ@jetpack; C:\Users\Aehlex\
\2ce9ac5e.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-5-26 14456]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1404000.0
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NIS
1139800]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85
\BASHDefs\20130715.001\BHDrvx64.sys [2013-7-16 1393240]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\dr
[2013-6-10 169048]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85E
\IPSDefs\20130716.001\IDSviA64.sys [2013-7-16 513184]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1404000
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drive
[2013-6-10 433752]
R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus
13 of 36
TRENDING
REVIEWS
FEATURES
PRODUCT FINDER
FORUMS
DOWNLOADS
R2 ePowerSvc;ePower Service;C:\Program Files\Gateway\Gateway Power Manage
R2 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GRE
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\In
Technology\IAStorDataMgrSvc.exe [2011-8-11 13592]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Gateway\Gateway
244624]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-M
418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malwa
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\En
144368]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online B
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Gateway MyBa
R2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Applicati
508776]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype
3289208]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C
Management Engine Components\UNS\UNS.exe [2011-10-6 2656280]
R3 b57xdbd;Broadcom xD Picture Bus Driver Service;C:\Windows\System32\driver
R3 b57xdmp;Broadcom xD Picture vstorp client drv;C:\Windows\System32\drivers\
R3 bScsiMSa;bScsiMSa;C:\Windows\System32\drivers\bScsiMSa.sys [2011-5-16 5
R3 bScsiSDa;bScsiSDa;C:\Windows\System32\drivers\bScsiSDa.sys [2011-5-6 86
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common File
\EraserUtilRebootDrv.sys [2013-6-2 138912]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [20
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\Sys
425000]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013
14 of 36
TRENDING
REVIEWS
FEATURES
PRODUCT FINDER
FORUMS
DOWNLOADS
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft
[2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_
\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_
\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.ex
S3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [201
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Gam
206072]
S3 gfiark;gfiark;C:\Windows\System32\drivers\gfiark.sys [2013-5-27 39504]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 593
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Win
57184]
.
=============== Created Last 30 ================
.
2013-07-13 02:22:36 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-07-13 02:22:36 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Mal
2013-07-12 22:55:58 -------- d-----w- C:\Users\Aehlex\AppData\Local\{72696072-95
2013-07-12 02:50:20 -------- d-----w- C:\Users\Aehlex\AppData\Local\{2C59E292-F3
2013-07-12 02:04:24 -------- d-----w- C:\Program Files (x86)\FileOpenerPro
2013-07-12 02:03:52 -------- d-----w- C:\Users\Aehlex\AppData\Local\SwvUpdater
2013-07-12 01:56:30 -------- d-----w- C:\Program Files (x86)\RegSeeker
2013-07-12 01:56:26 -------- d-----w- C:\Users\Aehlex\AppData\Roaming\Babylon
2013-07-12 01:56:26 -------- d-----w- C:\ProgramData\Babylon
2013-07-11 17:56:43 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAs
2013-07-11 17:56:43 571904 ----a-w- C:\Program Files\Windows Defender\MpClien
15 of 36
TRENDING
REVIEWS
FEATURES
PRODUCT FINDER
FORUMS
DOWNLOADS
2013-07-11 17:56:43 314880 ----a-w- C:\Program Files\Windows Defender\MpComm
2013-07-11 17:56:43 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.
2013-07-11 17:56:41 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-07-11 17:56:41 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-07-11 17:56:41 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-11 17:56:41 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-11 17:50:15 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-07-11 17:50:13 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.D
2013-07-11 17:50:13 1367040 ----a-w- C:\Program Files\Common Files\Microsoft S
2013-07-11 17:50:12 936448 ----a-w- C:\Program Files (x86)\Common Files\Micros
2013-07-11 17:50:12 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV
2013-07-11 17:50:12 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.d
2013-07-11 17:48:41 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-07-11 17:48:41 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-07-11 00:20:30 -------- d-----w- C:\Users\Aehlex\AppData\Local\{54378506-4B
2013-06-29 18:54:44 -------- d-----w- C:\Users\Aehlex\AppData\Local\{37AA1397-68
2013-06-27 23:26:20 -------- d-----w- C:\Users\Aehlex\AppData\Local\{F8B6057F-79
2013-06-23 17:07:25 -------- d-----w- C:\Users\Aehlex\AppData\Local\adawarebp
2013-06-21 05:48:13 -------- d-----w- C:\Users\Aehlex\AppData\Local\{FD27AD80-C
2013-06-19 23:37:48 0 ----a-w- C:\Windows\SysWow64\shoF8A3.tmp
2013-06-19 19:13:28 -------- d-----w- C:\Program Files (x86)\SweetIM
2013-06-19 19:12:35 829264 ----a-w- C:\Windows\System32\msvcr100.dll
2013-06-19 19:12:35 608080 ----a-w- C:\Windows\System32\msvcp100.dll
2013-06-19 19:12:31 -------- d-----w- C:\Users\Aehlex\AppData\Local\FreemakeVide
2013-06-19 19:11:24 -------- d-----w- C:\ProgramData\Freemake
2013-06-19 19:11:09 -------- d-----w- C:\Users\Aehlex\AppData\Roaming\OpenCand
2013-06-19 19:11:09 -------- d-----w- C:\Program Files (x86)\Freemake
2013-06-19 19:06:18 -------- d-----w- C:\Users\Aehlex\AppData\Local\{6FFE20E4-C1
2013-06-19 06:33:36 -------- d-----w- C:\Users\Aehlex\AppData\Local\{F84F639F-7F
.
==================== Find3M ====================
16 of 36
TRENDING
REVIEWS
FEATURES
PRODUCT FINDER
FORUMS
DOWNLOADS
2013-06-23 17:06:11 14456 ----a-w- C:\Windows\System32\drivers\gfibto.sys
2013-06-18 01:42:53 177312 ----a-w- C:\Windows\System32\drivers\SYMEVENT64
2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-23 05:25:28 1139800 ----a-w- C:\Windows\System32\drivers\NISx64\1404
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-04-26 05:51:36 751104 ----a-w- C:\Windows\System32\win32spl.dll
17 of 36
TRENDING
REVIEWS
FEATURES
PRODUCT FINDER
FORUMS
DOWNLOADS
.
============= FINISH: 14:10:37.64 ===============
Do you also need the 2nd report which says.. "
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUEST
...I don't know how to zip..
Aehlex
TS Rookie
Topic Starter
.
Posts: 19
Zip nothing.
All logs have to be pasted into your replies.
Broni
Malware
Annihilator
Broni, Jul 17, 2013
Posts: 46,935
+254
Ok adaware just found a Trojan. and bprotector was also removed.. heres the 2nd D
DDS (Ver_2012-11-20.01)
.
Aehlex
TS Rookie
Topic Starter
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 12/29/2011 9:35:53 AM
System Uptime: 7/16/2013 12:44:10 AM (38 hours ago)
18 of 36
TRENDING
REVIEWS
FEATURES
PRODUCT FINDER
FORUMS
DOWNLOADS
Processor: Intel(R) Core(TM) i3-2330M CPU @ 2.20GHz | CPU1 | 1892/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 358.408 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP90: 6/12/2013 3:00:35 AM - Windows Update
RP92: 6/26/2013 1:23:15 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Ad-Aware Antivirus
Ad-Aware Browsing Protection
Ad-Aware Security Add-on
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.7) MUI
Agatha Christie - Death on the Nile
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 2.0
Backup Manager V3
19 of 36
TRENDING
REVIEWS
FEATURES
PRODUCT FINDER
FORUMS
Broadcom NetLink Controller
Build-a-lot 4 - Power Source
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon MP Navigator EX 4.0
Canon MP Navigator EX 4.1
Canon MP280 series MP Drivers
Canon MP280 series User Registration
Canon My Printer
Canon Solution Menu EX
Canon Speed Dial Utility
Chronicles of Albian
Chuzzle Deluxe
Contrôle ActiveX Windows Live Mesh pour connexions à distance
Cradle of Rome 2
CyberLink MediaEspresso
CyberLink PowerDVD 10
D3DX10
Dora's World Adventure
Dropbox
eBay Worldwide
ETDWare PS/2-X64 8.0.6.3_WHQL
Facebook Video Calling 1.2.0.287
FATE: The Cursed King
File Opener Pro
Final Drive: Nitro
Free Video Converter V 3.1
Galerie de photos Windows Live
Gateway Games
Gateway MyBackup
Gateway Power Management
20 of 36
DOWNLOADS
TRENDING
REVIEWS
FEATURES
PRODUCT FINDER
FORUMS
DOWNLOADS
Gateway Social Networks
Gateway Updater
Google Toolbar for Internet Explorer
Google Update Helper
Governor of Poker 2 Premium Edition
HomeMedia
Identity Card
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Internet Explorer Toolbar 4.8 by SweetPacks
iTunes
Java(TM) 6 Update 35
Jewel Match 3
Junk Mail filter update
Launch Manager
LG USB Modem driver
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
21 of 36
TRENDING
REVIEWS
FEATURES
PRODUCT FINDER
FORUMS
DOWNLOADS
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery of Mortlake Mansion
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Express 10
Nero Express 10 Help (CHM)
Nero Multimedia Suite 10 Essentials
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
NOOK for PC
Norton Internet Security
Norton Online Backup
Penguins!
Plants vs. Zombies - Game of the Year
Polar Bowler
Polar Golfer
QuickTime
Realtek High Definition Audio Driver
RegSeeker
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
22 of 36
TRENDING
REVIEWS
FEATURES
PRODUCT FINDER
FORUMS
DOWNLOADS
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Skype Click to Call
Skype™ 6.0
Torchlight
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update Installer for WildTangent Games App
Video Web Camera
Virtual Villagers 5 - New Believers
VLC media player 2.0.7
Welcome Center
WildTangent Games App (Gateway Games)
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
23 of 36
TRENDING
REVIEWS
FEATURES
PRODUCT FINDER
FORUMS
DOWNLOADS
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Wishpot Button for Internet Explorer
Yahoo! Detect
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
7/14/2013 2:24:56 PM, Error: Disk [15] - The device, \Device\Harddisk1\DR1, is not
7/12/2013 9:15:28 PM, Error: Service Control Manager [7001] - The IPsec Policy Ag
Engine service which failed to start because of the following error: Access is denied
7/12/2013 9:15:28 PM, Error: Service Control Manager [7001] - The IKE and AuthIP
the Base Filtering Engine service which failed to start because of the following erro
7/12/2013 9:15:25 PM, Error: Service Control Manager [7023] - The Computer Brow
error: The specified service does not exist as an installed service.
7/12/2013 9:15:25 PM, Error: Service Control Manager [7023] - The Base Filtering
error: Access is denied.
7/10/2013 6:16:04 PM, Error: Service Control Manager [7001] - The Internet Conne
Base Filtering Engine service which failed to start because of the following error: Ac
24 of 36
TRENDING
REVIEWS
FEATURES
PRODUCT FINDER
FORUMS
DOWNLOADS
Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.
Broni
Malware
Annihilator
Posts: 46,935
+254
Close all the running programs
Windows Vista/7 users: right click on RogueKiller.exe, click Run as Admini
Otherwise just double-click on RogueKiller.exe
Pre-scan will start. Let it finish.
Click on SCAN button.
Wait until the Status box shows Scan Finished
Click on Delete.
Wait until the Status box shows Deleting Finished.
Click on Report and copy/paste the content of the Notepad into your next re
RKreport.txt could also be found on your desktop.
If more than one log is produced post all logs.
If RogueKiller has been blocked, do not hesitate to try a few times more. If re
winlogon.com) and try again
Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-syste
- XP: http://support.microsoft.com/kb/948247
Download Malwarebytes Anti-Rootkit (MBAR) from HERE
25 of 36
TRENDING
REVIEWS
FEATURES
PRODUCT FINDER
FORUMS
DOWNLOADS
Click on the Cleanup button to remove any threats and reboot if prompted to
Wait while the system shuts down and the cleanup process is performed.
Perform another scan with Malwarebytes Anti-Rootkit to verify that no thre
more and repeat the process.
When done, please post the two logs produced they will be in the MBAR
Broni, Jul 18, 2013
Aehlex
TS Rookie
Topic Starter
Posts: 19
RogueKiller V8.6.3 _x64_ [Jul 17 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Aehlex [Admin rights]
Mode : Scan -- Date : 07/18/2013 18:49:14
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 7 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\[...]\Run : SearchProtection (C:\Prog
FOUND
[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee}
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B3030
[BROK VAL] HKCR\[...]\command : () -> MISSING
¤¤¤ Scheduled tasks : 0 ¤¤¤
¤¤¤ Startup Entries : 0 ¤¤¤
26 of 36
TRENDING
REVIEWS
FEATURES
PRODUCT FINDER
FORUMS
DOWNLOADS
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD5000BPVT-22HXZT3 +++++
--- User --[MBR] cf41cc681794640fce3241ba3be64962
[BSP] 8a740bbdcd17c321b930d912a848c616 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31459328 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31664128 | Size: 461478 Mo
User = LL1 ... OK!
User = LL2 ... OK!
--- User --[MBR] b07927c6b904ea2d7d8dc9b2acf6092f
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 249 | Size: 968 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[0]_S_07182013_184914.txt >>
RogueKiller V8.6.3 _x64_ [Jul 17 2013] by Tigzy
27 of 36
TRENDING
Aehlex
TS Rookie
Topic Starter
Posts: 19
REVIEWS
FEATURES
PRODUCT FINDER
FORUMS
DOWNLOADS
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Aehlex [Admin rights]
Mode : Remove -- Date : 07/18/2013 18:49:28
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 7 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\[...]\Run : SearchProtection (C:\Prog
DELETED
[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> [0x2] The
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee}
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B3030
[BROK VAL] HKCR\[...]\command : () -> CREATED ("%1" %*)
¤¤¤ Scheduled tasks : 0 ¤¤¤
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
¤¤¤ MBR Check: ¤¤¤
--- User ---
28 of 36
TRENDING
REVIEWS
FEATURES
PRODUCT FINDER
FORUMS
DOWNLOADS
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31459328 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31664128 | Size: 461478 Mo
User = LL1 ... OK!
User = LL2 ... OK!
--- User --[MBR] b07927c6b904ea2d7d8dc9b2acf6092f
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 249 | Size: 968 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[0]_D_07182013_184928.txt >>
RKreport[0]_S_07182013_184914.txt
I cant get the file unzipped
Aehlex
TS Rookie
Topic Starter
Posts: 19
29 of 36
TRENDING
REVIEWS
FEATURES
PRODUCT FINDER
FORUMS
DOWNLOADS
Broni
Malware
Annihilator
Broni, Jul 18, 2013
Posts: 46,935
+254
Wait I got it running rootkit scan now
Aehlex
TS Rookie
Topic Starter
Posts: 19
I cant locate the reports and searched for mbar-log-xxxxx.txt but no results..looked
Aehlex
TS Rookie
Topic Starter
Posts: 19
Create new restore point before proceeding with the next step....
Broni
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point
30 of 36
TRENDING
REVIEWS
FEATURES
PRODUCT FINDER
FORUMS
DOWNLOADS
Please download ComboFix from Here, Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I ne
saved directly to your desktop**
Never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfe
Very Important! Temporarily disable your anti-virus, script blocking
performing a scan. They can interfere with ComboFix or remove some of its
"unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is
don't know how to disable it, please ask.
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as
Please do not attempt to re-connect your machine back to the Internet until C
If there is no internet connection after running Combofix, then restart your co
If the connection is not there use restore point you created prior to running C
Double click on combofix.exe & follow the prompts.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users
Security is uninstalled as a protective measure against the anti-virus. This is becau
31 of 36
TRENDING
REVIEWS
FEATURES
PRODUCT FINDER
FORUMS
DOWNLOADS
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that
computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as y
working. Be patient.
Make sure, you re-enable your security programs, when you're done with Combofix
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
NOTE.
If, for some reason, Combofix refuses to run, try the following...
Delete Combofix file, download fresh one, but rename combofix.exe to your_nam
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to ru
You only need to get one of these to run, not all of them. You may get warnings from
shutdown your antivirus.
rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/
Restart computer in safe mode
Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator
32 of 36
TRENDING
REVIEWS
FEATURES
PRODUCT FINDER
FORUMS
DOWNLOADS
If the tool does not run from any of the links provided, please let me know.
When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.
Once you've gotten one of them to run, immediately run your_name.exe
IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
Broni, Jul 18, 2013
Sorry about the delay..I will attempt to complete this tomorrow
Aehlex
TS Rookie
Topic Starter
Posts: 19
Broni
Malware
Annihilator
Broni, Jul 22, 2013
Posts: 46,935
+254
33 of 36
TRENDING
REVIEWS
Topic Status: Not open for further replies.
FEATURES
PRODUCT FINDER
FORUMS
DOWNLOADS
Add New Comment
TechSpot Members
You may also...
Login or sign up for free,
it takes about 30 seconds.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and
share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.
Main Sections
Community
Useful Resources
About TechSpot
Technology News
TechSpot Forums
Trending Topics
About Us
Reviews
Recent Topics
Featured on TechSpot
Advertising
Features
Recent Comments
PC Buying Guide
News Archive
Product Finder
Community Activity
Hot Downloads
The TechSpot Blog
Downloads
Drivers
34 of 36
TRENDING
REVIEWS
FEATURES
© 2014 TechSpot, Inc. All Rights Reserved.
TechSpot is a registered trademark.
Terms of Use
PRODUCT FINDER
Privacy Policy
35 of 36
FORUMS
DOWNLOADS
TRENDING
REVIEWS
FEATURES
PRODUCT FINDER
36 of 36
FORUMS
DOWNLOADS

the first page of her nightmare

Transcription

Similar documents

Vista General