Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Might Be Infected With Something


  • This topic is locked This topic is locked
11 replies to this topic

#1 Zeffear

Zeffear

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:36 AM

Posted 28 March 2013 - 05:47 PM

Hi,

A few week ago, Aim told me that i was logged on a different location

so i started to look into it and found something in rkill(and it still appears):

 

Checking Windows Service Integrity:

 * FontCache => %SystemRoot%\system32\svchost.exe -k LocalService [Incorrect ImagePath]

 

I used a few different scanners and got some results with it:

 

Malwarebytes Anti-Malware didnt detect anything

Adwcleaner didnt detect anything

TDSSkiller detected something but i think its gone now

Roguekiller detected something and it keeps coming back

 

Not sure what to do at this point

Thanks in Advance!

 

Here are my dds logs:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16470  BrowserJavaVersion: 10.17.2
Run by Johnny at 18:11:04 on 2013-03-28
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4044.1918 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\BitTorrent\BitTorrent.exe
C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://AlienwareArena.com
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe"  /MINIMIZED
mRun: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
mRun: [Integrated Webcam Live! Central] "C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe" /mode2
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 10.128.128.128
TCP: Interfaces\{44F0EA95-F9FF-402C-A828-891DB43508D0} : DHCPNameServer = 10.128.128.128
TCP: Interfaces\{44F0EA95-F9FF-402C-A828-891DB43508D0}\45753475966496 : DHCPNameServer = 10.240.205.161 10.240.205.162
TCP: Interfaces\{44F0EA95-F9FF-402C-A828-891DB43508D0}\742716E646D61672370284F6D656D27657563747 : DHCPNameServer = 167.206.254.1 167.206.254.2
TCP: Interfaces\{44F0EA95-F9FF-402C-A828-891DB43508D0}\876696E696479777966696 : DHCPNameServer = 10.240.205.161 10.240.205.162
TCP: Interfaces\{B9146A77-EC2F-4F07-8AC5-567EF33922DB} : DHCPNameServer = 192.168.1.1
SSODL: WebCheck - <orphaned>
x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [Command Center Controllers] "C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\Windows\System32\ieudinit.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Johnny\AppData\Roaming\Mozilla\Firefox\Profiles\qwlo93k5.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxps://www.google.com/webhp?hl=en&tab=ww
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\Johnny\AppData\LocalLow\Sony Online Entertainment\npsoe.dll
FF - plugin: C:\Users\Johnny\AppData\LocalLow\Sony Online Entertainment\npsoeact.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-03-16 17:35; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; C:\Users\Johnny\AppData\Roaming\Mozilla\Firefox\Profiles\qwlo93k5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
.
============= SERVICES / DRIVERS ===============
.
R0 EMSC;COMPAL Embedded System Control;C:\Windows\System32\drivers\EMSC.sys [2009-6-26 16752]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2012-10-10 30056]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-9-8 55856]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2011-9-8 21616]
R1 nvkflt;nvkflt;C:\Windows\System32\drivers\nvkflt.sys [2012-10-10 284008]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-7-22 13592]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 130008]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Accelern.sys [2011-9-8 27760]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-9-8 176096]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-9-8 317440]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-9-8 76912]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-9-8 82432]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-9-8 181760]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-9-8 333928]
R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-12-1 42392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-9-8 158976]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-24 19456]
S3 rspLLL;rspLLL;C:\Windows\System32\drivers\rspLLL64.sys [2012-7-22 24672]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-3-24 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-3-24 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-9-17 1255736]
S4 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
S4 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-7-21 98208]
S4 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2011-1-13 15296]
S4 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
S4 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S4 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S4 SftService;SoftThinks Agent Service;C:\Program Files (x86)\AlienRespawn\SftService.exe [2011-9-8 1692480]
.
=============== Created Last 30 ================
.
2013-03-28 21:49:07    9311288    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F2517100-F47E-4C82-B88E-DE2F13BFB0DC}\mpengine.dll
2013-03-28 19:02:06    9311288    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-03-27 21:42:09    95648    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-27 19:38:36    --------    d-----w-    C:\Program Files (x86)\ESET
2013-03-25 23:28:16    --------    d-sh--w-    C:\$RECYCLE.BIN
2013-03-25 16:05:28    208216    ----a-w-    C:\Windows\System32\drivers\66335283.sys
2013-03-24 19:21:53    --------    d-----w-    C:\Users\Johnny\AppData\Local\Razer
2013-03-24 19:07:08    73432    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-24 19:07:08    693976    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-24 18:13:59    4916224    ----a-w-    C:\Windows\SysWow64\mstscax.dll
2013-03-24 18:13:58    5773824    ----a-w-    C:\Windows\System32\mstscax.dll
2013-03-24 18:08:33    --------    d-----w-    C:\Program Files\CCleaner
2013-03-24 17:47:53    24176    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-03-24 17:47:52    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-03-24 17:47:42    972264    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2666109B-A30D-4BB0-827C-B012E7E5EE16}\gapaengine.dll
2013-03-24 17:47:23    340992    ----a-w-    C:\Windows\System32\schannel.dll
2013-03-24 17:47:23    247808    ----a-w-    C:\Windows\SysWow64\schannel.dll
2013-03-24 17:47:22    458712    ----a-w-    C:\Windows\System32\drivers\cng.sys
2013-03-24 17:47:22    154480    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2013-03-24 17:47:22    1448448    ----a-w-    C:\Windows\System32\lsasrv.dll
2013-03-24 17:47:21    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2013-03-24 17:47:21    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2013-03-24 17:47:17    19968    ----a-w-    C:\Windows\System32\drivers\usb8023.sys
2013-03-23 15:46:32    --------    d-----w-    C:\found.000
2013-03-21 20:15:49    --------    d-----w-    C:\Users\Johnny\AppData\Local\ElevatedDiagnostics
2013-03-21 19:58:01    --------    d-----w-    C:\Users\Johnny\AppData\Roaming\SUPERAntiSpyware.com
2013-03-21 19:57:53    --------    d-----w-    C:\ProgramData\SUPERAntiSpyware.com
2013-03-21 19:57:53    --------    d-----w-    C:\Program Files\SUPERAntiSpyware
2013-03-20 21:54:07    --------    d-----w-    C:\Windows\ERUNT
2013-03-20 21:54:00    --------    d-----w-    C:\JRT
2013-03-18 20:29:01    --------    d-----w-    C:\TDSSKiller_Quarantine
2013-03-16 21:43:01    --------    d-----w-    C:\Users\Johnny\dwhelper
2013-03-16 12:48:14    --------    d-----w-    C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-03-16 12:47:22    --------    d-----w-    C:\Program Files (x86)\Grinding Gear Games
.
==================== Find3M  ====================
.
2013-03-27 21:41:52    861088    ----a-w-    C:\Windows\SysWow64\npDeployJava1.dll
2013-03-27 21:41:51    782240    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-02-12 05:45:24    135168    ----a-w-    C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22    350208    ----a-w-    C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22    308736    ----a-w-    C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22    111104    ----a-w-    C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31    474112    ----a-w-    C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26    2176512    ----a-w-    C:\Windows\apppatch\AcGenral.dll
2013-02-02 06:57:02    2312704    ----a-w-    C:\Windows\System32\jscript9.dll
2013-02-02 06:47:24    1494528    ----a-w-    C:\Windows\System32\inetcpl.cpl
2013-02-02 06:47:19    1392128    ----a-w-    C:\Windows\System32\wininet.dll
2013-02-02 06:42:18    173056    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-02-02 06:41:51    599040    ----a-w-    C:\Windows\System32\vbscript.dll
2013-02-02 06:38:01    2382848    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-02-02 03:38:35    1800704    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-02-02 03:30:32    1427968    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-02-02 03:30:21    1129472    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-02-02 03:26:47    142848    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2013-02-02 03:26:21    420864    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2013-02-02 03:23:28    2382848    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-01-30 10:53:22    273840    ------w-    C:\Windows\System32\MpSigStub.exe
2013-01-20 20:59:04    230320    ----a-w-    C:\Windows\System32\drivers\MpFilter.sys
2013-01-20 20:59:04    130008    ----a-w-    C:\Windows\System32\drivers\NisDrvWFP.sys
2013-01-13 21:17:03    9728    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17:02    2560    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16:42    10752    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12:46    3584    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11:21    4096    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11:08    5632    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11:07    5632    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11:07    3072    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11:07    3072    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35:31    9728    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35:31    2560    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35:18    10752    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32:07    3584    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31:48    4096    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31:41    5632    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31:40    5632    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31:40    3072    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31:40    3072    ---ha-w-    C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31:00    1247744    ----a-w-    C:\Windows\SysWow64\DWrite.dll
2013-01-13 20:22:22    1988096    ----a-w-    C:\Windows\SysWow64\d3d10warp.dll
2013-01-13 20:20:31    293376    ----a-w-    C:\Windows\SysWow64\dxgi.dll
2013-01-13 20:09:00    249856    ----a-w-    C:\Windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08:43    220160    ----a-w-    C:\Windows\SysWow64\d3d10core.dll
2013-01-13 20:08:35    1504768    ----a-w-    C:\Windows\SysWow64\d3d11.dll
2013-01-13 19:59:04    1643520    ----a-w-    C:\Windows\System32\DWrite.dll
2013-01-13 19:58:28    1175552    ----a-w-    C:\Windows\System32\FntCache.dll
2013-01-13 19:54:01    604160    ----a-w-    C:\Windows\SysWow64\d3d10level9.dll
2013-01-13 19:53:58    207872    ----a-w-    C:\Windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53:14    187392    ----a-w-    C:\Windows\SysWow64\UIAnimation.dll
2013-01-13 19:51:30    2565120    ----a-w-    C:\Windows\System32\d3d10warp.dll
2013-01-13 19:49:17    363008    ----a-w-    C:\Windows\System32\dxgi.dll
2013-01-13 19:48:47    161792    ----a-w-    C:\Windows\SysWow64\d3d10_1.dll
2013-01-13 19:46:25    1080832    ----a-w-    C:\Windows\SysWow64\d3d10.dll
2013-01-13 19:43:21    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38:39    333312    ----a-w-    C:\Windows\System32\d3d10_1core.dll
2013-01-13 19:38:32    1887232    ----a-w-    C:\Windows\System32\d3d11.dll
2013-01-13 19:38:21    296960    ----a-w-    C:\Windows\System32\d3d10core.dll
2013-01-13 19:37:57    3419136    ----a-w-    C:\Windows\SysWow64\d2d1.dll
2013-01-13 19:25:04    245248    ----a-w-    C:\Windows\System32\WindowsCodecsExt.dll
2013-01-13 19:24:33    648192    ----a-w-    C:\Windows\System32\d3d10level9.dll
2013-01-13 19:24:30    221184    ----a-w-    C:\Windows\System32\UIAnimation.dll
2013-01-13 19:20:42    194560    ----a-w-    C:\Windows\System32\d3d10_1.dll
2013-01-13 19:20:04    1238528    ----a-w-    C:\Windows\System32\d3d10.dll
2013-01-13 19:15:40    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2013-01-13 19:10:36    3928064    ----a-w-    C:\Windows\System32\d2d1.dll
2013-01-13 19:02:06    417792    ----a-w-    C:\Windows\SysWow64\WMPhoto.dll
2013-01-13 18:34:58    364544    ----a-w-    C:\Windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32:43    465920    ----a-w-    C:\Windows\System32\WMPhoto.dll
2013-01-13 18:09:52    522752    ----a-w-    C:\Windows\System32\XpsGdiConverter.dll
2013-01-13 17:26:42    1158144    ----a-w-    C:\Windows\SysWow64\XpsPrint.dll
2013-01-13 17:05:09    1682432    ----a-w-    C:\Windows\System32\XpsPrint.dll
2013-01-05 05:53:43    5553512    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2013-01-05 05:00:15    3967848    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00:11    3913064    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2013-01-04 06:11:21    2284544    ----a-w-    C:\Windows\SysWow64\msmpeg2vdec.dll
2013-01-04 06:11:13    2776576    ----a-w-    C:\Windows\System32\msmpeg2vdec.dll
2013-01-04 05:46:09    215040    ----a-w-    C:\Windows\System32\winsrv.dll
2013-01-04 04:51:16    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2013-01-04 04:43:21    44032    ----a-w-    C:\Windows\apppatch\acwow64.dll
2013-01-04 03:26:48    3153408    ----a-w-    C:\Windows\System32\win32k.sys
2013-01-04 02:47:35    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2013-01-04 02:47:34    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2013-01-04 02:47:34    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2013-01-04 02:47:33    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2013-01-03 06:00:54    1913192    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-01-03 06:00:42    288088    ----a-w-    C:\Windows\System32\drivers\FWPKCLNT.SYS
.
============= FINISH: 18:11:32.17 ===============
 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,422 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:36 AM

Posted 30 March 2013 - 03:59 PM

Greetings and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, do not use the StartNewTopic.gif button but use the AddReply.gif button instead.
  • In the upper right hand corner of the topic you will see the WatchTopic.gif button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. After reviewing the informtion you provided I would like you to consider and perform the following for me please.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have Bit Torrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Bit Torrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Running TDSSKiller with Changed Parameters

--------------------
  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters

tds2.jpg

  • Check Loaded Modules and Detect TDLFS file system. Do not check Verify file digital signatures (even though it is checked in the example)
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now

2012081514h0118.png

  • Click Start Scan and allow the scan process to run

tds4-1.jpg

  • If threats are detected select Skip for all of them unless I instruct you otherwise
  • Click Continue

tds6.jpg

  • Click Reboot computer
  • Please zip and attach in your reply the TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • TDSSKiller zip file

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#3 Zeffear

Zeffear
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:36 AM

Posted 01 April 2013 - 10:15 PM

Thanks for responding Gary!

 

I uninstalled Bittorrent like you asked

didnt know it can cause huge problems like that

 

this is my first time compressing a file hope i did this right xD

 


Attached File  TDSSKiller.2.8.16.0_01.04.2013_23.04.21_log.zip   76.42KB   2 downloads



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,422 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:36 AM

Posted 01 April 2013 - 10:18 PM

Greetings and welcome. You did it perfectly!

I will review it now and post back soon. :thumbup2:


Edited by Oh My, 01 April 2013 - 10:20 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,422 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:36 AM

Posted 01 April 2013 - 10:22 PM

Greetings,

That report looks good. Rather than have you try to pull up a previous RogueKiller log could you please run it again and post the results. Please let me know what entries you have seen before.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#6 Zeffear

Zeffear
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:36 AM

Posted 02 April 2013 - 08:06 AM

Hey Gary

 

The DisableRegistryTools kept popping up as well as another one that said disableTaskMgr but it's not here now both of them came back even after deletion

 

Here's the log

 

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Johnny [Admin rights]
Mode : Scan -- Date : 04/02/2013 08:33:40
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1    localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9500423AS +++++
--- User ---
[MBR] dd57671da17b7f3e7d81b38330fe618f
[BSP] 826e79c3c357c8c0445baab6fff4d2cd : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 20206 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 41463808 | Size: 456693 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[6]_S_04022013_02d0833.txt >>
RKreport[1]_D_03252013_02d0939.txt ; RKreport[2]_S_03272013_02d1422.txt ; RKreport[3]_S_03272013_02d1711.txt ; RKreport[4]_S_03272013_02d1728.txt ; RKreport[5]_S_03282013_02d1835.txt ;
RKreport[6]_S_04022013_02d0833.txt


 



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,422 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:36 AM

Posted 02 April 2013 - 08:44 AM

Greetings,

That entry in RogueKiller is of no concern.

Let's run the below programs. Please do this for me.

===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click screen317sSecurityCheck.jpg icon
  • Click OK
  • Select Run
  • Press any key to start the program
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on Delete
  • Confirm each time with OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[S1].txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Run Combofix in Vista/7

--------------------

Combofix is a very powerful tool and special attention must be taken to allow it to work properly. Please pay careful attention to the following instructions.

sUBs, the author of Combofix, recommends you to uninstall AVG or CA Internet Security before running the program. If you have either of these programs on your computer please uninstall them using AppRemover which can be downloaded here. We will be sure to reinstall the Antivirus program once we are finished using Combofix.
  • Please download ComboFix from one of these locations:

BleepingComputer
ForoSpyware

  • Save Combofix.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts. It is important you do not mouseclick while the program is running or it may stall.
Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.
  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue

If Combofix fails to run properly using the above instructions please attempt the following:
  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Security Check log
  • AdwCleaner log
  • Junkware log
  • Combofix log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#8 Zeffear

Zeffear
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:36 AM

Posted 04 April 2013 - 03:49 PM

Hi Gary,

 

Here are the logs:

 

screen317's security check:

 Results of screen317's Security Check version 0.99.61  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.70.0.1100  
 Java 7 Update 17  
 Adobe Flash Player 11.6.602.180  
 Adobe Reader XI  
 Mozilla Firefox (19.0.2)
 Google Chrome 25.0.1364.172  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 6%
````````````````````End of Log``````````````````````
 

AdwCleaner:

# AdwCleaner v2.200 - Logfile created 04/03/2013 at 17:34:21
# Updated 02/04/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Johnny - JOHNNY-PC
# Boot Mode : Normal
# Running from : C:\Users\Johnny\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Users\Johnny\AppData\Roaming\Mozilla\Firefox\Profiles\qwlo93k5.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R16].txt - [804 octets] - [03/04/2013 17:33:43]
AdwCleaner[R17].txt - [864 octets] - [03/04/2013 17:34:01]
AdwCleaner[S5].txt - [795 octets] - [03/04/2013 17:34:21]

########## EOF - C:\AdwCleaner[S5].txt - [854 octets] ##########
 

Junkware Removal Tool:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.1 (04.03.2013:1)
OS: Windows 7 Home Premium x64
Ran by Johnny on Wed 04/03/2013 at 17:38:02.85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\billp studios\detected\startup



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Johnny\AppData\Roaming\mozilla\firefox\profiles\qwlo93k5.default\minidumps [9 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 04/03/2013 at 17:46:42.31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Combofix:

ComboFix 13-04-02.01 - Johnny 04/03/2013  18:38:04.3.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4044.2659 [GMT -4:00]
Running from: c:\users\Johnny\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-03-03 to 2013-04-03  )))))))))))))))))))))))))))))))
.
.
2013-04-03 22:44 . 2013-04-03 22:44    --------    d-----w-    c:\users\UpdatusUser\AppData\Local\temp
2013-04-03 22:44 . 2013-04-03 22:44    --------    d-----w-    c:\users\UpdatusUser.Johnny-PC\AppData\Local\temp
2013-04-03 22:44 . 2013-04-03 22:44    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-03-25 16:05 . 2013-03-25 16:05    208216    ----a-w-    c:\windows\system32\drivers\66335283.sys
2013-03-24 19:21 . 2013-03-24 19:21    --------    d-----w-    c:\users\Johnny\AppData\Local\Razer
2013-03-24 19:21 . 2013-03-24 19:21    --------    d-----w-    c:\programdata\Razer
2013-03-24 19:07 . 2013-03-24 19:07    73432    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-24 19:07 . 2013-03-24 19:07    693976    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-24 19:01 . 2013-03-24 19:01    --------    d-----w-    c:\program files (x86)\Common Files\Adobe
2013-03-24 18:13 . 2012-08-23 08:19    4916224    ----a-w-    c:\windows\SysWow64\mstscax.dll
2013-03-24 18:13 . 2012-08-23 08:13    5773824    ----a-w-    c:\windows\system32\mstscax.dll
2013-03-24 18:08 . 2013-03-24 18:08    --------    d-----w-    c:\program files\CCleaner
2013-03-24 17:47 . 2012-12-14 20:49    24176    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-03-24 17:47 . 2013-03-24 17:48    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-24 17:47 . 2012-11-29 20:56    972264    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2666109B-A30D-4BB0-827C-B012E7E5EE16}\gapaengine.dll
2013-03-24 17:47 . 2012-08-24 18:05    340992    ----a-w-    c:\windows\system32\schannel.dll
2013-03-24 17:47 . 2012-08-24 16:57    247808    ----a-w-    c:\windows\SysWow64\schannel.dll
2013-03-24 17:47 . 2012-08-24 18:13    154480    ----a-w-    c:\windows\system32\drivers\ksecpkg.sys
2013-03-24 17:47 . 2012-08-24 18:09    458712    ----a-w-    c:\windows\system32\drivers\cng.sys
2013-03-24 17:47 . 2012-08-24 18:03    1448448    ----a-w-    c:\windows\system32\lsasrv.dll
2013-03-24 17:47 . 2012-08-24 16:57    22016    ----a-w-    c:\windows\SysWow64\secur32.dll
2013-03-24 17:47 . 2012-08-24 16:53    96768    ----a-w-    c:\windows\SysWow64\sspicli.dll
2013-03-24 17:47 . 2013-02-12 04:12    19968    ----a-w-    c:\windows\system32\drivers\usb8023.sys
2013-03-23 15:46 . 2013-03-23 15:46    --------    d-----w-    C:\found.000
2013-03-21 20:15 . 2013-03-21 20:15    --------    d-----w-    c:\users\Johnny\AppData\Local\ElevatedDiagnostics
2013-03-21 19:58 . 2013-03-21 19:58    --------    d-----w-    c:\users\Johnny\AppData\Roaming\SUPERAntiSpyware.com
2013-03-21 19:57 . 2013-03-24 18:10    --------    d-----w-    c:\program files\SUPERAntiSpyware
2013-03-21 19:57 . 2013-03-21 19:57    --------    d-----w-    c:\programdata\SUPERAntiSpyware.com
2013-03-20 21:54 . 2013-03-27 21:07    --------    d-----w-    c:\windows\ERUNT
2013-03-20 21:54 . 2013-04-03 21:37    --------    d-----w-    C:\JRT
2013-03-20 21:02 . 2013-03-24 18:30    --------    d-----w-    c:\program files (x86)\Google
2013-03-18 20:29 . 2013-03-24 21:05    --------    d-----w-    C:\TDSSKiller_Quarantine
2013-03-16 21:43 . 2013-03-16 21:43    --------    d-----w-    c:\users\Johnny\dwhelper
2013-03-16 12:48 . 2013-03-16 12:48    --------    d-----w-    c:\programdata\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-03-16 12:47 . 2013-03-16 12:47    --------    d-----w-    c:\program files (x86)\Grinding Gear Games
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-02 10:34 . 2010-11-21 03:27    282744    ------w-    c:\windows\system32\MpSigStub.exe
2013-03-27 21:41 . 2012-07-22 20:42    861088    ----a-w-    c:\windows\SysWow64\npDeployJava1.dll
2013-03-27 21:41 . 2011-09-09 02:07    782240    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2013-03-14 01:49 . 2012-02-29 20:59    72013344    ----a-w-    c:\windows\system32\MRT.exe
2013-02-12 05:45 . 2013-03-13 20:22    135168    ----a-w-    c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 20:22    350208    ----a-w-    c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 20:22    308736    ----a-w-    c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 20:22    111104    ----a-w-    c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 20:22    474112    ----a-w-    c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 20:22    2176512    ----a-w-    c:\windows\apppatch\AcGenral.dll
2013-01-20 20:59 . 2013-01-20 20:59    230320    ----a-w-    c:\windows\system32\drivers\MpFilter.sys
2013-01-20 20:59 . 2011-04-27 19:25    130008    ----a-w-    c:\windows\system32\drivers\NisDrvWFP.sys
2013-01-05 05:53 . 2013-02-13 22:25    5553512    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-01-05 05:00 . 2013-02-13 22:25    3967848    ----a-w-    c:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-13 22:25    3913064    ----a-w-    c:\windows\SysWow64\ntoskrnl.exe
2013-01-04 05:46 . 2013-02-13 22:24    215040    ----a-w-    c:\windows\system32\winsrv.dll
2013-01-04 04:51 . 2013-02-13 22:24    5120    ----a-w-    c:\windows\SysWow64\wow32.dll
2013-01-04 04:43 . 2013-02-13 22:24    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2013-01-04 03:26 . 2013-02-13 22:24    3153408    ----a-w-    c:\windows\system32\win32k.sys
2013-01-04 02:47 . 2013-02-13 22:24    25600    ----a-w-    c:\windows\SysWow64\setup16.exe
2013-01-04 02:47 . 2013-02-13 22:24    7680    ----a-w-    c:\windows\SysWow64\instnm.exe
2013-01-04 02:47 . 2013-02-13 22:24    2048    ----a-w-    c:\windows\SysWow64\user.exe
2013-01-04 02:47 . 2013-02-13 22:24    14336    ----a-w-    c:\windows\SysWow64\ntvdm64.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AlienwareOn-ScreenDisplay"="c:\program files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe" [2011-01-10 1545584]
"Integrated Webcam Live! Central"="c:\program files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe" [2011-04-13 503942]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-10-17 284440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.f
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 cpuz134;cpuz134;c:\users\Johnny\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2011-05-04 158976]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 rspLLL;rspLLL;c:\windows\system32\DRIVERS\rspLLL64.sys [2012-07-22 24672]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-17 1255736]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]
R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
R4 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2011-02-01 98208]
R4 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe [2011-01-13 15296]
R4 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
R4 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R4 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R4 SftService;SoftThinks Agent Service;c:\program files (x86)\AlienRespawn\sftservice.EXE [2011-08-18 1692480]
S0 EMSC;COMPAL Embedded System Control;c:\windows\system32\DRIVERS\EMSC.SYS [2009-06-26 16752]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-10-02 30056]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]
S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [2012-10-02 284008]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-17 13592]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-12-27 27760]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-05-04 317440]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-12-26 76912]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-03-04 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-03-04 181760]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-02-03 333928]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-24 19:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 703088]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584]
"Command Center Controllers"="c:\program files\Alienware\Command Center\AWCCStartupOrchestrator.exe" [2011-01-13 13256]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-01 6602856]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-02-01 2186856]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://AlienwareArena.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 10.128.128.128
FF - ProfilePath - c:\users\Johnny\AppData\Roaming\Mozilla\Firefox\Profiles\qwlo93k5.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxps://www.google.com/webhp?hl=en&tab=ww
FF - ExtSQL: 2013-03-16 17:35; {b9db16a4-6edc-47ec-a1f4-b86292ed211d}; c:\users\Johnny\AppData\Roaming\Mozilla\Firefox\Profiles\qwlo93k5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-BitTorrent - c:\program files (x86)\BitTorrent\BitTorrent.exe
SafeBoot-64803910.sys
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
   aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:2f,44,e5,88,d8,74,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e4,07,ea,f7,58,4e,a8,4a,9e,6a,35,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e4,07,ea,f7,58,4e,a8,4a,9e,6a,35,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-04-03  18:46:56
ComboFix-quarantined-files.txt  2013-04-03 22:46
.
Pre-Run: 325,345,705,984 bytes free
Post-Run: 325,277,515,776 bytes free
.
- - End Of File - - A2A799D705FACC9AA3DC4BEF0045A9C9
 



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,422 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:36 AM

Posted 04 April 2013 - 05:23 PM

Greetings,

Your logs actually look very nice and there is nothing of concern. The RKill FontCache information is of no concern and is not related to any malware issues.

Is there anything else you are concerned about?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#10 Zeffear

Zeffear
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:36 AM

Posted 05 April 2013 - 04:39 PM

That's good to hear,

 

I don't think I have anything else I'm worrying about at the moment

Thanks for the help!



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,422 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:36 AM

Posted 05 April 2013 - 05:07 PM

Great.

Please allow me to provide some information for your review. Most of it you probably already know but maybe some of the other information might be of interest.

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean

--------------

Your machine appears to be clean. Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Please do the following to remove some of the tools we used during our time together: Following this step you may remove any other remaining tools or logs.


Delete the tools used during the disinfection:
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time. In the run box type combofix /uninstall, then press OK.

run-box.jpg

  • This will remove Combofix and other tools we used from your computer.
Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read: Simple and easy ways to keep your computer safe and secure on the Internet.


In addition, here are some more links you might find of interest:I will leave this topic open for just a couple of days in case you have any further issues then it will be closed shortly thereafter.

Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,422 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:36 AM

Posted 07 April 2013 - 07:01 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users