Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible rootkit infection. Sent here from the Am I infected? forums.


  • This topic is locked This topic is locked
25 replies to this topic

#1 Vicki m

Vicki m

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 17 June 2013 - 01:39 AM

Hi there, I have been being helped by noknojon at the Am I infected forums and been sent here.
My laptop is very slow, it often stalls/freezes, loses internet connection regularly and constantly getting pop ups. After one of the scans noknojona asked me to run it will not connect to the internet at all.
Here is a link to that thread. http://www.bleepingcomputer.com/forums/t/498109/slow-pc-loads-of-pop-ups-virus/

I will to attach DDS logs shortly, I'm attempting to use my phone as a Usb.

Thank you
Vicki.

BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:22 AM

Posted 17 June 2013 - 02:52 AM

Hi there,
my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 Vicki m

Vicki m
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 17 June 2013 - 05:13 AM

Hi Marius,
Thanks for replying so quickly. I will try and get the DDS log up within the next few hours.

Thanks, Vicki.

#4 Vicki m

Vicki m
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 17 June 2013 - 12:39 PM

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16618 BrowserJavaVersion: 10.21.2
Run by Vicki at 18:31:00 on 2013-06-17
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2807.936 [GMT 1:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\Launch Manager\LMutilps32.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\iDumpPro\NMSAccessU.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\igfxext.exe
C:\Users\Vicki\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk
uDefault_Page_URL = hxxp://acer.msn.com
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Download and Sa Class: {2F98B57D-2291-64B3-1552-032879F55A86} - LocalServer32 - <no file>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [Spotify Web Helper] "C:\Users\Vicki\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Spotify] "C:\Users\Vicki\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} - hxxp://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.tescophoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
TCP: NameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{7D64A76D-21FF-461F-A2DD-B0B6079661E2} : NameServer = 208.122.23.22,208.122.23.23
TCP: Interfaces\{7D64A76D-21FF-461F-A2DD-B0B6079661E2} : DHCPNameServer = 194.168.4.100 194.168.8.100
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\Windows\SysWOW64\guard32.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
x64-Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Vicki\AppData\Roaming\Mozilla\Firefox\Profiles\r21sgf2v.default\
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - ExtSQL: 2013-05-24 09:56; leethax@leethax.net; C:\Users\Vicki\AppData\Roaming\Mozilla\Firefox\Profiles\r21sgf2v.default\extensions\leethax@leethax.net.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdGuard.sys [2012-3-11 584056]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2012-3-11 38144]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2011-7-20 22648]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2011-7-20 20520]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2011-7-20 62776]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-12 140672]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-2-7 822624]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-7-20 353360]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-10-22 872552]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-1-18 29696]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-7-20 13336]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-4-24 256832]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-10-14 994360]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-7-20 2320920]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2011-7-20 142632]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-7-20 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-7-20 158976]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-1-17 412712]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfswin7.sys [2011-10-1 765288]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaywin7.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirwin7.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvolwin7.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2013-6-4 2095752]
S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-4-2 173424]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 130008]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
S3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-6-15 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-7-20 243712]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-6-15 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-6-15 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-24 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2013-06-16 18:22:17 0 ----a-w- C:\Windows\SysWow64\sho9DB6.tmp
2013-06-16 17:35:41 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8BB438F7-506C-49A1-933A-8BEFFEB3ED8A}\offreg.dll
2013-06-16 17:34:39 9460464 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8BB438F7-506C-49A1-933A-8BEFFEB3ED8A}\mpengine.dll
2013-06-16 11:56:52 -------- d-----w- C:\Users\Vicki\Doctor Web
2013-06-16 10:08:09 0 ----a-w- C:\Windows\SysWow64\sho64E7.tmp
2013-06-15 06:27:51 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-15 03:56:29 -------- d-----w- C:\Windows\System32\%LOCALAPPDATA%
2013-06-15 03:49:39 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2013-06-15 03:49:39 366592 ----a-w- C:\Windows\System32\qdvd.dll
2013-06-15 03:49:37 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-06-15 03:49:36 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
2013-06-15 03:49:36 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-06-15 03:49:36 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-06-15 03:49:35 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-06-15 03:49:35 1448448 ----a-w- C:\Windows\System32\lsasrv.dll
2013-06-15 03:49:34 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-06-15 03:35:08 0 ----a-w- C:\Windows\SysWow64\shoCC92.tmp
2013-06-15 03:22:42 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-15 03:08:05 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2013-06-15 03:07:19 -------- d-----w- C:\Program Files\iPod
2013-06-15 03:07:15 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-15 03:07:15 -------- d-----w- C:\Program Files\iTunes
2013-06-15 02:44:51 0 ----a-w- C:\Windows\SysWow64\sho7FD.tmp
2013-06-14 20:02:02 964552 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E2F23D70-CFDB-4077-932D-000BFA18DFBE}\gapaengine.dll
2013-06-14 20:01:43 9460464 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-12 15:16:20 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-05-27 07:41:29 262552 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-05-27 07:40:47 193824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2013-05-27 07:40:32 920472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
2013-05-27 07:40:32 59288 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libEGL.dll
2013-05-27 07:40:32 478104 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libGLESv2.dll
2013-05-27 07:40:32 3076504 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2013-05-27 07:40:32 279448 ----a-w- C:\Program Files (x86)\Mozilla Firefox\freebl3.dll
2013-05-27 07:40:32 117144 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2013-05-27 07:40:31 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2013-05-27 07:40:31 116120 ----a-w- C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe
2013-05-27 07:40:30 74136 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2013-05-27 07:40:30 19352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll
.
==================== Find3M ====================
.
2013-06-15 03:22:42 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-12 15:14:23 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 15:14:23 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-05 18:07:48 47368 ----a-w- C:\Windows\SysWow64\certsentry.dll
2013-06-05 18:07:43 56072 ----a-w- C:\Windows\System32\certsentry.dll
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-26 05:51:36 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-04-25 23:30:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-12
2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-04-04 13:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-03-31 22:52:16 1887232 ----a-w- C:\Windows\System32\d3d11.dll
.
============= FINISH: 18:31:56.67 ===============

Attached Files


Edited by Vicki m, 17 June 2013 - 01:58 PM.


#5 Vicki m

Vicki m
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 17 June 2013 - 12:43 PM

I haven't backed up my data yet, I thought there was usually a partition of the hard drive to do it on, but I can only figure out how to do it externally, and I don't have anything that will store that amount of data at the moment.

Vicki.

Edited by Vicki m, 17 June 2013 - 02:03 PM.


#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:22 AM

Posted 18 June 2013 - 02:52 AM

Please download Malwarebytes Anti-Rootkit from here Malwarebytes : Malwarebytes Anti-Rootkit and save it to your desktop.

Be sure to print out and follow the instructions provided on that same page.

Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.

  • Double click the mbar.zip file to open it, then 'Extract all files'.
  • Double click the mbar folder to open it, then double click mbar.exe to start the tool.

Check for Updates, then Scan your system for malware

If malware is found, do NOT press the Cleanup button yet. Click EXIT.

I'd like to see the log first so I can see what it sees. You'll find the log in that mbar folder as MBAR-log-<date and time>***.txt . Please attach that to your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 Vicki m

Vicki m
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 18 June 2013 - 04:15 AM

Ran the scan, and no threats were detected, but at the start of the scan I got this message..

Probable rootkit activity detected

Registry value "AppInit_Dlls" has been found, which may be caused by rootkit activity.

Note: Press "No" button if you're not sure. If the tool crashes or terminates unexpectedly during a system scan, restart the tool and press "Yes" should this message appear again.

Do you want to remove this value and restart the tool?
Yes No




I pressed no, and as I said no threats were detected. Should I still post the log?

Vicki.

#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:22 AM

Posted 18 June 2013 - 04:21 AM

Yes, please post it up


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 Vicki m

Vicki m
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 18 June 2013 - 04:26 AM

Malwarebytes Anti-Rootkit BETA 1.06.0.1003

www.malwarebytes.org



Database version: v2013.05.07.10



Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16618

Vicki :: VICKI-PC [administrator]



18/06/2013 09:36:30

mbar-log-2013-06-18 (09-36-30).txt



Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P

Scan options disabled: Deep Anti-Rootkit Scan | PUP

Objects scanned: 247580

Time elapsed: 26 minute(s), 24 second(s)



Memory Processes Detected: 0

(No malicious items detected)



Memory Modules Detected: 0

(No malicious items detected)



Registry Keys Detected: 0

(No malicious items detected)



Registry Values Detected: 0

(No malicious items detected)



Registry Data Items Detected: 0

(No malicious items detected)



Folders Detected: 0

(No malicious items detected)



Files Detected: 0

(No malicious items detected)



Physical Sectors Detected: 0

(No malicious items detected)



(end)

#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:22 AM

Posted 18 June 2013 - 04:33 AM

Combofix


Combofix should only be run when adviced by a team member!


Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 Vicki m

Vicki m
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 18 June 2013 - 10:43 AM

Combofix Report..

 

ComboFix 13-06-17.01 - Vicki 18/06/2013  10:57:49.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.2807.1468 [GMT 1:00]
Running from: C:\Users\Vicki\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Users\Vicki\AppData\Roaming\Microsoft\~DFK1f5e2002.tmp
C:\Users\Vicki\AppData\Roaming\Microsoft\1eaadjc.dll
C:\Users\Vicki\AppData\Roaming\Microsoft\kfgresk.dll
C:\Users\Vicki\AppData\Roaming\Microsoft\mjcriu.dll
C:\Users\Vicki\AppData\Roaming\Microsoft\peaadje.dll
C:\Users\Vicki\AppData\Roaming\Microsoft\qwadjb.dll
C:\Users\Vicki\AppData\Roaming\Microsoft\rsaadjd.dll
C:\Windows\SysWow64\DEBUG.log
C:\Windows\wininit.ini

(((((((((((((((((((((((((   Files Created from 2013-05-18 to 2013-06-18  )))))))))))))))))))))))))))))))

2013-06-18 10:11:11 . 2013-06-18 10:11:11 -------- d-----w- C:\Users\Default\AppData\Local\temp
2013-06-18 09:00:35 . 2013-06-12 03:08:52 9552976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D00B7BFC-F112-44E6-8ACA-D5EE2F9B4472}\mpengine.dll
2013-06-18 08:36:25 . 2013-06-18 09:03:15 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-06-18 08:33:52 . 2013-06-18 08:33:52 -------- d-----w- C:\Users\Vicki\IOption
2013-06-16 18:22:17 . 2013-06-16 18:22:17 0 ----a-w- C:\Windows\SysWow64\sho9DB6.tmp
2013-06-16 17:34:39 . 2013-05-13 06:37:50 9460464 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-16 11:56:52 . 2013-06-16 11:56:52 -------- d-----w- C:\Users\Vicki\Doctor Web
2013-06-16 10:08:09 . 2013-06-16 10:08:09 0 ----a-w- C:\Windows\SysWow64\sho64E7.tmp
2013-06-15 06:29:31 . 2013-06-15 06:29:31 -------- d-----w- C:\Users\Vicki\AppData\Roaming\Oracle
2013-06-15 06:28:19 . 2013-06-15 06:28:19 -------- d-----w- C:\Program Files (x86)\Common Files\Java
2013-06-15 06:27:51 . 2013-04-04 04:35:05 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-15 03:59:38 . 2013-06-15 03:59:38 -------- d-----w- C:\Users\Default\AppData\Local\Google
2013-06-15 03:56:29 . 2013-06-15 03:56:29 -------- d-----w- C:\Windows\system32\%LOCALAPPDATA%
2013-06-15 03:49:39 . 2012-05-04 11:00:43 366592 ----a-w- C:\Windows\system32\qdvd.dll
2013-06-15 03:49:39 . 2012-05-04 09:59:54 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2013-06-15 03:49:37 . 2012-08-24 18:05:03 340992 ----a-w- C:\Windows\system32\schannel.dll
2013-06-15 03:49:36 . 2012-08-24 18:13:17 154480 ----a-w- C:\Windows\system32\drivers\ksecpkg.sys
2013-06-15 03:49:36 . 2012-08-24 18:09:34 458712 ----a-w- C:\Windows\system32\drivers\cng.sys
2013-06-15 03:49:36 . 2012-08-24 16:57:40 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-06-15 03:49:35 . 2012-08-24 18:03:09 1448448 ----a-w- C:\Windows\system32\lsasrv.dll
2013-06-15 03:49:35 . 2012-08-24 16:57:40 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-06-15 03:49:34 . 2012-08-24 16:53:35 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-06-15 03:35:08 . 2013-06-15 03:35:08 0 ----a-w- C:\Windows\SysWow64\shoCC92.tmp
2013-06-15 03:22:42 . 2013-06-15 03:22:42 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-15 03:08:05 . 2012-08-21 12:01:20 33240 ----a-w- C:\Windows\system32\drivers\GEARAspiWDM.sys
2013-06-15 03:07:19 . 2013-06-15 03:07:19 -------- d-----w- C:\Program Files\iPod
2013-06-15 03:07:15 . 2013-06-15 03:08:03 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-15 03:07:15 . 2013-06-15 03:07:59 -------- d-----w- C:\Program Files\iTunes
2013-06-15 03:06:38 . 2013-06-15 03:06:38 -------- d-----w- C:\Users\Default\AppData\Roaming\Apple Computer
2013-06-15 03:06:38 . 2013-06-15 03:06:38 -------- d-----w- C:\Users\Default\AppData\Local\Apple Computer
2013-06-15 02:44:51 . 2013-06-15 02:44:51 0 ----a-w- C:\Windows\SysWow64\sho7FD.tmp
2013-06-14 20:02:02 . 2013-05-21 20:09:40 964552 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E2F23D70-CFDB-4077-932D-000BFA18DFBE}\gapaengine.dll
2013-06-12 15:16:20 . 2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\system32\drivers\tcpip.sys
.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

2013-06-13 15:30:47 . 2012-04-27 21:26:38 75825640 ----a-w- C:\Windows\system32\MRT.exe
2013-06-12 15:14:23 . 2012-08-10 10:01:24 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 15:14:23 . 2012-08-10 10:01:24 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-05 18:07:48 . 2013-03-12 20:49:21 47368 ----a-w- C:\Windows\SysWow64\certsentry.dll
2013-06-05 18:07:43 . 2013-03-12 20:49:21 56072 ----a-w- C:\Windows\system32\certsentry.dll
2013-05-21 20:09:40 . 2012-06-13 20:10:09 964552 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-05-17 11:35:50 . 2010-06-24 18:33:56 22240 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 15:29:56 . 2010-11-21 03:27:21 278800 ------w- C:\Windows\system32\MpSigStub.exe
2013-04-13 05:49:23 . 2013-05-16 11:58:35 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 . 2013-05-16 11:58:35 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 . 2013-05-16 11:58:35 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 . 2013-05-16 11:58:35 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 . 2013-05-16 11:58:35 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 . 2013-05-16 11:58:35 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08 . 2013-04-23 18:25:48 1656680 ----a-w- C:\Windows\system32\drivers\ntfs.sys
2013-04-10 06:01:54 . 2013-05-16 11:58:37 265064 ----a-w- C:\Windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01:53 . 2013-05-16 11:58:37 983400 ----a-w- C:\Windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30:50 . 2013-05-16 11:58:13 3153920 ----a-w- C:\Windows\system32\win32k.sys
2013-04-04 13:50:32 . 2012-04-22 21:40:54 25928 ----a-w- C:\Windows\system32\drivers\mbam.sys

 

 

 

 

 

 

 

After this the laptop is able to connect to the internet again!

 

Vicki.



#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:22 AM

Posted 18 June 2013 - 11:57 PM

Fine - let´s check some other things:

 

 

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

 

 

 

 

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 Vicki m

Vicki m
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 19 June 2013 - 01:44 AM

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.19.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
Vicki :: VICKI-PC [administrator]

19/06/2013 07:39:20
mbam-log-2013-06-19 (07-39-20).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 210204
Time elapsed: 4 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:22 AM

Posted 19 June 2013 - 01:47 AM

Good, post up the log of Farbar´s Service Scanner as well


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#15 Vicki m

Vicki m
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:06:22 AM

Posted 19 June 2013 - 01:50 AM

Farbar Service Scanner Version: 16-06-2013
Ran by Vicki (administrator) on 19-06-2013 at 07:45:42
Running from "C:\Users\Vicki\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-06-12 16:16] - [2013-05-08 07:39] - 1910632 ____A (Microsoft Corporation) 9849EA3843A2ADBDD1497E97A85D8CAE

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2013-06-12 16:15] - [2013-05-13 06:51] - 0184320 ____A (Microsoft Corporation) D8129C49798CBBFB2E4351D4B7B8EF9C

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****



I keep getting this message:

 

Security alert.

 

You are about to leave a secure Internet connection. It will be possible for others to view information you send.

Do you want to continue?

Yes No


I keep pressing no, which I hope is right.
Vicki.


Edited by Vicki m, 19 June 2013 - 01:52 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users