Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus has affected my computer.


  • This topic is locked This topic is locked
2 replies to this topic

#1 Kushal Naidu

Kushal Naidu

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 25 April 2014 - 12:04 AM

This virus is preventing me from running comand prompt in safe mode too, so i really dont know how to remove this virus.

I just went thourhgh the other questions posted on this and i noticed u want us to run a FRST.exe and give log results so here is mine for the scan and search of the services.exe.

 

Log of FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-04-2014
Ran by SYSTEM on MININT-88OMGPB on 25-04-2014 10:19:30
Running from D:\
Windows 8 Pro with Media Center (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.


The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [159456 2011-08-04] (Microsoft Corporation)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM\...\Run: [AVP] => C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\runner_avp.exe [24504 2013-01-13] (Kaspersky Lab ZAO)
HKLM\...\Run: [NotebookHardwareControl] => C:\Program Files\Notebook Hardware Control\nhc.exe [2629632 2007-05-04] (http://www.pbus-167.com)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-05] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-21] (Adobe Systems Incorporated)
HKLM\...\Run: [RaidCall] => C:\Program Files\RaidCall\raidcall.exe [3448504 2013-03-14] (RAIDCALL.COM)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Wondershare Helper Compact] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1694208 2013-05-03] (Wondershare)
HKLM\...\Run: [mobilegeni daemon] => C:\Program Files\Mobogenie\DaemonProcess.exe
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-01] (Oracle Corporation)
HKLM\...\Run: [Energy Management] => C:\Program Files\Lenovo\Energy Management\Energy Management.exe [15439416 2012-07-31] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files\Lenovo\Energy Management\Utility.exe [181840 2012-07-30] (Lenovo(beijing) Limited)
HKLM\...\Run: [RazerGameBooster] => C:\Program Files\Razer\Razer Game Booster\RazerGameBooster.exe [61152 2014-02-25] (Razer Inc.)
HKLM\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [3814736 2014-02-26] (LogMeIn Inc.)
HKU\Kushal Naidu\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [3825232 2013-11-24] (Tonec Inc.)
HKU\Kushal Naidu\...\Run: [Facebook Update] => C:\Users\Kushal Naidu\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-04-11] (Facebook Inc.)
HKU\Kushal Naidu\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\Kushal Naidu\...\Run: [TBHostSupport] => "C:\Windows\system32\Rundll32.exe" "C:\Users\Kushal Naidu\AppData\Local\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin <===== ATTENTION
HKU\Kushal Naidu\...\Run: [Taskbar Hide] => C:\Program Files\Taskbar Hide\TaskBar.exe [1177088 2012-11-11] ()
HKU\Kushal Naidu\...\Run: [AdobeBridge] => [X]
HKU\Kushal Naidu\...\Run: [f.lux] => C:\Users\Kushal Naidu\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\Kushal Naidu\...\Policies\system: [DisableTaskmgr] 1
HKU\Kushal Naidu\...\Policies\system: [DisableLockWorkstation] 1
HKU\Kushal Naidu\...\Policies\system: [DisableCMD] 1
HKU\Kushal Naidu\...\Policies\system: [HideFastUserSwitching] 1
HKU\Kushal Naidu\...\Policies\Explorer: [NoClose] 1
HKU\Kushal Naidu\...\Policies\Explorer: [NoLogoff] 1
IFEO\cmd.exe: [Debugger] twunk_16.exe
IFEO\msconfig.exe: [Debugger] twunk_16.exe
IFEO\regedit.exe: [Debugger] twunk_16.exe
IFEO\rstrui.exe: [Debugger] twunk_16.exe
IFEO\taskmgr.exe: [Debugger] twunk_16.exe
Startup: C:\Users\Kushal Naidu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)
Startup: C:\Users\Kushal Naidu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MouseFix - Shortcut.lnk
ShortcutTarget: MouseFix - Shortcut.lnk ->  (No File)
Startup: C:\Users\Kushal Naidu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Virtual Router Manager.lnk
ShortcutTarget: Virtual Router Manager.lnk -> C:\Users\Kushal Naidu\AppData\Roaming\Microsoft\Installer\{BE905C46-2B34-4D73-AEE1-769ED138E0FF}\_118D1A4EFFA6998C3492EB.exe ()

========================== Services (Whitelisted) =================

S2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356128 2013-10-09] (Kaspersky Lab ZAO)
S2 AzBusFixService; C:\Windows\system32\AzBusMon.exe [60928 2009-04-28] (Conexant Systems, Inc.)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [1668136 2011-12-15] (Broadcom Corporation.)
S2 RzKLService; C:\Program Files\Razer\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14480 2013-10-24] (Microsoft Corporation)
S2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [496640 2014-03-13] (Cherished Technololgy LIMITED)
S3 OpenVPNService; "C:\Program Files\OpenVPN\bin\openvpnserv.exe" [X]
S2 ThinixWiFiHotspot; "C:\Program Files\Thinix\Thinix WiFi Hotspot\ThinixWiFiHotspotWindowsService.exe" [X]
S2 Virtual Router; "C:\Program Files\Virtual Router\VirtualRouterService.exe" [X]

==================== Drivers (Whitelisted) ====================

S3 ACPIVPC; C:\Windows\System32\drivers\AcpiVpc.sys [26392 2012-05-14] (Lenovo Corporation)
S3 androidusb; C:\Windows\System32\Drivers\wsadb.sys [34216 2013-06-21] (Google Inc)
S1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [24576 2012-07-25] (Microsoft Corporation)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63.sys [4704256 2012-06-02] (Broadcom Corporation)
S0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
S3 hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [38920 2014-04-14] (LogMeIn Inc.)
S0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2013-12-10] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [24496 2012-07-27] (Kaspersky Lab)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [566880 2013-10-09] (Kaspersky Lab ZAO)
S1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [25696 2013-12-10] (Kaspersky Lab ZAO)
S3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [25696 2013-10-09] (Kaspersky Lab ZAO)
S3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [25696 2013-10-09] (Kaspersky Lab ZAO)
S1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [43280 2013-04-27] (Kaspersky Lab ZAO)
S1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [145040 2013-04-27] (Kaspersky Lab ZAO)
S0 LHDmgr; C:\Windows\System32\DRIVERS\LhdX86.sys [32352 2010-01-15] (Lenovo.)
S3 nhcDriverDevice; C:\Windows\system32\drivers\nhcDriver.sys [22528 2013-03-01] (pBUS-167 Software - http://www.pbus-167.com)
S0 speedfan; C:\Windows\System32\speedfan.sys [25240 2011-03-18] (Almico Software)
S3 tap0901; C:\Windows\system32\DRIVERS\tap0901.sys [31360 2013-02-08] (The OpenVPN Project)
S3 WUDFSensorLP; C:\Windows\system32\DRIVERS\WUDFRd.sys [155136 2012-07-25] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\Windows\system32\DRIVERS\WUDFRd.sys [155136 2012-07-25] (Microsoft Corporation)
S5 klflt; C:\Windows\System32\Drivers\klflt.sys [75872 2013-04-27] (Kaspersky Lab ZAO)
S1 nm3; \SystemRoot\system32\DRIVERS\nm3.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-25 10:18 - 2014-04-25 10:18 - 00000000 _____ () C:\Recovery.txt
2014-04-24 20:03 - 2014-04-25 09:51 - 00000000 ____D () C:\FRST
2014-04-24 05:32 - 2014-04-24 05:32 - 00000028 _____ () C:\Users\Kushal Naidu\Desktop\wdawdadwawdawdawawd.txt
2014-04-22 18:41 - 2014-04-24 20:06 - 00005342 _____ () C:\Windows\System32\PerfStringBackup.TMP
2014-04-22 09:26 - 2014-04-22 09:26 - 00000000 ____D () C:\Users\Others\AppData\Local\LogMeIn
2014-04-22 09:23 - 2014-04-22 23:25 - 00000000 ____D () C:\Users\Others\AppData\Local\LogMeIn Hamachi
2014-04-22 09:23 - 2014-04-22 09:23 - 00000000 ____D () C:\Users\Others\AppData\Local\Google
2014-04-22 09:20 - 2014-04-22 09:23 - 00002201 _____ () C:\Users\Others\Desktop\Google Chrome.lnk
2014-04-22 09:20 - 2014-04-22 09:20 - 00000000 ___RD () C:\Users\Others\Podcasts
2014-04-22 09:19 - 2014-04-22 09:22 - 00000000 ____D () C:\Users\Others\AppData\Roaming\Adobe
2014-04-22 09:19 - 2014-04-22 09:19 - 00000452 __RSH () C:\Users\Others\ntuser.pol
2014-04-22 09:19 - 2014-04-22 09:19 - 00000000 ____D () C:\Users\Others\AppData\Local\VirtualStore
2014-04-22 08:12 - 2014-04-22 08:12 - 00000126 _____ () C:\Users\Kushal Naidu\Desktop\dqfuq.reg
2014-04-22 07:49 - 2014-04-22 07:49 - 00000000 ____D () C:\Users\Kushal Naidu\AppData\Roaming\SpeedyPC Software
2014-04-22 07:49 - 2014-04-22 07:49 - 00000000 ____D () C:\Users\Kushal Naidu\AppData\Roaming\DriverCure
2014-04-22 07:48 - 2014-04-22 07:48 - 00001165 _____ () C:\Users\Kushal Naidu\Desktop\SpeedyPC Pro.lnk
2014-04-22 07:48 - 2014-04-22 07:48 - 00000000 ____D () C:\ProgramData\SpeedyPC Software
2014-04-22 07:48 - 2014-04-22 07:48 - 00000000 ____D () C:\Program Files\SpeedyPC Software
2014-04-22 07:48 - 2014-04-22 07:48 - 00000000 ____D () C:\Program Files\Common Files\SpeedyPC Software
2014-04-22 07:44 - 2014-04-22 07:44 - 00000000 ____D () C:\Windows\XSxS
2014-04-22 07:25 - 2014-04-22 18:48 - 00000076 _____ () C:\Users\Kushal Naidu\Desktop\New Text Document.txt
2014-04-22 07:25 - 2014-04-22 07:25 - 00000117 _____ () C:\Users\Kushal Naidu\Desktop\open.bat
2014-04-21 19:12 - 2014-04-22 07:24 - 00000452 __RSH () C:\Users\Kushal Naidu\ntuser.pol
2014-04-21 19:10 - 2014-04-21 19:10 - 00000000 __RSH () C:\MSDOS.SYS
2014-04-21 19:10 - 2014-04-21 19:10 - 00000000 __RSH () C:\IO.SYS
2014-04-21 10:34 - 2014-04-22 23:25 - 00000000 ____D () C:\users\Others
2014-04-21 10:34 - 2014-04-21 10:34 - 00000020 ___SH () C:\Users\Others\ntuser.ini
2014-04-21 10:34 - 2013-03-18 04:34 - 00000000 ____D () C:\Users\Others\AppData\Roaming\Macromedia
2014-04-21 10:24 - 2014-04-22 19:35 - 00000000 ____D () C:\VideoOutput
2014-04-21 10:24 - 2014-04-21 10:24 - 00001020 _____ () C:\Users\Public\Desktop\PSP Converter.lnk
2014-04-21 10:24 - 2014-04-21 10:24 - 00000000 ____D () C:\Program Files\PSP Converter
2014-04-21 10:10 - 2014-04-21 10:10 - 00000000 ____D () C:\Users\Kushal Naidu\AppData\Roaming\8281
2014-04-21 10:09 - 2014-04-21 10:10 - 35800064 _____ () C:\Users\Kushal Naidu\Downloads\XiliSoft Video Converter Ultimate [Setup + Patch] Latest.rar
2014-04-21 09:46 - 2014-04-21 09:46 - 00002079 _____ () C:\Users\Public\Desktop\Xilisoft PSP Video Converter.lnk
2014-04-21 09:46 - 2014-04-21 09:46 - 00000000 ____D () C:\Users\Kushal Naidu\AppData\Roaming\Xilisoft
2014-04-21 09:46 - 2014-04-21 09:46 - 00000000 ____D () C:\ProgramData\Xilisoft
2014-04-21 02:20 - 2014-04-21 02:47 - 697240698 _____ () C:\Users\Kushal Naidu\Documents\video_4.mp4
2014-04-21 02:20 - 2014-04-21 02:46 - 714072374 _____ () C:\Users\Kushal Naidu\Documents\NowVideo - Just watch it now! _ Flash Video Hosting.mp4
2014-04-21 02:19 - 2014-04-21 02:19 - 00001247 _____ () C:\Users\Public\Desktop\YTD Video Downloader.lnk
2014-04-20 21:06 - 2014-04-20 21:06 - 00398373 _____ () C:\Users\Kushal Naidu\Desktop\idmmzcc.xpi
2014-04-20 05:10 - 2014-04-20 05:10 - 00000000 ____D () C:\Users\Kushal Naidu\AppData\Local\FluxSoftware
2014-04-20 05:09 - 2014-04-20 05:09 - 00597304 _____ () C:\Users\Kushal Naidu\Downloads\flux-setup.exe
2014-04-20 03:59 - 2014-04-22 23:42 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-04-19 20:18 - 2014-03-06 16:48 - 01766400 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-04-19 20:18 - 2014-03-06 16:48 - 01140736 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-04-19 20:18 - 2014-03-06 16:48 - 00042496 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-04-19 20:18 - 2014-03-06 16:47 - 13760512 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-04-19 20:18 - 2014-03-06 16:47 - 02877952 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-04-19 20:18 - 2014-03-06 16:47 - 02049536 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-04-19 20:18 - 2014-03-06 16:47 - 00690688 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2014-04-19 20:18 - 2014-03-06 16:47 - 00493056 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-04-19 20:18 - 2014-03-06 16:47 - 00163840 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-04-19 20:18 - 2013-10-24 20:45 - 00661504 _____ (Microsoft Corporation) C:\Windows\System32\uxtheme.dll
2014-04-19 20:18 - 2013-05-15 14:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\System32\UXInit.dll
2014-04-19 20:18 - 2013-05-14 01:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-04-19 20:18 - 2013-02-21 02:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2014-04-19 20:18 - 2013-02-21 02:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-04-19 20:18 - 2013-02-21 02:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-04-19 20:18 - 2012-11-07 20:24 - 00033280 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-04-19 20:17 - 2014-03-06 16:47 - 14357504 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-04-16 09:50 - 2014-02-03 12:41 - 00303448 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\storport.sys
2014-04-16 09:50 - 2014-02-03 12:41 - 00238424 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msiscsi.sys
2014-04-16 09:50 - 2014-01-31 21:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\fveskybackup.dll
2014-04-16 09:50 - 2014-01-30 17:33 - 00200384 _____ (Microsoft Corporation) C:\Windows\System32\NotificationUI.exe
2014-04-16 09:50 - 2014-01-30 16:48 - 00564736 _____ (Microsoft Corporation) C:\Windows\System32\WSShared.dll
2014-04-16 09:50 - 2014-01-30 16:48 - 00485888 _____ (Microsoft Corporation) C:\Windows\System32\WSDApi.dll
2014-04-16 09:50 - 2014-01-30 16:48 - 00143872 _____ (Microsoft Corporation) C:\Windows\System32\Windows.ApplicationModel.Store.dll
2014-04-16 09:50 - 2014-01-30 16:48 - 00124928 _____ (Microsoft Corporation) C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-16 09:50 - 2014-01-26 17:37 - 01799512 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2014-04-16 09:50 - 2014-01-26 17:09 - 01618264 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2014-04-16 09:50 - 2014-01-26 16:52 - 17561088 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2014-04-16 09:50 - 2014-01-26 15:16 - 00386722 _____ () C:\Windows\System32\ApnDatabase.xml
2014-04-16 09:50 - 2014-01-15 15:42 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dfsc.sys
2014-04-16 09:50 - 2014-01-10 21:06 - 05092352 _____ (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2014-04-16 09:50 - 2014-01-02 15:35 - 00365568 _____ (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2014-04-16 07:18 - 2014-02-05 15:37 - 01011712 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2014-04-16 07:18 - 2014-02-05 15:37 - 00757248 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2014-04-16 06:56 - 2014-04-22 23:42 - 00000000 ____D () C:\Program Files\LogMeIn Hamachi
2014-04-14 21:15 - 2014-04-14 21:15 - 00038920 ____H (LogMeIn Inc.) C:\Windows\System32\Drivers\Hamdrv.sys
2014-04-13 21:59 - 2014-04-13 21:59 - 00001365 _____ () C:\Users\Kushal Naidu\Desktop\hlds - Shortcut.lnk
2014-04-12 21:59 - 2014-04-12 21:59 - 00001613 _____ () C:\Users\Kushal Naidu\Desktop\Counter Strike 1.6 (p48).lnk
2014-04-12 03:09 - 2014-04-12 03:27 - 00000000 ____D () C:\Users\Kushal Naidu\Desktop\ROM
2014-04-10 04:09 - 2014-04-10 04:09 - 00000000 ____D () C:\Users\Kushal Naidu\AppData\Roaming\Baraha Software
2014-04-10 04:09 - 2014-04-10 04:09 - 00000000 ____D () C:\Program Files\Baraha Software
2014-04-06 09:26 - 2014-04-06 09:26 - 00000000 ____D () C:\Users\Kushal Naidu\AppData\Roaming\MiniGet
2014-04-06 09:26 - 2014-04-06 09:26 - 00000000 ____D () C:\Program Files\MiniGet
2014-04-06 09:23 - 2014-04-13 22:00 - 00000000 ____D () C:\Users\Kushal Naidu\AppData\Local\41
2014-03-29 23:41 - 2014-04-04 09:34 - 00000000 ____D () C:\Users\Kushal Naidu\Desktop\ibioku
2014-03-29 23:25 - 2014-04-12 03:26 - 00000000 ____D () C:\Users\Kushal Naidu\Desktop\sdk

==================== One Month Modified Files and Folders =======

2014-04-25 10:18 - 2014-04-25 10:18 - 00000000 _____ () C:\Recovery.txt
2014-04-25 09:51 - 2014-04-24 20:03 - 00000000 ____D () C:\FRST
2014-04-24 20:47 - 2014-01-20 07:25 - 00000000 ____D () C:\Users\Kushal Naidu\AppData\Local\LogMeIn Hamachi
2014-04-24 20:47 - 2013-02-16 22:31 - 01676168 _____ () C:\Windows\WindowsUpdate.log
2014-04-24 20:45 - 2013-02-20 06:07 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-04-24 20:14 - 2013-02-17 06:19 - 00000000 ____D () C:\Users\Kushal Naidu\AppData\Roaming\DMCache
2014-04-24 20:06 - 2014-04-22 18:41 - 00005342 _____ () C:\Windows\System32\PerfStringBackup.TMP
2014-04-24 20:04 - 2012-07-25 22:03 - 00049153 _____ () C:\Windows\setupact.log
2014-04-24 19:45 - 2013-02-26 07:00 - 00000000 ____D () C:\Users\Kushal Naidu\AppData\Roaming\vlc
2014-04-24 19:38 - 2013-02-17 06:19 - 00000000 ____D () C:\Users\Kushal Naidu\Downloads\Compressed
2014-04-24 16:59 - 2013-03-25 22:10 - 00000744 _____ () C:\Windows\System32\Drivers\etc\hosts.ics
2014-04-24 15:44 - 2013-02-17 06:19 - 00000000 ____D () C:\Users\Kushal Naidu\Downloads\Video
2014-04-24 13:48 - 2012-07-25 20:17 - 00262144 ___SH () C:\Windows\System32\config\ELAM
2014-04-24 13:32 - 2012-07-25 22:53 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-04-24 09:45 - 2013-02-16 22:39 - 00000000 ____D () C:\Program Files\Steam
2014-04-24 05:32 - 2014-04-24 05:32 - 00000028 _____ () C:\Users\Kushal Naidu\Desktop\wdawdadwawdawdawawd.txt
2014-04-23 23:42 - 2013-02-16 22:39 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-04-23 23:00 - 2012-07-25 22:53 - 00000000 ____D () C:\Windows\System32\sru
2014-04-22 23:52 - 2013-04-25 05:48 - 00000000 ____D () C:\ProgramData\Wondershare Video Converter Ultimate
2014-04-22 23:42 - 2014-04-20 03:59 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-04-22 23:42 - 2014-04-16 06:56 - 00000000 ____D () C:\Program Files\LogMeIn Hamachi
2014-04-22 23:42 - 2013-02-16 23:43 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-04-22 23:25 - 2014-04-22 09:23 - 00000000 ____D () C:\Users\Others\AppData\Local\LogMeIn Hamachi
2014-04-22 23:25 - 2014-04-21 10:34 - 00000000 ____D () C:\users\Others
2014-04-22 23:25 - 2014-01-25 23:03 - 00000000 ____D () C:\Users\Kushal Naidu\Desktop\awdawda122.177.29.22327015
2014-04-22 23:25 - 2013-09-14 22:28 - 00000000 ____D () C:\Users\Kushal Naidu\AppData\Roaming\MiniLyrics
2014-04-22 23:25 - 2013-02-17 06:21 - 00000000 ___RD () C:\Users\Kushal Naidu\Podcasts
2014-04-22 23:25 - 2013-02-16 22:31 - 00000000 ____D () C:\users\Kushal Naidu
2014-04-22 23:25 - 2012-07-25 22:53 - 00000000 ___RD () C:\Windows\ToastData
2014-04-22 23:25 - 2012-07-25 22:53 - 00000000 ____D () C:\Windows\WinStore
2014-04-22 23:25 - 2012-07-25 22:53 - 00000000 ____D () C:\Windows\rescache
2014-04-22 22:59 - 2013-02-16 22:29 - 00000000 __SHD () C:\Recovery
2014-04-22 19:35 - 2014-04-21 10:24 - 00000000 ____D () C:\VideoOutput
2014-04-22 18:48 - 2014-04-22 07:25 - 00000076 _____ () C:\Users\Kushal Naidu\Desktop\New Text Document.txt
2014-04-22 10:42 - 2012-07-25 20:17 - 00524288 ___SH () C:\Windows\System32\config\BBI
2014-04-22 09:26 - 2014-04-22 09:26 - 00000000 ____D () C:\Users\Others\AppData\Local\LogMeIn
2014-04-22 09:23 - 2014-04-22 09:23 - 00000000 ____D () C:\Users\Others\AppData\Local\Google
2014-04-22 09:23 - 2014-04-22 09:20 - 00002201 _____ () C:\Users\Others\Desktop\Google Chrome.lnk
2014-04-22 09:22 - 2014-04-22 09:19 - 00000000 ____D () C:\Users\Others\AppData\Roaming\Adobe
2014-04-22 09:20 - 2014-04-22 09:20 - 00000000 ___RD () C:\Users\Others\Podcasts
2014-04-22 09:19 - 2014-04-22 09:19 - 00000452 __RSH () C:\Users\Others\ntuser.pol
2014-04-22 09:19 - 2014-04-22 09:19 - 00000000 ____D () C:\Users\Others\AppData\Local\VirtualStore
2014-04-22 08:12 - 2014-04-22 08:12 - 00000126 _____ () C:\Users\Kushal Naidu\Desktop\dqfuq.reg
2014-04-22 07:49 - 2014-04-22 07:49 - 00000000 ____D () C:\Users\Kushal Naidu\AppData\Roaming\SpeedyPC Software
2014-04-22 07:49 - 2014-04-22 07:49 - 00000000 ____D () C:\Users\Kushal Naidu\AppData\Roaming\DriverCure
2014-04-22 07:48 - 2014-04-22 07:48 - 00001165 _____ () C:\Users\Kushal Naidu\Desktop\SpeedyPC Pro.lnk
2014-04-22 07:48 - 2014-04-22 07:48 - 00000000 ____D () C:\ProgramData\SpeedyPC Software
2014-04-22 07:48 - 2014-04-22 07:48 - 00000000 ____D () C:\Program Files\SpeedyPC Software
2014-04-22 07:48 - 2014-04-22 07:48 - 00000000 ____D () C:\Program Files\Common Files\SpeedyPC Software
2014-04-22 07:44 - 2014-04-22 07:44 - 00000000 ____D () C:\Windows\XSxS
2014-04-22 07:25 - 2014-04-22 07:25 - 00000117 _____ () C:\Users\Kushal Naidu\Desktop\open.bat
2014-04-22 07:24 - 2014-04-21 19:12 - 00000452 __RSH () C:\Users\Kushal Naidu\ntuser.pol
2014-04-21 21:38 - 2012-07-25 22:53 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-04-21 19:11 - 2012-07-25 22:53 - 00000000 ___HD () C:\Windows\System32\GroupPolicy
2014-04-21 19:10 - 2014-04-21 19:10 - 00000000 __RSH () C:\MSDOS.SYS
2014-04-21 19:10 - 2014-04-21 19:10 - 00000000 __RSH () C:\IO.SYS
2014-04-21 10:34 - 2014-04-21 10:34 - 00000020 ___SH () C:\Users\Others\ntuser.ini
2014-04-21 10:24 - 2014-04-21 10:24 - 00001020 _____ () C:\Users\Public\Desktop\PSP Converter.lnk
2014-04-21 10:24 - 2014-04-21 10:24 - 00000000 ____D () C:\Program Files\PSP Converter
2014-04-21 10:10 - 2014-04-21 10:10 - 00000000 ____D () C:\Users\Kushal Naidu\AppData\Roaming\8281
2014-04-21 10:10 - 2014-04-21 10:09 - 35800064 _____ () C:\Users\Kushal Naidu\Downloads\XiliSoft Video Converter Ultimate [Setup + Patch] Latest.rar
2014-04-21 09:46 - 2014-04-21 09:46 - 00002079 _____ () C:\Users\Public\Desktop\Xilisoft PSP Video Converter.lnk
2014-04-21 09:46 - 2014-04-21 09:46 - 00000000 ____D () C:\Users\Kushal Naidu\AppData\Roaming\Xilisoft
2014-04-21 09:46 - 2014-04-21 09:46 - 00000000 ____D () C:\ProgramData\Xilisoft
2014-04-21 09:28 - 2013-03-29 21:34 - 00000000 ____D () C:\Users\Kushal Naidu\AppData\Roaming\Skype
2014-04-21 02:47 - 2014-04-21 02:20 - 697240698 _____ () C:\Users\Kushal Naidu\Documents\video_4.mp4
2014-04-21 02:46 - 2014-04-21 02:20 - 714072374 _____ () C:\Users\Kushal Naidu\Documents\NowVideo - Just watch it now! _ Flash Video Hosting.mp4
2014-04-21 02:29 - 2013-02-17 06:19 - 00000000 ____D () C:\Users\Kushal Naidu\AppData\Roaming\IDM
2014-04-21 02:23 - 2013-03-04 05:24 - 00000403 _____ () C:\Users\Kushal Naidu\Documents\PhNo.txt
2014-04-21 02:19 - 2014-04-21 02:19 - 00001247 _____ () C:\Users\Public\Desktop\YTD Video Downloader.lnk
2014-04-21 02:19 - 2013-05-29 08:20 - 00000000 ____D () C:\ProgramData\YTD Video Downloader
2014-04-20 21:06 - 2014-04-20 21:06 - 00398373 _____ () C:\Users\Kushal Naidu\Desktop\idmmzcc.xpi
2014-04-20 05:10 - 2014-04-20 05:10 - 00000000 ____D () C:\Users\Kushal Naidu\AppData\Local\FluxSoftware
2014-04-20 05:09 - 2014-04-20 05:09 - 00597304 _____ () C:\Users\Kushal Naidu\Downloads\flux-setup.exe
2014-04-19 19:18 - 2013-09-14 22:28 - 00000000 ____D () C:\Lyrics
2014-04-19 19:13 - 2013-07-02 07:46 - 00000000 ___RD () C:\Users\Kushal Naidu\Dropbox
2014-04-19 19:13 - 2013-07-02 07:42 - 00000000 ____D () C:\Users\Kushal Naidu\AppData\Roaming\Dropbox
2014-04-19 05:19 - 2013-07-23 04:58 - 00000000 ____D () C:\JayaShree
2014-04-17 03:46 - 2013-03-22 03:24 - 00000000 ____D () C:\Users\Kushal Naidu\Documents\java
2014-04-16 10:29 - 2013-07-11 13:36 - 00000000 ____D () C:\Windows\System32\MRT
2014-04-16 10:26 - 2013-02-19 04:03 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-14 21:15 - 2014-04-14 21:15 - 00038920 ____H (LogMeIn Inc.) C:\Windows\System32\Drivers\Hamdrv.sys
2014-04-14 09:06 - 2014-02-07 04:59 - 00000000 ____D () C:\Users\Kushal Naidu\Desktop\vali
2014-04-14 03:13 - 2013-06-25 01:27 - 00000000 ____D () C:\Users\Kushal Naidu\Downloads\One Tree Hill (Season 6) - Wikiquote_files
2014-04-13 22:00 - 2014-04-06 09:23 - 00000000 ____D () C:\Users\Kushal Naidu\AppData\Local\41
2014-04-13 21:59 - 2014-04-13 21:59 - 00001365 _____ () C:\Users\Kushal Naidu\Desktop\hlds - Shortcut.lnk
2014-04-13 21:37 - 2013-02-22 17:17 - 00000000 ____D () C:\Games
2014-04-12 21:59 - 2014-04-12 21:59 - 00001613 _____ () C:\Users\Kushal Naidu\Desktop\Counter Strike 1.6 (p48).lnk
2014-04-12 03:27 - 2014-04-12 03:09 - 00000000 ____D () C:\Users\Kushal Naidu\Desktop\ROM
2014-04-12 03:26 - 2014-03-29 23:25 - 00000000 ____D () C:\Users\Kushal Naidu\Desktop\sdk
2014-04-10 23:31 - 2012-07-25 22:53 - 00000000 ____D () C:\Windows\System32\NDF
2014-04-10 23:25 - 2014-03-14 08:39 - 03833248 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-04-10 04:09 - 2014-04-10 04:09 - 00000000 ____D () C:\Users\Kushal Naidu\AppData\Roaming\Baraha Software
2014-04-10 04:09 - 2014-04-10 04:09 - 00000000 ____D () C:\Program Files\Baraha Software
2014-04-06 09:26 - 2014-04-06 09:26 - 00000000 ____D () C:\Users\Kushal Naidu\AppData\Roaming\MiniGet
2014-04-06 09:26 - 2014-04-06 09:26 - 00000000 ____D () C:\Program Files\MiniGet
2014-04-04 09:34 - 2014-03-29 23:41 - 00000000 ____D () C:\Users\Kushal Naidu\Desktop\ibioku
2014-04-02 10:19 - 2012-07-25 20:43 - 00000000 ___RD () C:\users\Public
2014-03-31 13:18 - 2014-01-16 03:12 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2014-03-31 13:18 - 2014-01-16 03:12 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2014-03-30 14:21 - 2013-02-18 13:37 - 88028728 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-03-29 23:33 - 2014-01-29 05:22 - 00000000 ____D () C:\Users\Kushal Naidu\Downloads\Welcome to VTU_files
2014-03-28 18:21 - 2013-04-25 05:34 - 00000000 ____D () C:\ProgramData\xml_param
2014-03-26 04:58 - 2014-03-24 05:19 - 00000000 ____D () C:\Users\Kushal Naidu\Desktop\OpenHardwareMonitor

Some content of TEMP:
====================
C:\Users\Kushal Naidu\AppData\Local\Temp\Tsu3D778798.dll


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================


==================== Memory info ===========================

Percentage of memory in use: 21%
Total physical RAM: 2008.57 MB
Available physical RAM: 1571.26 MB
Total Pagefile: 2008.57 MB
Available Pagefile: 1578.28 MB
Total Virtual: 2047.88 MB
Available Virtual: 1947.28 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:187.67 GB) (Free:13.34 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (KUSHAL) (Removable) (Total:3.72 GB) (Free:3.72 GB) FAT32
Drive e: () (Fixed) (Total:30.46 GB) (Free:17.5 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: C3FFC3FF)
Partition 1: (Active) - (Size=188 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=30 GB) - (Type=OF Extended)
Partition 3: (Not Active) - (Size=15 GB) - (Type=12)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 73DE4561)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)


LastRegBack: 2014-04-17 13:31

==================== End Of Log ============================

 

 

 

Log of search.txt:

 

Farbar Recovery Scan Tool (x86) Version: 24-04-2014
Ran by SYSTEM at 2014-04-25 10:21:35
Running from D:\
Boot Mode: Recovery

================== Search: "services.exe" ===================

C:\Windows\WinSxS\x86_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.20521_none_3c8b4eaae6f9ad7c\services.exe
[2012-11-14 01:35] - [2013-06-23 08:26] - 0001319 ____A () 3D0092B4F31C409ACE75E7A995036068

C:\Windows\WinSxS\x86_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.16420_none_3c00b195cddcf45b\services.exe
[2012-11-14 01:35] - [2012-11-14 01:35] - 0332800 ____A (Microsoft Corporation) 6528BAACA25356FE226904DD36C82BA7

C:\Windows\WinSxS\x86_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.16384_none_3bc3d14fce0a0436\services.exe
[2012-07-25 20:17] - [2013-06-23 08:26] - 0034560 ____A () 1DA9D3BFC613C31EDC1E33E08E7FC984

C:\Windows\System32\services.exe
[2012-11-14 01:35] - [2012-11-14 01:35] - 0332800 ____A (Microsoft Corporation) 6528BAACA25356FE226904DD36C82BA7

X:\Windows\WinSxS\x86_microsoft-windows-s..cecontroller-minwin_31bf3856ad364e35_6.2.9200.16384_none_3bc3d14fce0a0436\services.exe
[2012-07-25 20:17] - [2012-07-25 20:17] - 0333312 ____A (Microsoft Corporation) 575FB4211BB07DB7D2179B1B05FE7EFD

X:\Windows\System32\services.exe
[2012-07-25 20:17] - [2012-07-25 20:17] - 0333312 ____A (Microsoft Corporation) 575FB4211BB07DB7D2179B1B05FE7EFD

=== End Of Search ===

i have the same problems as the others, that is i cant open task manager, regedit, command prompt, pressing alt+F4 when on desktop, etc in normal mode.


Edited by hamluis, 28 April 2014 - 04:25 PM.
Moved from Win 8 to MRL - Hamluis.


BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,242 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:25 PM

Posted 29 April 2014 - 08:00 AM

I suspect that this virtual router was removed.

If I'm wrong and you wish to keep these startup items then remove the last 3 lines in the code box below before proceeding. They are:

Startup: C:\Users\Kushal Naidu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Virtual Router Manager.lnk
ShortcutTarget: Virtual Router Manager.lnk -> C:\Users\Kushal Naidu\AppData\Roaming\Microsoft\Installer\{BE905C46-2B34-4D73-AEE1-769ED138E0FF}\_118D1A4EFFA6998C3492EB.exe ()
S2 Virtual Router; "C:\Program Files\Virtual Router\VirtualRouterService.exe" [X]

===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start
HKLM\...\Run: [] => [X]
HKLM\...\Run: [mobilegeni daemon] => C:\Program Files\Mobogenie\DaemonProcess.exe
HKU\Kushal Naidu\...\Run: [TBHostSupport] => "C:\Windows\system32\Rundll32.exe" "C:\Users\Kushal Naidu\AppData\Local\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin <===== ATTENTION
HKU\Kushal Naidu\...\Run: [AdobeBridge] => [X]
HKU\Kushal Naidu\...\Policies\system: [DisableTaskmgr] 1
HKU\Kushal Naidu\...\Policies\system: [DisableCMD] 1
IFEO\cmd.exe: [Debugger] twunk_16.exe
IFEO\msconfig.exe: [Debugger] twunk_16.exe
IFEO\regedit.exe: [Debugger] twunk_16.exe
IFEO\rstrui.exe: [Debugger] twunk_16.exe
IFEO\taskmgr.exe: [Debugger] twunk_16.exe
ShortcutTarget: Dropbox.lnk ->  (No File)
ShortcutTarget: MouseFix - Shortcut.lnk ->  (No File)
S2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [496640 2014-03-13] (Cherished Technololgy LIMITED)
S3 OpenVPNService; "C:\Program Files\OpenVPN\bin\openvpnserv.exe" [X]
S2 ThinixWiFiHotspot; "C:\Program Files\Thinix\Thinix WiFi Hotspot\ThinixWiFiHotspotWindowsService.exe" [X]
S1 nm3; \SystemRoot\system32\DRIVERS\nm3.sys [X]
Startup: C:\Users\Kushal Naidu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Virtual Router Manager.lnk
ShortcutTarget: Virtual Router Manager.lnk -> C:\Users\Kushal Naidu\AppData\Roaming\Microsoft\Installer\{BE905C46-2B34-4D73-AEE1-769ED138E0FF}\_118D1A4EFFA6998C3492EB.exe ()
S2 Virtual Router; "C:\Program Files\Virtual Router\VirtualRouterService.exe" [X]

End

Save the files as fixlist.txt in to the same folder as FRST

Run FRST and click Fix only once and wait

The tool will create a log (Fixlog.txt) please post it to your reply.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,242 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:25 PM

Posted 04 May 2014 - 08:22 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users