Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CMD virus on startup.


  • Please log in to reply
2 replies to this topic

#1 Andy2kk

Andy2kk

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 08 May 2014 - 09:20 AM

Hi, been having a similar problem to that guy in the other thread, 

 

I noticed today when starting up my PC that a cmd prompt that is blank quickly pops up and disappeares, it launches google chrome (my default browser) and opens the webpage "extendedunlimited.org", which redirects to "gameharbor.org/". This only happens once per login.

 

I ran Farbar Recovery Scan Tool but didn't have that same line to remove... not that I could see. The results are below:

 

Checked it again and it starts off on dinoraptzor.org then goes to gameharbor.org,

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:07-05-2014
Ran by MainPC_2 (administrator) on MAIN on 08-05-2014 15:48:03
Running from C:\Users\MainPC_2\Desktop\FIX
Microsoft Windows 8.1 Update 1 (X86) OS Language: English(UK)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(NETGEAR) C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe
( ) C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Maxtor Corp.) C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(NETGEAR Inc.) C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe
(Lotus Development Corporation) F:\lotus\organize\easyclip.exe
(Wondershare) C:\Program Files\Wondershare\MobileGo for Android\MobileGoService.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
() C:\Program Files\NETGEAR Genie\bin\genie2_tray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Maxtor Corp.) C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Lotus Development Corporation) F:\lotus\organize\easyclip.exe
(Wondershare) C:\Program Files\Wondershare\MobileGo for Android\MobileGoService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\regedit.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17031_none_9e321813e2be5a14\TiWorker.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3164472 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [Wondershare Helper Compact] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS6ServiceManager] => C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2013-12-18] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-12-18] (Adobe Systems Inc.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [6215448 2014-02-28] (Logitech Inc.)
HKLM\...\Run: [MaxtorOneTouch] => C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe [712704 2006-03-27] (Maxtor Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [mxomssmenu] => C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe [81920 2005-10-17] (Maxtor Corp.)
HKLM\...\Run: [phc700] => C:\WINDOWS\vphc700.exe [339968 2005-02-14] (Sonix)
HKLM\...\Run: [Babakan] => cmd.exe /k if %date:~6,4%%date:~3,2%%date:~0,2% LEQ 20131027 (exit) else (start http://dinoraptzor.org && exit)
HKU\S-1-5-21-224529468-504048338-1071593666-1001\...\Run: [Wondershare Helper Compact] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
HKU\S-1-5-21-224529468-504048338-1071593666-1001\...\Run: [Spotify Web Helper] => C:\Users\Colin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-04-06] (Spotify Ltd)
HKU\S-1-5-21-224529468-504048338-1071593666-1001\...\Run: [NETGEARGenie] => C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe [602880 2013-11-14] (NETGEAR Inc.)
HKU\S-1-5-21-224529468-504048338-1071593666-1004\...\RunOnce: [WAB Migrate] - C:\Program Files\Windows Mail\wab.exe [515584 2013-08-22] (Microsoft Corporation)
HKU\S-1-5-21-224529468-504048338-1071593666-1007\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-224529468-504048338-1071593666-1007\...\MountPoints2: {86b1c8e6-bffc-11e3-afa2-806e6f6e6963} - "H:\RunMe.exe" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lotus Organizer EasyClip.lnk
ShortcutTarget: Lotus Organizer EasyClip.lnk -> F:\lotus\organize\easyclip.exe (Lotus Development Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lotus QuickStart.lnk
ShortcutTarget: Lotus QuickStart.lnk -> F:\lotus\wordpro\ltsstart.exe (Lotus Development Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lotus SmartCenter.lnk
ShortcutTarget: Lotus SmartCenter.lnk -> F:\lotus\smartctr\smartctr.exe (Lotus Development Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lotus SuiteStart.lnk
ShortcutTarget: Lotus SuiteStart.lnk -> F:\lotus\smartctr\suitest.exe (Lotus Development Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MobileGo Service.lnk
ShortcutTarget: MobileGo Service.lnk -> C:\Program Files\Wondershare\MobileGo for Android\MobileGoService.exe (Wondershare)
Startup: C:\Users\MainPC_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnk
ShortcutTarget: Microsoft SharePoint Workspace.lnk -> C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
Startup: C:\Users\MainPC_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Acrobat - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014-04-06]
 
Chrome: 
=======
CHR HomePage: hxxp://yahoo.co.uk/
CHR StartupUrls: "hxxp://www.searchnu.com/406"
CHR DefaultSearchKeyword: uk.yahoo.com
CHR DefaultSearchProvider: Yahoo! UK & Ireland
CHR DefaultNewTabURL: 
CHR Extension: (Google Docs) - C:\Users\MainPC_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-07]
CHR Extension: (Google Drive) - C:\Users\MainPC_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-07]
CHR Extension: (YouTube) - C:\Users\MainPC_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-07]
CHR Extension: (Google Search) - C:\Users\MainPC_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-07]
CHR Extension: (Google Wallet) - C:\Users\MainPC_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-07]
CHR Extension: (Gmail) - C:\Users\MainPC_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-07]
 
========================== Services (Whitelisted) =================
 
S3 Futuremark SystemInfo Service; C:\Program Files\Futuremark\SystemInfo\FMSISvc.exe [520416 2013-10-15] (Futuremark)
R2 MaxBackServiceInt; C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe [184320 2006-02-15] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 NETGEARGenieDaemon; C:\Program Files\NETGEAR Genie\bin\NETGEARGenieDaemon.exe [195840 2013-11-14] (NETGEAR)
R2 NTService1; C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe [106496 2006-02-07] ( )
S3 ScDeviceEnum; C:\WINDOWS\System32\ScDeviceEnum.dll [105472 2013-08-22] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [280296 2014-04-06] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\WINDOWS\system32\wephostsvc.dll [20992 2013-08-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22224 2014-04-06] (Microsoft Corporation)
S3 workfolderssvc; C:\WINDOWS\system32\workfolderssvc.dll [1210368 2013-11-14] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
R3 athr; C:\WINDOWS\system32\DRIVERS\athwn.sys [2795520 2013-06-18] (Qualcomm Atheros Communications, Inc.)
R1 BasicRender; C:\WINDOWS\System32\drivers\BasicRender.sys [25600 2014-02-22] (Microsoft Corporation)
R3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [137632 2012-10-19] (Windows ® Win 7 DDK provider)
R3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [22432 2012-10-19] (Windows ® Win 7 DDK provider)
S3 GPIO; C:\WINDOWS\System32\drivers\iaiogpio.sys [22016 2013-07-23] (Intel Corporation)
S3 GPUZ; C:\WINDOWS\TEMP\GPUZ.sys [23936 2014-05-04] ()
R3 LGBusEnum; C:\WINDOWS\system32\drivers\LGBusEnum.sys [19720 2009-11-24] (Logitech Inc.)
S3 LGVirHid; C:\WINDOWS\system32\drivers\LGVirHid.sys [14856 2009-11-24] (Logitech Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [107736 2014-05-08] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [51416 2014-04-03] (Malwarebytes Corporation)
R3 MTsensor; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [16256 2013-05-17] ()
R0 mv61xx; C:\WINDOWS\System32\drivers\mv61xx.sys [159536 2011-02-09] (Marvell Semiconductor, Inc.)
S3 MXOPSWD; C:\WINDOWS\System32\drivers\mxopswd.sys [15360 2005-04-06] (Maxtor Corp.)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35088 2014-04-06] (CACE Technologies, Inc.)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [45968 2011-11-03] (Rovi Corporation)
R3 SaiK0CEA; C:\WINDOWS\system32\DRIVERS\SaiK0CEA.sys [104960 2007-12-07] (Saitek)
R3 SaiU0CEA; C:\WINDOWS\System32\drivers\SaiU0CEA.sys [28544 2007-12-07] (Saitek)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [93016 2014-04-06] (Microsoft Corporation)
R0 Wof; C:\WINDOWS\system32\Drivers\Wof.sys [138584 2014-03-13] (Microsoft Corporation)
R3 xusb22; C:\WINDOWS\System32\drivers\xusb22.sys [69632 2013-08-22] (Microsoft Corporation)
R3 yukonw8; C:\WINDOWS\system32\DRIVERS\yk63x86.sys [249288 2013-06-18] (Marvell)
S3 cpuz136; \??\C:\WINDOWS\TEMP\cpuz136\cpuz136_x32.sys [X]
S1 MpKsl0842f7d3; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4FBF0715-73C4-4A70-A221-2D7D5987EA8B}\MpKsl0842f7d3.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-05-08 15:47 - 2014-05-08 15:47 - 00854355 _____ () C:\Users\MainPC_2\Downloads\SecurityCheck.exe
2014-05-08 15:41 - 2014-05-08 15:41 - 00000278 _____ () C:\Users\MainPC_2\Downloads\fixlist (1).txt
2014-05-08 14:49 - 2014-05-08 14:49 - 00000375 _____ () C:\Users\MainPC_2\Downloads\keyboard-fix.zip
2014-05-08 14:48 - 2014-05-08 14:48 - 00001320 _____ () C:\Users\MainPC_2\Desktop\JRT.txt
2014-05-08 14:47 - 2014-05-08 14:48 - 01016261 _____ (Thisisu) C:\Users\MainPC_2\Downloads\JRT (1).exe
2014-05-08 14:45 - 2014-05-08 14:45 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-05-08 14:30 - 2014-05-08 14:52 - 00000000 ____D () C:\AdwCleaner
2014-05-08 14:30 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-05-08 14:25 - 2014-05-08 14:25 - 01316991 _____ () C:\Users\MainPC_2\Downloads\AdwCleaner.exe
2014-05-08 14:24 - 2014-05-08 14:24 - 00000278 _____ () C:\Users\MainPC_2\Downloads\fixlist.txt
2014-05-08 14:13 - 2014-05-08 15:48 - 00000000 ____D () C:\Users\MainPC_2\Desktop\FIX
2014-05-08 14:12 - 2014-05-08 14:15 - 00038387 _____ () C:\Users\MainPC_2\Downloads\Addition.txt
2014-05-08 14:10 - 2014-05-08 15:34 - 00189861 _____ () C:\Users\MainPC_2\Downloads\FRST.txt
2014-05-08 14:09 - 2014-05-08 15:14 - 00000000 ____D () C:\FRST
2014-05-08 09:46 - 2014-05-08 09:46 - 00021024 _____ () C:\Users\Colin\Downloads\D17D4C9DB8F0BE8F2A56D0151FBD85C84D0588FE.torrent
2014-05-08 09:46 - 2014-05-08 09:46 - 00017452 _____ () C:\Users\Colin\Downloads\A25979D7336B624D9F8AA990CE647E71A1D8FB76.torrent
2014-05-08 09:46 - 2014-05-08 09:46 - 00016844 _____ () C:\Users\Colin\Downloads\FC0B794D98DBA0F271E103EEDFB11F8CC7F2F813.torrent
2014-05-08 09:46 - 2014-05-08 09:46 - 00013173 _____ () C:\Users\Colin\Downloads\97FA7F64C931AAB65425BBFE32F2C4EE1EE748A1.torrent
2014-05-08 09:44 - 2014-05-08 09:46 - 00020014 _____ () C:\Users\Colin\Downloads\8107F146B35BB4B985969A7D233AF75AF359F18B.torrent
2014-05-08 09:44 - 2014-05-08 09:45 - 00028306 _____ () C:\Users\Colin\Downloads\EABEE7F9C86C56D4FB90A3B26FC2E9B7FFF85856.torrent
2014-05-08 09:44 - 2014-05-08 09:44 - 00022714 _____ () C:\Users\Colin\Downloads\A0D94D30F2E29583881922BA435E7ADC7D65FECB.torrent
2014-05-08 09:41 - 2014-05-08 09:41 - 00000000 ____D () C:\Users\Colin\Desktop\Jane Job
2014-05-08 09:30 - 2014-05-08 09:30 - 00073903 _____ () C:\Users\Colin\Downloads\Blank Copy of North Mid.xltx
2014-05-07 21:56 - 2014-05-07 21:56 - 00000000 ____D () C:\Users\Colin\Documents\Activision
 
Some content of TEMP:
====================
C:\Users\Colin\AppData\Local\Temp\CH.dll
C:\Users\Colin\AppData\Local\Temp\CH2.dll
C:\Users\Colin\AppData\Local\Temp\Copy.dll
C:\Users\Colin\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\MainPC_2\AppData\Local\Temp\ccdist.exe
C:\Users\MainPC_2\AppData\Local\Temp\Quarantine.exe
C:\Users\MainPC_2\AppData\Local\Temp\wintdist.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\WINDOWS\explorer.exe
[2014-04-30 08:30] - [2014-03-04 12:16] - 2088160 ____A (Microsoft Corporation) 119E091B5386379BC5AA598BE9440C75
 
C:\WINDOWS\system32\winlogon.exe
[2014-04-30 08:13] - [2014-02-22 10:21] - 0459264 ____A (Microsoft Corporation) 70C57DC69D4A7D92D2CAC90C3AD16E6F
 
C:\WINDOWS\system32\wininit.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll
[2014-04-30 08:13] - [2014-02-22 15:42] - 1370696 ____A (Microsoft Corporation) 43B0EB86B10506AD564E2005A6156D30
 
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll
[2014-04-30 08:14] - [2014-02-22 10:16] - 0593408 ____A (Microsoft Corporation) 05C0337538BEECC04FC695808EFF201C
 
 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\WINDOWS\system32\Drivers\volsnap.sys
[2014-04-30 08:14] - [2014-02-22 15:08] - 0265048 ____A (Microsoft Corporation) 085918BF459BCB835CFC535BE7138539
 
 
 
LastRegBack: 2014-05-08 09:57
 
==================== End Of Log ============================

Edited by Andy2kk, 08 May 2014 - 09:51 AM.


BC AdBot (Login to Remove)

 


#2 Andy2kk

Andy2kk
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 08 May 2014 - 10:13 AM

Can I delete the line manually? I found it in the regedit program. Would it affect anything else?


Edited by Andy2kk, 08 May 2014 - 10:17 AM.


#3 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:05:54 PM

Posted 11 May 2014 - 04:56 PM

Hi Andy2kk

Ran by MainPC_2 (administrator) on MAIN on 08-05-2014 15:48:03

This isn't the first time that FRST has been run.

2014-05-08 14:12 - 2014-05-08 14:15 - 00038387 _____ () C:\Users\MainPC_2\Downloads\Addition.txt
2014-05-08 14:10 - 2014-05-08 15:34 - 00189861 _____ () C:\Users\MainPC_2\Downloads\FRST.txt

and what is this fixlist?

2014-05-08 14:24 - 2014-05-08 14:24 - 00000278 _____ () C:\Users\MainPC_2\Downloads\fixlist.txt

Where did it come from?
and what did it contain?

Also, no Addition.txt has been posted.

BBPP6nz.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users