Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Appearence of black screen with aiasfacoiaksf.vbs error


  • This topic is locked This topic is locked
19 replies to this topic

#1 madhumathi91

madhumathi91

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:08 AM

Posted 07 August 2014 - 01:08 AM

hi everyone..

I have been facing this problem for a week after installing a pen drive. Please provide some solutions.

Thanking You.

 



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:38 AM

Posted 07 August 2014 - 03:54 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
 
 
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
 
 
 Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 madhumathi91

madhumathi91
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:08 AM

Posted 09 August 2014 - 11:04 PM

Hi..Thank you for your help...I downloaded FRST but unable to run in my lap..my Norton antivirus is automatically removing the application as it is not safe.Wt to do??

#4 madhumathi91

madhumathi91
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:08 AM

Posted 12 August 2014 - 05:41 AM

Hi friend,
I disabled my norton antivirus and ran FRST scan which generated two logs which i have attached below and also ran aswmbr scan and attached its log also. please have a look and help me.

Attached Files



#5 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:38 AM

Posted 12 August 2014 - 06:01 AM

We need to remove some programs with Revo Uninstaller Free:


Note: Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.
Note: If the program you want to uninstall is not listed by Revo, let me know and we will try an altenate method of removal.

  • Please download and install Revo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s), or anything similar, to remove it:

    50CoupOunS
    RandomPriiceu
    Search Protect
    WindowsProtectManger20.0.0.401
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish

 

 

 

 

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#6 madhumathi91

madhumathi91
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:08 AM

Posted 12 August 2014 - 08:40 AM

ComboFix 14-08-12.01 - ADMIN 12-08-2014 18:35:45.1.2 - x64
Microsoft Windows 8 Single Language 6.2.9200.0.1252.91.1033.18.1634.531 [GMT 5.5:30]
Running from: c:\users\ADMIN\Desktop\ComboFix.exe
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\program files (x86)\CostMin
c:\program files (x86)\CostMin\LG1tEJE90.dat
c:\program files (x86)\CostMin\LG1tEJE90.tlb
c:\programdata\CostMin
c:\programdata\CostMin\IHcwMJo0Kp.dat
c:\programdata\RegUULarDealuS
c:\programdata\RegUULarDealuS\AX5a8Yd.dat
c:\programdata\RegUULarDealuS\AX5a8Yd.dll
c:\programdata\RegUULarDealuS\AX5a8Yd.exe
c:\programdata\RegUULarDealuS\AX5a8Yd.tlb
c:\programdata\RegUULarDealuS\AX5a8Yd.x64.dll
c:\users\ADMIN\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn
c:\users\ADMIN\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn\2.2\background.html
c:\users\ADMIN\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn\2.2\content.js
c:\users\ADMIN\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn\2.2\i636KE8sk0G.js
c:\users\ADMIN\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn\2.2\lsdb.js
c:\users\ADMIN\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn\2.2\manifest.json
c:\users\ADMIN\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn
c:\users\ADMIN\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn\2.2\background.html
c:\users\ADMIN\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn\2.2\content.js
c:\users\ADMIN\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn\2.2\i636KE8sk0G.js
c:\users\ADMIN\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn\2.2\lsdb.js
c:\users\ADMIN\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn\2.2\manifest.json
c:\users\ADMIN\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn
c:\users\ADMIN\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn\2.2\background.html
c:\users\ADMIN\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn\2.2\content.js
c:\users\ADMIN\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn\2.2\i636KE8sk0G.js
c:\users\ADMIN\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn\2.2\lsdb.js
c:\users\ADMIN\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn\2.2\manifest.json
c:\users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\afgabimphpgkjochcoogplolgpcagmap
c:\users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\afgabimphpgkjochcoogplolgpcagmap\164\background.html
c:\users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\afgabimphpgkjochcoogplolgpcagmap\164\content.js
c:\users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\afgabimphpgkjochcoogplolgpcagmap\164\kWGZo4OX6oWW.js
c:\users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\afgabimphpgkjochcoogplolgpcagmap\164\lsdb.js
c:\users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\afgabimphpgkjochcoogplolgpcagmap\164\manifest.json
c:\users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimhdmlhdgmboegnmecdnfbmdmhdoool
c:\users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimhdmlhdgmboegnmecdnfbmdmhdoool\224\background.html
c:\users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimhdmlhdgmboegnmecdnfbmdmhdoool\224\bckmH.js
c:\users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimhdmlhdgmboegnmecdnfbmdmhdoool\224\content.js
c:\users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimhdmlhdgmboegnmecdnfbmdmhdoool\224\lsdb.js
c:\users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimhdmlhdgmboegnmecdnfbmdmhdoool\224\manifest.json
c:\users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\gojhnpmkaaiggaidcejcmfclgcepefao
c:\users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\gojhnpmkaaiggaidcejcmfclgcepefao\1.8\background.html
c:\users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\gojhnpmkaaiggaidcejcmfclgcepefao\1.8\c4TxkB4olAp.js
c:\users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\gojhnpmkaaiggaidcejcmfclgcepefao\1.8\content.js
c:\users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\gojhnpmkaaiggaidcejcmfclgcepefao\1.8\lsdb.js
c:\users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\gojhnpmkaaiggaidcejcmfclgcepefao\1.8\manifest.json
c:\users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn
c:\users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn\2.2\background.html
c:\users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn\2.2\content.js
c:\users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn\2.2\i636KE8sk0G.js
c:\users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn\2.2\lsdb.js
c:\users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nohbdifokmdgjcbbeobglcbaifinhfip
c:\users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nohbdifokmdgjcbbeobglcbaifinhfip\103\background.html
c:\users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nohbdifokmdgjcbbeobglcbaifinhfip\103\CLg.js
c:\users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nohbdifokmdgjcbbeobglcbaifinhfip\103\content.js
c:\users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nohbdifokmdgjcbbeobglcbaifinhfip\103\lsdb.js
c:\users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nohbdifokmdgjcbbeobglcbaifinhfip\103\manifest.json
c:\users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_afgabimphpgkjochcoogplolgpcagmap_0.localstorage-journal
c:\users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_afgabimphpgkjochcoogplolgpcagmap_0.localstorage
c:\users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hhiphmalnklhncinmlbikabdaioijdig_0.localstorage-journal
c:\users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hhiphmalnklhncinmlbikabdaioijdig_0.localstorage
c:\users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\ADMIN\AppData\Local\Packages\windows_ie_ac_001\AC\{24166974-F12F-ECE7-B72D-3A0A79F55869}
c:\users\ADMIN\AppData\Local\Packages\windows_ie_ac_001\AC\{24166974-F12F-ECE7-B72D-3A0A79F55869}\RegUULarDealuS.2.9.dat
c:\users\ADMIN\AppData\Local\Packages\windows_ie_ac_001\AC\{EF6EC089-B162-43B0-7F2B-7243CA06F587}
c:\users\ADMIN\AppData\Local\Packages\windows_ie_ac_001\AC\{EF6EC089-B162-43B0-7F2B-7243CA06F587}\CostMin.2.9.dat
c:\users\ADMIN\AppData\Local\Torch\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn
c:\users\ADMIN\AppData\Local\Torch\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn\2.2\background.html
c:\users\ADMIN\AppData\Local\Torch\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn\2.2\content.js
c:\users\ADMIN\AppData\Local\Torch\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn\2.2\i636KE8sk0G.js
c:\users\ADMIN\AppData\Local\Torch\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn\2.2\lsdb.js
c:\users\ADMIN\AppData\Local\Torch\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn\2.2\manifest.json
c:\users\ADMIN\AppData\LocalLow\{24166974-F12F-ECE7-B72D-3A0A79F55869}
c:\users\ADMIN\AppData\LocalLow\{24166974-F12F-ECE7-B72D-3A0A79F55869}\RegUULarDealuS.2.9.dat
c:\users\ADMIN\AppData\LocalLow\{EF6EC089-B162-43B0-7F2B-7243CA06F587}
c:\users\ADMIN\AppData\LocalLow\{EF6EC089-B162-43B0-7F2B-7243CA06F587}\CostMin.2.9.dat
c:\users\ADMIN\AppData\Roaming\asfsgwsesdasfwea.exe
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn\2.2\background.html
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn\2.2\content.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn\2.2\i636KE8sk0G.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn\2.2\lsdb.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn\2.2\manifest.json
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn\2.2\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn\2.2\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn\2.2\i636KE8sk0G.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn\2.2\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn\2.2\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn\2.2\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn\2.2\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn\2.2\i636KE8sk0G.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn\2.2\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn\2.2\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn\2.2\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn\2.2\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn\2.2\i636KE8sk0G.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn\2.2\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn\2.2\manifest.json
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn\2.2\background.html
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn\2.2\content.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn\2.2\i636KE8sk0G.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn\2.2\lsdb.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn\2.2\manifest.json
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn\2.2\background.html
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn\2.2\content.js
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn\2.2\i636KE8sk0G.js
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn\2.2\lsdb.js
c:\users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn\2.2\manifest.json
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn\2.2\background.html
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn\2.2\content.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn\2.2\i636KE8sk0G.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn\2.2\lsdb.js
c:\users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn\2.2\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn\2.2\background.html
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn\2.2\content.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn\2.2\i636KE8sk0G.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn\2.2\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn\2.2\manifest.json
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn\2.2\background.html
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn\2.2\content.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn\2.2\i636KE8sk0G.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn\2.2\lsdb.js
c:\users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn\2.2\manifest.json
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn\2.2\background.html
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn\2.2\content.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn\2.2\i636KE8sk0G.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn\2.2\lsdb.js
c:\users\Guest\AppData\Local\Torch\User Data\Default\Extensions\nlmgeliklbepbokbcojnppjojcphedkn\2.2\manifest.json
.
.
((((((((((((((((((((((((( Files Created from 2014-07-12 to 2014-08-12 )))))))))))))))))))))))))))))))
.
.
2014-08-12 12:59 . 2014-08-12 12:59 -------- d-----w- c:\windows\system32\drivers\NSTx64
2014-08-12 12:59 . 2014-08-12 12:59 -------- d-----w- c:\program files (x86)\Norton Identity Safe
2014-08-12 12:42 . 2014-08-12 12:42 -------- d-----w- c:\program files (x86)\RandomPriiceu
2014-08-12 12:39 . 2014-08-12 12:39 -------- d-----w- c:\program files (x86)\50CoupOunS
2014-08-12 12:37 . 2014-08-12 12:37 -------- d-----w- c:\program files (x86)\VS Revo Group
2014-08-12 04:57 . 2014-08-12 05:02 -------- d-----w- C:\FRST
2014-08-04 12:44 . 2014-08-04 12:44 -------- d-----w- c:\programdata\Mobile Partner
2014-08-04 12:43 . 2014-08-04 12:44 -------- d-----w- c:\programdata\airtel
2014-08-04 12:42 . 2014-08-04 12:44 -------- d-----w- c:\program files (x86)\airtel
2014-07-27 05:44 . 2014-08-12 13:01 -------- d-----w- c:\program files (x86)\Norton Internet Security
2014-07-14 01:52 . 2014-07-27 06:49 -------- d-----w- c:\users\ADMIN\AppData\Roaming\dvriversgpucpu
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-12 13:14 . 2014-05-11 05:41 96441528 ----a-w- c:\windows\system32\MRT.exe
2014-06-26 20:53 . 2014-06-16 09:37 703968 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-06-26 20:53 . 2014-06-16 09:37 105440 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-17 10:01 . 2014-06-18 05:28 61112 ----a-w- c:\windows\system32\drivers\{5906ab0f-5417-45a6-a4f5-8bc38ae936d5}w64.sys
2014-06-15 12:01 . 2014-06-15 12:01 718497 ----a-w- c:\windows\unins000.exe
2014-06-09 06:43 . 2014-06-15 16:25 61112 ----a-w- c:\windows\system32\drivers\{5906ab0f-5417-45a6-a4f5-8bc38ae936d5}Gw64.sys
2014-06-05 06:17 . 2014-06-05 06:17 50784 ----a-w- c:\programdata\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2014-06-05 06:17 . 2014-06-05 06:17 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2014-05-27 09:03 . 2014-05-27 09:03 258224 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10240.bin
2014-05-27 08:48 . 2014-05-27 08:44 11228600 ----a-w- C:\YTDSetup.exe
2014-05-24 02:48 . 2014-06-14 08:53 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2014-05-24 02:47 . 2014-06-14 08:52 2239488 ----a-w- c:\windows\system32\wininet.dll
2014-05-24 02:47 . 2014-06-14 08:52 915968 ----a-w- c:\windows\system32\uxtheme.dll
2014-05-24 02:47 . 2014-06-14 08:53 53760 ----a-w- c:\windows\system32\UXInit.dll
2014-05-24 02:47 . 2014-06-14 08:53 1366016 ----a-w- c:\windows\system32\urlmon.dll
2014-05-24 02:46 . 2014-06-14 08:53 197120 ----a-w- c:\windows\system32\msrating.dll
2014-05-24 02:46 . 2014-06-14 08:52 97792 ----a-w- c:\windows\system32\mshtmled.dll
2014-05-24 02:46 . 2014-06-14 08:52 19290112 ----a-w- c:\windows\system32\mshtml.dll
2014-05-24 02:46 . 2014-06-14 08:52 603136 ----a-w- c:\windows\system32\msfeeds.dll
2014-05-24 02:46 . 2014-06-14 08:52 53760 ----a-w- c:\windows\system32\jsproxy.dll
2014-05-24 02:46 . 2014-06-14 08:52 855552 ----a-w- c:\windows\system32\jscript.dll
2014-05-24 02:46 . 2014-06-14 08:50 3958784 ----a-w- c:\windows\system32\jscript9.dll
2014-05-24 02:46 . 2014-06-14 08:53 39936 ----a-w- c:\windows\system32\iernonce.dll
2014-05-24 02:46 . 2014-06-14 08:53 136704 ----a-w- c:\windows\system32\iesysprep.dll
2014-05-24 02:46 . 2014-06-14 08:52 67072 ----a-w- c:\windows\system32\iesetup.dll
2014-05-24 02:46 . 2014-06-14 08:50 2650112 ----a-w- c:\windows\system32\iertutil.dll
2014-05-24 02:46 . 2014-06-14 08:52 15368704 ----a-w- c:\windows\system32\ieframe.dll
2014-05-24 02:45 . 2014-06-14 08:52 281600 ----a-w- c:\windows\system32\dxtrans.dll
2014-05-24 02:45 . 2014-06-14 08:52 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2014-05-24 02:45 . 2014-06-14 08:52 1508864 ----a-w- c:\windows\system32\inetcpl.cpl
2014-05-24 01:26 . 2014-06-14 08:52 1766400 ----a-w- c:\windows\SysWow64\wininet.dll
2014-05-24 01:26 . 2014-06-14 08:53 44032 ----a-w- c:\windows\SysWow64\UXInit.dll
2014-05-24 01:25 . 2014-06-14 08:50 2862080 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-05-24 01:25 . 2014-06-14 08:53 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-05-24 01:25 . 2014-06-14 08:53 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2014-05-24 01:25 . 2014-06-14 08:53 1440768 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-05-24 01:09 . 2014-06-14 08:53 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-24 01:03 . 2014-06-14 08:52 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-05-23 22:37 . 2014-06-14 08:53 534528 ----a-w- c:\windows\SysWow64\uxtheme.dll
2014-05-18 16:30 . 2012-07-26 08:13 23264 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
2014-05-08 10:52 513648 ----a-w- c:\program files (x86)\SupTab\SupTab.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"asodakaossd"="start" [X]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-07-31 580512]
"HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-08-26 1342008]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-03-29 91432]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"SpUninstallCleanUp"="REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect" [X]
.
c:\users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
asodakaossd.lnk - c:\windows\system32\cmd.exe /c start c:\users\ADMIN\AppData\Roaming\aiasfacoafiasksf.vbs exit [2012-7-26 404992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 Aircel. RunOuc;Aircel. OUC;c:\program files (x86)\Aircel\UpdateDog\ouc.exe;c:\program files (x86)\Aircel\UpdateDog\ouc.exe [x]
R2 airtel. RunOuc;airtel. OUC;c:\program files (x86)\airtel\UpdateDog\ouc.exe;c:\program files (x86)\airtel\UpdateDog\ouc.exe [x]
S0 amd_sata;amd_sata;c:\windows\System32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\System32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW86.sys;c:\windows\SYSNATIVE\drivers\AtihdW86.sys [x]
S4 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1405000.01C\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1405000.01C\ccSetx64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
apphost REG_MULTI_SZ apphostsvc
iissvcs REG_MULTI_SZ w3svc was
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-07-21 1425408]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.trovi.com/?gd=&ctid=CT3325163&octid=EB_ORIGINAL_CTID&ISID=M9F5FF6FD-2657-4BCC-9871-511578EF470C&SearchSource=55&CUI=&UM=5&UP=SPFEEFAFC4-88E5-4A6A-91E2-30E40D1F8E5B&SSPV=
mDefault_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1402833879&from=epom&uid=HitachiXHTS545050A7E380_TEJ51239D3KRGXD3KRGXX&q={searchTerms}
mDefault_Page_URL = hxxp://isearch.omiga-plus.com/?type=hp&ts=1402833879&from=epom&uid=HitachiXHTS545050A7E380_TEJ51239D3KRGXD3KRGXX
mStart Page = hxxp://isearch.omiga-plus.com/?type=hp&ts=1402833879&from=epom&uid=HitachiXHTS545050A7E380_TEJ51239D3KRGXD3KRGXX
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1402833879&from=epom&uid=HitachiXHTS545050A7E380_TEJ51239D3KRGXD3KRGXX&q={searchTerms}
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: Interfaces\{503E23BF-9BAF-4929-9BBB-0237268DBD32}: NameServer = 10.80.213.136 27.251.58.195
TCP: Interfaces\{C94E5198-F376-4D6D-B576-34607FD0BE26}: NameServer = 10.80.213.136 27.251.58.195
TCP: Interfaces\{F2DACAB8-3CD2-4F0F-8506-A4A4BD481E88}: NameServer = 10.80.213.136 27.251.58.195
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{18b20944-f54e-4509-88fa-f0ad137bf8de} - c:\program files (x86)\Norpalla\E6530AE0-2A97-40EA-B158-8E43EBC1F63D.dll
BHO-{24166974-F12F-ECE7-B72D-3A0A79F55869} - c:\programdata\RegUULarDealuS\AX5a8Yd.dll
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
BHO-{24166974-F12F-ECE7-B72D-3A0A79F55869} - c:\programdata\RegUULarDealuS\AX5a8Yd.x64.dll
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{2F5F003B-C71B-72E3-42B4-DE51AB079EB2} - c:\programdata\CostMin\IHcwMJo0Kp.exe
AddRemove-{76DEE3DC-2B8B-E212-2126-D31D9E73DFE4} - c:\programdata\RegUULarDealuS\AX5a8Yd.exe
AddRemove-{B8019B54-F9BE-490A-9619-6D06F18F129F} - c:\program files (x86)\InstallShield Installation Information\{B8019B54-F9BE-490A-9619-6D06F18F129F}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NCO]
"ImagePath"="\"c:\program files (x86)\Norton Identity Safe\Engine\2014.7.3.12\NST.exe\" /s \"NCO\" /m \"c:\program files (x86)\Norton Identity Safe\Engine\2014.7.3.12\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Completion time: 2014-08-12 19:00:23
ComboFix-quarantined-files.txt 2014-08-12 13:30
.
Pre-Run: 127,481,483,264 bytes free
Post-Run: 126,893,187,072 bytes free
.
- - End Of File - - 11759DD7EA5672C33954488F24D05CB9
5FB38429D5D77768867C76DCBDB35194

#7 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:38 AM

Posted 12 August 2014 - 09:01 AM

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is saved to.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#8 madhumathi91

madhumathi91
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:08 AM

Posted 12 August 2014 - 01:02 PM

ComboFix 14-08-12.01 - ADMIN 12-08-2014 21:53:58.2.2 - x64
Microsoft Windows 8 Single Language 6.2.9200.0.1252.91.1033.18.1634.716 [GMT 5.5:30]
Running from: c:\users\ADMIN\Desktop\ComboFix.exe
Command switches used :: c:\users\ADMIN\Desktop\CFScript.txt
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\drivers\{5906ab0f-5417-45a6-a4f5-8bc38ae936d5}Gw64.sys"
"c:\windows\system32\drivers\{5906ab0f-5417-45a6-a4f5-8bc38ae936d5}w64.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\50CoupOunS
c:\program files (x86)\RandomPriiceu
c:\program files (x86)\SupTab
c:\program files (x86)\SupTab\DpInterface32.dll
c:\program files (x86)\SupTab\DpInterface64.dll
c:\program files (x86)\SupTab\DpInterfacef32.dll
c:\program files (x86)\SupTab\ient.json
c:\program files (x86)\SupTab\install.data
c:\program files (x86)\SupTab\RSHP.exe
c:\program files (x86)\SupTab\SpAPPSv32.dll
c:\program files (x86)\SupTab\SpAPPSv64.dll
c:\program files (x86)\SupTab\SupTab.dll
c:\program files (x86)\SupTab\uninstall.exe
c:\program files (x86)\SupTab\web\_locales\en-US\messages.json
c:\program files (x86)\SupTab\web\_locales\es-419\messages.json
c:\program files (x86)\SupTab\web\_locales\es-ES\messages.json
c:\program files (x86)\SupTab\web\_locales\fr-BE\messages.json
c:\program files (x86)\SupTab\web\_locales\fr-CA\messages.json
c:\program files (x86)\SupTab\web\_locales\fr-CH\messages.json
c:\program files (x86)\SupTab\web\_locales\fr-FR\messages.json
c:\program files (x86)\SupTab\web\_locales\fr-LU\messages.json
c:\program files (x86)\SupTab\web\_locales\it-CH\messages.json
c:\program files (x86)\SupTab\web\_locales\it-IT\messages.json
c:\program files (x86)\SupTab\web\_locales\pl\messages.json
c:\program files (x86)\SupTab\web\_locales\pt-BR\messages.json
c:\program files (x86)\SupTab\web\_locales\pt\messages.json
c:\program files (x86)\SupTab\web\_locales\ru-MO\messages.json
c:\program files (x86)\SupTab\web\_locales\ru\messages.json
c:\program files (x86)\SupTab\web\_locales\tr-TR\messages.json
c:\program files (x86)\SupTab\web\_locales\vi-VI\messages.json
c:\program files (x86)\SupTab\web\_locales\zh-CN\messages.json
c:\program files (x86)\SupTab\web\_locales\zh-TW\messages.json
c:\program files (x86)\SupTab\web\data.html
c:\program files (x86)\SupTab\web\img\arrow.png
c:\program files (x86)\SupTab\web\img\default_add_logo.png
c:\program files (x86)\SupTab\web\img\default_add_logo_hover.png
c:\program files (x86)\SupTab\web\img\default_logo.png
c:\program files (x86)\SupTab\web\img\google_trends.png
c:\program files (x86)\SupTab\web\img\googlelogo.png
c:\program files (x86)\SupTab\web\img\googlelogo2.png
c:\program files (x86)\SupTab\web\img\icon128.png
c:\program files (x86)\SupTab\web\img\icon16.png
c:\program files (x86)\SupTab\web\img\icon48.png
c:\program files (x86)\SupTab\web\img\loading.gif
c:\program files (x86)\SupTab\web\img\logo32.ico
c:\program files (x86)\SupTab\web\img\weather\0.png
c:\program files (x86)\SupTab\web\indexIE.html
c:\program files (x86)\SupTab\web\indexIE8.html
c:\program files (x86)\SupTab\web\js\common.js
c:\program files (x86)\SupTab\web\js\ga.js
c:\program files (x86)\SupTab\web\js\ie8.js
c:\program files (x86)\SupTab\web\js\jquery-1.11.0.min.js
c:\program files (x86)\SupTab\web\js\jquery.autocomplete.js
c:\program files (x86)\SupTab\web\js\js.js
c:\program files (x86)\SupTab\web\js\library.js
c:\program files (x86)\SupTab\web\js\xagainit.js
c:\program files (x86)\SupTab\web\main.css
c:\program files (x86)\SupTab\web\ver.txt
c:\program files (x86)\SupTab\WebDataJs
.
.
((((((((((((((((((((((((( Files Created from 2014-07-12 to 2014-08-12 )))))))))))))))))))))))))))))))
.
.
2014-08-12 16:35 . 2014-08-12 16:35 -------- d-----w- c:\users\Guest\AppData\Local\temp
2014-08-12 16:35 . 2014-08-12 16:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-12 16:35 . 2014-08-12 16:35 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2014-08-12 13:30 . 2014-08-12 16:35 -------- d-----w- c:\users\ADMIN\AppData\Local\temp
2014-08-12 12:59 . 2014-08-12 12:59 -------- d-----w- c:\windows\system32\drivers\NSTx64
2014-08-12 12:59 . 2014-08-12 12:59 -------- d-----w- c:\program files (x86)\Norton Identity Safe
2014-08-12 12:37 . 2014-08-12 12:37 -------- d-----w- c:\program files (x86)\VS Revo Group
2014-08-12 04:57 . 2014-08-12 05:02 -------- d-----w- C:\FRST
2014-08-04 12:44 . 2014-08-04 12:44 -------- d-----w- c:\programdata\Mobile Partner
2014-08-04 12:43 . 2014-08-04 12:44 -------- d-----w- c:\programdata\airtel
2014-08-04 12:42 . 2014-08-04 12:44 -------- d-----w- c:\program files (x86)\airtel
2014-07-14 01:52 . 2014-07-27 06:49 -------- d-----w- c:\users\ADMIN\AppData\Roaming\dvriversgpucpu
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-12 13:14 . 2014-05-11 05:41 96441528 ----a-w- c:\windows\system32\MRT.exe
2014-06-26 20:53 . 2014-06-16 09:37 703968 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-06-26 20:53 . 2014-06-16 09:37 105440 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-17 10:01 . 2014-06-18 05:28 61112 ----a-w- c:\windows\system32\drivers\{5906ab0f-5417-45a6-a4f5-8bc38ae936d5}w64.sys
2014-06-15 12:01 . 2014-06-15 12:01 718497 ----a-w- c:\windows\unins000.exe
2014-06-09 06:43 . 2014-06-15 16:25 61112 ----a-w- c:\windows\system32\drivers\{5906ab0f-5417-45a6-a4f5-8bc38ae936d5}Gw64.sys
2014-06-05 06:17 . 2014-06-05 06:17 50784 ----a-w- c:\programdata\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2014-06-05 06:17 . 2014-06-05 06:17 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2014-05-27 09:03 . 2014-05-27 09:03 258224 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10240.bin
2014-05-27 08:48 . 2014-05-27 08:44 11228600 ----a-w- C:\YTDSetup.exe
2014-05-24 02:48 . 2014-06-14 08:53 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2014-05-24 02:47 . 2014-06-14 08:52 2239488 ----a-w- c:\windows\system32\wininet.dll
2014-05-24 02:47 . 2014-06-14 08:52 915968 ----a-w- c:\windows\system32\uxtheme.dll
2014-05-24 02:47 . 2014-06-14 08:53 53760 ----a-w- c:\windows\system32\UXInit.dll
2014-05-24 02:47 . 2014-06-14 08:53 1366016 ----a-w- c:\windows\system32\urlmon.dll
2014-05-24 02:46 . 2014-06-14 08:53 197120 ----a-w- c:\windows\system32\msrating.dll
2014-05-24 02:46 . 2014-06-14 08:52 97792 ----a-w- c:\windows\system32\mshtmled.dll
2014-05-24 02:46 . 2014-06-14 08:52 19290112 ----a-w- c:\windows\system32\mshtml.dll
2014-05-24 02:46 . 2014-06-14 08:52 603136 ----a-w- c:\windows\system32\msfeeds.dll
2014-05-24 02:46 . 2014-06-14 08:52 53760 ----a-w- c:\windows\system32\jsproxy.dll
2014-05-24 02:46 . 2014-06-14 08:52 855552 ----a-w- c:\windows\system32\jscript.dll
2014-05-24 02:46 . 2014-06-14 08:50 3958784 ----a-w- c:\windows\system32\jscript9.dll
2014-05-24 02:46 . 2014-06-14 08:53 39936 ----a-w- c:\windows\system32\iernonce.dll
2014-05-24 02:46 . 2014-06-14 08:53 136704 ----a-w- c:\windows\system32\iesysprep.dll
2014-05-24 02:46 . 2014-06-14 08:52 67072 ----a-w- c:\windows\system32\iesetup.dll
2014-05-24 02:46 . 2014-06-14 08:50 2650112 ----a-w- c:\windows\system32\iertutil.dll
2014-05-24 02:46 . 2014-06-14 08:52 15368704 ----a-w- c:\windows\system32\ieframe.dll
2014-05-24 02:45 . 2014-06-14 08:52 281600 ----a-w- c:\windows\system32\dxtrans.dll
2014-05-24 02:45 . 2014-06-14 08:52 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2014-05-24 02:45 . 2014-06-14 08:52 1508864 ----a-w- c:\windows\system32\inetcpl.cpl
2014-05-24 01:26 . 2014-06-14 08:52 1766400 ----a-w- c:\windows\SysWow64\wininet.dll
2014-05-24 01:26 . 2014-06-14 08:53 44032 ----a-w- c:\windows\SysWow64\UXInit.dll
2014-05-24 01:25 . 2014-06-14 08:50 2862080 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-05-24 01:25 . 2014-06-14 08:53 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-05-24 01:25 . 2014-06-14 08:53 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2014-05-24 01:25 . 2014-06-14 08:53 1440768 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-05-24 01:09 . 2014-06-14 08:53 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-24 01:03 . 2014-06-14 08:52 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-05-23 22:37 . 2014-06-14 08:53 534528 ----a-w- c:\windows\SysWow64\uxtheme.dll
2014-05-18 16:30 . 2012-07-26 08:13 23264 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{18b20944-f54e-4509-88fa-f0ad137bf8de}]
2014-08-12 13:30 250144 ----a-w- c:\program files (x86)\Norpalla\NorpallaBHO.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{24166974-F12F-ECE7-B72D-3A0A79F55869}]
c:\programdata\RegUULarDealuS\AX5a8Yd.dll [BU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-07-31 580512]
"HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-08-26 1342008]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-03-29 91432]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
.
c:\users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
asodakaossd.lnk - c:\windows\system32\cmd.exe /c start c:\users\ADMIN\AppData\Roaming\aiasfacoafiasksf.vbs exit [2012-7-26 404992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 Aircel. RunOuc;Aircel. OUC;c:\program files (x86)\Aircel\UpdateDog\ouc.exe;c:\program files (x86)\Aircel\UpdateDog\ouc.exe [x]
R2 airtel. RunOuc;airtel. OUC;c:\program files (x86)\airtel\UpdateDog\ouc.exe;c:\program files (x86)\airtel\UpdateDog\ouc.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\System32\drivers\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\drivers\ew_usbenumfilter.sys [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\System32\drivers\ew_juextctrl.sys;c:\windows\SYSNATIVE\drivers\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
R3 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
R3 rtbth;RTBTH Bluetooth Device Driver;c:\windows\System32\drivers\rtbth.sys;c:\windows\SYSNATIVE\drivers\rtbth.sys [x]
R3 SmbDrv;SmbDrv;c:\windows\System32\drivers\Smb_driver_AMDASF.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_AMDASF.sys [x]
R3 SmbDrvI;SmbDrvI;c:\windows\System32\drivers\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_Intel.sys [x]
R3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys;c:\windows\SYSNATIVE\DRIVERS\CT_ZTEMT_U_USBSER.sys [x]
S0 amd_sata;amd_sata;c:\windows\System32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\System32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x]
S1 {5906ab0f-5417-45a6-a4f5-8bc38ae936d5}Gw64;{5906ab0f-5417-45a6-a4f5-8bc38ae936d5}Gw64;c:\windows\system32\drivers\{5906ab0f-5417-45a6-a4f5-8bc38ae936d5}Gw64.sys;c:\windows\SYSNATIVE\drivers\{5906ab0f-5417-45a6-a4f5-8bc38ae936d5}Gw64.sys [x]
S1 {5906ab0f-5417-45a6-a4f5-8bc38ae936d5}w64;{5906ab0f-5417-45a6-a4f5-8bc38ae936d5}w64;c:\windows\system32\drivers\{5906ab0f-5417-45a6-a4f5-8bc38ae936d5}w64.sys;c:\windows\SYSNATIVE\drivers\{5906ab0f-5417-45a6-a4f5-8bc38ae936d5}w64.sys [x]
S1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NSTx64\7DE07030.00C\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NSTx64\7DE07030.00C\ccSetx64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 NCO;Norton Identity Safe;c:\program files (x86)\Norton Identity Safe\Engine\2014.7.3.12\NST.exe;c:\program files (x86)\Norton Identity Safe\Engine\2014.7.3.12\NST.exe [x]
S2 UDisk Monitor;UDisk Monitor;c:\program files\Reliance Netconnect+\bin\MonServiceUDisk.exe;c:\program files\Reliance Netconnect+\bin\MonServiceUDisk.exe [x]
S2 Update Norpalla;Update Norpalla;c:\program files (x86)\Norpalla\updateNorpalla.exe;c:\program files (x86)\Norpalla\updateNorpalla.exe [x]
S2 Util Norpalla;Util Norpalla;c:\program files (x86)\Norpalla\bin\utilNorpalla.exe;c:\program files (x86)\Norpalla\bin\utilNorpalla.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW86.sys;c:\windows\SYSNATIVE\drivers\AtihdW86.sys [x]
S3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbwwan.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\System32\drivers\ew_jubusenum.sys;c:\windows\SYSNATIVE\drivers\ew_jubusenum.sys [x]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
S3 WirelessButtonDriver;HP Wireless Button Driver Service;c:\windows\System32\drivers\WirelessButtonDriver64.sys;c:\windows\SYSNATIVE\drivers\WirelessButtonDriver64.sys [x]
S3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
apphost REG_MULTI_SZ apphostsvc
iissvcs REG_MULTI_SZ w3svc was
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-07-21 1425408]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1402833879&from=epom&uid=HitachiXHTS545050A7E380_TEJ51239D3KRGXD3KRGXX&q={searchTerms}
mDefault_Page_URL = hxxp://isearch.omiga-plus.com/?type=hp&ts=1402833879&from=epom&uid=HitachiXHTS545050A7E380_TEJ51239D3KRGXD3KRGXX
mStart Page = hxxp://isearch.omiga-plus.com/?type=hp&ts=1402833879&from=epom&uid=HitachiXHTS545050A7E380_TEJ51239D3KRGXD3KRGXX
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1402833879&from=epom&uid=HitachiXHTS545050A7E380_TEJ51239D3KRGXD3KRGXX&q={searchTerms}
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: Interfaces\{503E23BF-9BAF-4929-9BBB-0237268DBD32}: NameServer = 10.80.213.136 27.251.58.195
TCP: Interfaces\{AF221CC3-F8F0-4F24-88C1-3FFB799FE07A}: NameServer = 203.145.160.5 203.145.160.6
TCP: Interfaces\{C94E5198-F376-4D6D-B576-34607FD0BE26}: NameServer = 10.80.213.136 27.251.58.195
TCP: Interfaces\{F2DACAB8-3CD2-4F0F-8506-A4A4BD481E88}: NameServer = 10.80.213.136 27.251.58.195
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - c:\program files (x86)\SupTab\SupTab.dll
AddRemove-{2F5F003B-C71B-72E3-42B4-DE51AB079EB2} - c:\programdata\CostMin\IHcwMJo0Kp.exe
AddRemove-{76DEE3DC-2B8B-E212-2126-D31D9E73DFE4} - c:\programdata\RegUULarDealuS\AX5a8Yd.exe
AddRemove-{B8019B54-F9BE-490A-9619-6D06F18F129F} - c:\program files (x86)\InstallShield Installation Information\{B8019B54-F9BE-490A-9619-6D06F18F129F}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NCO]
"ImagePath"="\"c:\program files (x86)\Norton Identity Safe\Engine\2014.7.3.12\NST.exe\" /s \"NCO\" /m \"c:\program files (x86)\Norton Identity Safe\Engine\2014.7.3.12\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\programdata\Aircel\OnlineUpdate\ouc.exe
c:\programdata\Mobile Partner\OnlineUpdate\ouc.exe
c:\programdata\DatacardService\DCSHelper.exe
c:\program files (x86)\airtel\airtel.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
.
**************************************************************************
.
Completion time: 2014-08-12 22:16:51 - machine was rebooted
ComboFix-quarantined-files.txt 2014-08-12 16:46
ComboFix2.txt 2014-08-12 13:30
.
Pre-Run: 126,868,353,024 bytes free
Post-Run: 126,731,378,688 bytes free
.
- - End Of File - - C4EF561085B142D87359D6861827A883
5FB38429D5D77768867C76DCBDB35194

#9 madhumathi91

madhumathi91
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:08 AM

Posted 12 August 2014 - 01:05 PM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12-08-2014
Scan Time: 22:55:35
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.12.09
Rootkit Database: v2014.08.04.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8
CPU: x64
File System: NTFS
User: ADMIN

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 332690
Time Elapsed: 28 min, 0 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 2
PUP.Optional.Norpalla.A, C:\Program Files (x86)\Norpalla\updateNorpalla.exe, 2076, Delete-on-Reboot, [7b3e269fdc9f67cf64c4d49d699824dc]
PUP.Optional.Norpalla.A, C:\Program Files (x86)\Norpalla\bin\utilNorpalla.exe, 2172, Delete-on-Reboot, [b702784de09b7fb77badfc75cf329070]

Modules: 0
(No malicious items detected)

Registry Keys: 19
PUP.Optional.Norpalla.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update Norpalla, Quarantined, [7b3e269fdc9f67cf64c4d49d699824dc],
PUP.Optional.Norpalla.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util Norpalla, Quarantined, [b702784de09b7fb77badfc75cf329070],
PUP.Optional.Norpalla.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{18b20944-f54e-4509-88fa-f0ad137bf8de}, Quarantined, [249505c0dd9ec86e893a2b4023dfdc24],
PUP.Optional.Norpalla.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{18B20944-F54E-4509-88FA-F0AD137BF8DE}, Quarantined, [249505c0dd9ec86e893a2b4023dfdc24],
PUP.Optional.Skytech.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\omiga-plus uninstaller, Quarantined, [8930d3f2ceadd0663367167a14ed926e],
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{5906ab0f-5417-45a6-a4f5-8bc38ae936d5}Gw64, Quarantined, [dedb15b0aecd6accf6e009d426dc55ab],
PUP.Optional.Norpalla.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Norpalla, Quarantined, [4772675ec7b4d26440c4629c8a789967],
PUP.Optional.Norpalla.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}, Quarantined, [4772675ec7b4d26440c4629c8a789967],
PUP.Optional.Norpalla.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}, Quarantined, [4772675ec7b4d26440c4629c8a789967],
PUP.Optional.Norpalla.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}, Quarantined, [4772675ec7b4d26440c4629c8a789967],
PUP.Optional.Norpalla.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}, Quarantined, [4772675ec7b4d26440c4629c8a789967],
PUP.Optional.Norpalla.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}, Quarantined, [4772675ec7b4d26440c4629c8a789967],
PUP.Optional.Norpalla.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}, Quarantined, [4772675ec7b4d26440c4629c8a789967],
PUP.Optional.Norpalla.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}, Quarantined, [4772675ec7b4d26440c4629c8a789967],
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{5906ab0f-5417-45a6-a4f5-8bc38ae936d5}w64, Quarantined, [64558144d3a82c0a8d30c37adf2541bf],
PUP.Optional.Norpalla.A, HKLM\SOFTWARE\WOW6432NODE\Norpalla, Quarantined, [08b1b11499e29a9c61a5946a7989e917],
PUP.Optional.WindowsProtectManger.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsProtectManger, Quarantined, [f7c2bd08d3a849ed261cbd2645bd8d73],
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-1400237977-3497443168-188484442-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Conduit_Search_Protect, Quarantined, [b8013392b2c91d1905c32e0e3aca26da],
PUP.Optional.Norpalla.A, HKU\S-1-5-21-1400237977-3497443168-188484442-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Norpalla, Quarantined, [bbfedbea99e2da5c27de3cc27d85ec14],

Registry Values: 0
(No malicious items detected)

Registry Data: 1
PUP.Optional.ISearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://isearch.omiga-plus.com/web/?type=ds&ts=1402833879&from=epom&uid=HitachiXHTS545050A7E380_TEJ51239D3KRGXD3KRGXX&q={searchTerms}, Good: (www.google.com), Bad: (http://isearch.omiga-plus.com/web/?type=ds&ts=1402833879&from=epom&uid=HitachiXHTS545050A7E380_TEJ51239D3KRGXD3KRGXX&q={searchTerms}),Replaced,[11a85f66007b56e0e439a121e123f010]

Folders: 11
PUP.Optional.OmigaPlus.A, C:\Users\ADMIN\AppData\Roaming\omiga-plus, Quarantined, [2099a71e7407d363340aedf6e71b32ce],
PUP.Optional.OmigaPlus.A, C:\Users\ADMIN\AppData\Roaming\omiga-plus\images, Quarantined, [2099a71e7407d363340aedf6e71b32ce],
PUP.Optional.OmigaPlus.A, C:\Users\ADMIN\AppData\Roaming\omiga-plus\images\code, Quarantined, [2099a71e7407d363340aedf6e71b32ce],
PUP.Optional.Norpalla.A, C:\Program Files (x86)\Norpalla, Delete-on-Reboot, [4772675ec7b4d26440c4629c8a789967],
PUP.Optional.Norpalla.A, C:\Program Files (x86)\Norpalla\bin, Delete-on-Reboot, [4772675ec7b4d26440c4629c8a789967],
PUP.Optional.Norpalla.A, C:\Program Files (x86)\Norpalla\bin\plugins, Quarantined, [4772675ec7b4d26440c4629c8a789967],
PUP.Optional.Norpalla.A, C:\Program Files (x86)\Norpalla\bin\TEMP, Quarantined, [4772675ec7b4d26440c4629c8a789967],
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices, Quarantined, [7f3a9d28522948ee0bb129a1ff03fe02],
PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update, Quarantined, [7f3a9d28522948ee0bb129a1ff03fe02],
Trojan.BitcoinMiner, C:\Users\ADMIN\AppData\Roaming\dvriversgpucpu, Quarantined, [c5f43c89d1aa75c16a46c1119c6634cc],
PUP.Optional.SupTab.A, C:\Users\ADMIN\AppData\Roaming\SupTab, Quarantined, [5e5b0bba8eed1c1adc7a4390a75b1fe1],

Files: 62
PUP.Optional.Norpalla.A, C:\Program Files (x86)\Norpalla\updateNorpalla.exe, Delete-on-Reboot, [7b3e269fdc9f67cf64c4d49d699824dc],
PUP.Optional.Norpalla.A, C:\Program Files (x86)\Norpalla\bin\utilNorpalla.exe, Delete-on-Reboot, [b702784de09b7fb77badfc75cf329070],
PUP.Optional.Norpalla.A, C:\Program Files (x86)\Norpalla\NorpallaBHO.dll, Quarantined, [249505c0dd9ec86e893a2b4023dfdc24],
PUP.Optional.Skytech.A, C:\Users\ADMIN\AppData\Roaming\omiga-plus\UninstallManager.exe, Quarantined, [8930d3f2ceadd0663367167a14ed926e],
PUP.Optional.Spigot, C:\YTDSetup.exe, Quarantined, [972204c13942999ded969c092ed3bb45],
PUP.Optional.Sanbreel.A, C:\Windows\System32\Drivers\{5906ab0f-5417-45a6-a4f5-8bc38ae936d5}Gw64.sys, Quarantined, [dedb15b0aecd6accf6e009d426dc55ab],
PUP.Optional.OmigaPlus.A, C:\Users\ADMIN\AppData\Roaming\omiga-plus\MessageBox.xml, Quarantined, [2099a71e7407d363340aedf6e71b32ce],
PUP.Optional.OmigaPlus.A, C:\Users\ADMIN\AppData\Roaming\omiga-plus\145.json, Quarantined, [2099a71e7407d363340aedf6e71b32ce],
PUP.Optional.OmigaPlus.A, C:\Users\ADMIN\AppData\Roaming\omiga-plus\uninstallDlg2.xml, Quarantined, [2099a71e7407d363340aedf6e71b32ce],
PUP.Optional.OmigaPlus.A, C:\Users\ADMIN\AppData\Roaming\omiga-plus\images\bg.png, Quarantined, [2099a71e7407d363340aedf6e71b32ce],
PUP.Optional.OmigaPlus.A, C:\Users\ADMIN\AppData\Roaming\omiga-plus\images\bg1.png, Quarantined, [2099a71e7407d363340aedf6e71b32ce],
PUP.Optional.OmigaPlus.A, C:\Users\ADMIN\AppData\Roaming\omiga-plus\images\bk_shadow.png, Quarantined, [2099a71e7407d363340aedf6e71b32ce],
PUP.Optional.OmigaPlus.A, C:\Users\ADMIN\AppData\Roaming\omiga-plus\images\button.png, Quarantined, [2099a71e7407d363340aedf6e71b32ce],
PUP.Optional.OmigaPlus.A, C:\Users\ADMIN\AppData\Roaming\omiga-plus\images\button1.png, Quarantined, [2099a71e7407d363340aedf6e71b32ce],
PUP.Optional.OmigaPlus.A, C:\Users\ADMIN\AppData\Roaming\omiga-plus\images\checkbox.png, Quarantined, [2099a71e7407d363340aedf6e71b32ce],
PUP.Optional.OmigaPlus.A, C:\Users\ADMIN\AppData\Roaming\omiga-plus\images\checkbox_select.png, Quarantined, [2099a71e7407d363340aedf6e71b32ce],
PUP.Optional.OmigaPlus.A, C:\Users\ADMIN\AppData\Roaming\omiga-plus\images\checked.png, Quarantined, [2099a71e7407d363340aedf6e71b32ce],
PUP.Optional.OmigaPlus.A, C:\Users\ADMIN\AppData\Roaming\omiga-plus\images\close.png, Quarantined, [2099a71e7407d363340aedf6e71b32ce],
PUP.Optional.OmigaPlus.A, C:\Users\ADMIN\AppData\Roaming\omiga-plus\images\loading_bg.png, Quarantined, [2099a71e7407d363340aedf6e71b32ce],
PUP.Optional.OmigaPlus.A, C:\Users\ADMIN\AppData\Roaming\omiga-plus\images\loading_light.png, Quarantined, [2099a71e7407d363340aedf6e71b32ce],
PUP.Optional.OmigaPlus.A, C:\Users\ADMIN\AppData\Roaming\omiga-plus\images\min.png, Quarantined, [2099a71e7407d363340aedf6e71b32ce],
PUP.Optional.OmigaPlus.A, C:\Users\ADMIN\AppData\Roaming\omiga-plus\images\scrollbar.bmp, Quarantined, [2099a71e7407d363340aedf6e71b32ce],
PUP.Optional.OmigaPlus.A, C:\Users\ADMIN\AppData\Roaming\omiga-plus\images\Thumbs.db, Quarantined, [2099a71e7407d363340aedf6e71b32ce],
PUP.Optional.OmigaPlus.A, C:\Users\ADMIN\AppData\Roaming\omiga-plus\images\unchecked.png, Quarantined, [2099a71e7407d363340aedf6e71b32ce],
PUP.Optional.OmigaPlus.A, C:\Users\ADMIN\AppData\Roaming\omiga-plus\images\code\code1.jpg, Quarantined, [2099a71e7407d363340aedf6e71b32ce],
PUP.Optional.OmigaPlus.A, C:\Users\ADMIN\AppData\Roaming\omiga-plus\images\code\code2.jpg, Quarantined, [2099a71e7407d363340aedf6e71b32ce],
PUP.Optional.OmigaPlus.A, C:\Users\ADMIN\AppData\Roaming\omiga-plus\images\code\code3.jpg, Quarantined, [2099a71e7407d363340aedf6e71b32ce],
PUP.Optional.OmigaPlus.A, C:\Users\ADMIN\AppData\Roaming\omiga-plus\images\code\code4.jpg, Quarantined, [2099a71e7407d363340aedf6e71b32ce],
PUP.Optional.OmigaPlus.A, C:\Users\ADMIN\AppData\Roaming\omiga-plus\images\code\code5.jpg, Quarantined, [2099a71e7407d363340aedf6e71b32ce],
PUP.Optional.OmigaPlus.A, C:\Users\ADMIN\AppData\Roaming\omiga-plus\images\code\code6.jpg, Quarantined, [2099a71e7407d363340aedf6e71b32ce],
PUP.Optional.OmigaPlus.A, C:\Users\ADMIN\AppData\Roaming\omiga-plus\images\code\Thumbs.db, Quarantined, [2099a71e7407d363340aedf6e71b32ce],
Malware.Trace.E, C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\asodakaossd.lnk, Quarantined, [2198398cc3b88babb55bcb2a6999f30d],
PUP.Optional.Norpalla.A, C:\Program Files (x86)\Norpalla\Norpalla.ico, Quarantined, [4772675ec7b4d26440c4629c8a789967],
PUP.Optional.Norpalla.A, C:\Program Files (x86)\Norpalla\0, Quarantined, [4772675ec7b4d26440c4629c8a789967],
PUP.Optional.Norpalla.A, C:\Program Files (x86)\Norpalla\7za.exe, Quarantined, [4772675ec7b4d26440c4629c8a789967],
PUP.Optional.Norpalla.A, C:\Program Files (x86)\Norpalla\NorpallaUninstall.exe, Quarantined, [4772675ec7b4d26440c4629c8a789967],
PUP.Optional.Norpalla.A, C:\Program Files (x86)\Norpalla\updateNorpalla.InstallState, Quarantined, [4772675ec7b4d26440c4629c8a789967],
PUP.Optional.Norpalla.A, C:\Program Files (x86)\Norpalla\bin\7za.exe, Quarantined, [4772675ec7b4d26440c4629c8a789967],
PUP.Optional.Norpalla.A, C:\Program Files (x86)\Norpalla\bin\BrowserAdapterS.7z, Quarantined, [4772675ec7b4d26440c4629c8a789967],
PUP.Optional.Norpalla.A, C:\Program Files (x86)\Norpalla\bin\Norpalla.BrowserAdapter.exe, Quarantined, [4772675ec7b4d26440c4629c8a789967],
PUP.Optional.Norpalla.A, C:\Program Files (x86)\Norpalla\bin\Norpalla.PurBrowse.zip, Quarantined, [4772675ec7b4d26440c4629c8a789967],
PUP.Optional.Norpalla.A, C:\Program Files (x86)\Norpalla\bin\Norpalla.PurBrowse64.exe, Quarantined, [4772675ec7b4d26440c4629c8a789967],
PUP.Optional.Norpalla.A, C:\Program Files (x86)\Norpalla\bin\Norpalla.PurBrowseG.zip, Quarantined, [4772675ec7b4d26440c4629c8a789967],
PUP.Optional.Norpalla.A, C:\Program Files (x86)\Norpalla\bin\NorpallaBAApp.dll, Quarantined, [4772675ec7b4d26440c4629c8a789967],
PUP.Optional.Norpalla.A, C:\Program Files (x86)\Norpalla\bin\utilNorpalla.InstallState, Quarantined, [4772675ec7b4d26440c4629c8a789967],
PUP.Optional.Norpalla.A, C:\Program Files (x86)\Norpalla\bin\{5906ab0f-5417-45a6-a4f5-8bc38ae936d5}.dll, Quarantined, [4772675ec7b4d26440c4629c8a789967],
PUP.Optional.Norpalla.A, C:\Program Files (x86)\Norpalla\bin\plugins\Norpalla.Bromon.dll, Quarantined, [4772675ec7b4d26440c4629c8a789967],
PUP.Optional.Norpalla.A, C:\Program Files (x86)\Norpalla\bin\plugins\Norpalla.BroStats.dll, Quarantined, [4772675ec7b4d26440c4629c8a789967],
PUP.Optional.Norpalla.A, C:\Program Files (x86)\Norpalla\bin\plugins\Norpalla.BrowserAdapterS.dll, Quarantined, [4772675ec7b4d26440c4629c8a789967],
PUP.Optional.Norpalla.A, C:\Program Files (x86)\Norpalla\bin\plugins\Norpalla.CompatibilityChecker.dll, Quarantined, [4772675ec7b4d26440c4629c8a789967],
PUP.Optional.Norpalla.A, C:\Program Files (x86)\Norpalla\bin\plugins\Norpalla.FFUpdate.dll, Quarantined, [4772675ec7b4d26440c4629c8a789967],
PUP.Optional.Norpalla.A, C:\Program Files (x86)\Norpalla\bin\plugins\Norpalla.IEUpdate.dll, Quarantined, [4772675ec7b4d26440c4629c8a789967],
PUP.Optional.Norpalla.A, C:\Program Files (x86)\Norpalla\bin\plugins\Norpalla.PurBrowse.dll, Quarantined, [4772675ec7b4d26440c4629c8a789967],
PUP.Optional.Norpalla.A, C:\Program Files (x86)\Norpalla\bin\plugins\Norpalla.PurBrowseG.dll, Quarantined, [4772675ec7b4d26440c4629c8a789967],
PUP.Optional.QuickStart.A, C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pelmeidfhdlhlbjimpabfcbnnojbboma_0.localstorage, Quarantined, [b20744817b00ad89dee9fb416a9ad927],
PUP.Optional.QuickStart.A, C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pelmeidfhdlhlbjimpabfcbnnojbboma_0.localstorage-journal, Quarantined, [8435f3d2314a7cba478086b66a9aac54],
PUP.Optional.Sanbreel.A, C:\Windows\System32\Drivers\{5906ab0f-5417-45a6-a4f5-8bc38ae936d5}w64.sys, Quarantined, [64558144d3a82c0a8d30c37adf2541bf],
Trojan.BitcoinMiner, C:\Users\ADMIN\AppData\Roaming\dvriversgpucpu\1405302740_log.txt, Quarantined, [c5f43c89d1aa75c16a46c1119c6634cc],
Trojan.BitcoinMiner, C:\Users\ADMIN\AppData\Roaming\dvriversgpucpu\1405350094_log.txt, Quarantined, [c5f43c89d1aa75c16a46c1119c6634cc],
Trojan.BitcoinMiner, C:\Users\ADMIN\AppData\Roaming\dvriversgpucpu\1405408506_log.txt, Quarantined, [c5f43c89d1aa75c16a46c1119c6634cc],
Trojan.BitcoinMiner, C:\Users\ADMIN\AppData\Roaming\dvriversgpucpu\1405475353_log.txt, Quarantined, [c5f43c89d1aa75c16a46c1119c6634cc],
Trojan.BitcoinMiner, C:\Users\ADMIN\AppData\Roaming\dvriversgpucpu\1405520510_log.txt, Quarantined, [c5f43c89d1aa75c16a46c1119c6634cc],

Physical Sectors: 0
(No malicious items detected)


(end)

#10 madhumathi91

madhumathi91
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:08 AM

Posted 12 August 2014 - 01:09 PM

Hi..there is no appearance of black screen with aiasfacoiaksf.vbs error after scanning malware and restarting the computer..i have
also posted the logs...Thank you so much for your help...Thanks a lot..

#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:38 AM

Posted 14 August 2014 - 04:57 AM

We´re not finished yet!

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#12 madhumathi91

madhumathi91
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:08 AM

Posted 14 August 2014 - 10:36 PM

Hi...i have WiFi option in my laptop but it is not working even though after several services were made. Few months back it will automatically got off and again automatically got on but now it is not at all working...
Please help and give some solutions. Thank you...

#13 madhumathi91

madhumathi91
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:08 AM

Posted 15 August 2014 - 12:16 AM

i scan the system with ESET Scanner..
C:\Qoobox\Quarantine\C\Program Files (x86)\SupTab\DpInterface32.dll.vir Win32/Thinknice.B potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\SupTab\DpInterface64.dll.vir Win64/Thinknice.A potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\SupTab\DpInterfacef32.dll.vir a variant of Win32/Thinknice.B potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\SupTab\RSHP.exe.vir a variant of Win32/ELEX.AR potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\SupTab\SpAPPSv32.dll.vir a variant of Win32/Thinknice.C potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\SupTab\SpAPPSv64.dll.vir a variant of Win64/Thinknice.C potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir Win32/Thinknice.B potentially unwanted application
C:\Qoobox\Quarantine\C\ProgramData\RegUULarDealuS\AX5a8Yd.dll.vir a variant of Win32/AdWare.MultiPlug.AY application
C:\Qoobox\Quarantine\C\ProgramData\RegUULarDealuS\AX5a8Yd.exe.vir a variant of Win32/AdWare.MultiPlug.AG application
C:\Qoobox\Quarantine\C\ProgramData\RegUULarDealuS\AX5a8Yd.x64.dll.vir a variant of Win64/Adware.MultiPlug.D application
F:\AntiVir Desktop\apnic.dll a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
F:\AntiVir Desktop\apnstub.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
F:\AntiVir Desktop\apntoolbarinstaller.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application

#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:38 AM

Posted 15 August 2014 - 03:02 AM

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also




Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.




SecurityCheck

Reboot your system before starting!

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#15 madhumathi91

madhumathi91
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:08 AM

Posted 16 August 2014 - 01:01 AM

i scan with adwcleaner
# AdwCleaner v3.306 - Report created 16/08/2014 at 11:19:23
# Updated 15/08/2014 by Xplode
# Operating System : Windows 8 Single Language (64 bits)
# Username : ADMIN - HP
# Running from : C:\Users\ADMIN\Downloads\adwcleaner_3.306.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\GreenTree Applications
Folder Deleted : C:\Program Files (x86)\trolatunt
Folder Deleted : C:\Users\ADMIN\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\ADMIN\AppData\Local\torch
Folder Deleted : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Guest\AppData\Local\torch
File Deleted : C:\Windows\System32\GroupPolicy\Machine\Registry.pol

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\chrome.lnk
Shortcut Disinfected : C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\ADMIN\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\ADMIN\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : HKCU\Software\RegisteredApplicationsEx
Key Deleted : HKLM\SOFTWARE\SupDp
Key Deleted : HKLM\SOFTWARE\SupTab
Key Deleted : HKLM\SOFTWARE\Wpm

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16921


-\\ Google Chrome v

[ File : C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [3072 octets] - [16/08/2014 11:16:52]
AdwCleaner[S0].txt - [2448 octets] - [16/08/2014 11:19:23]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2508 octets] ##########




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users