Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Seem to have an ongoing malware or virus problem


  • This topic is locked This topic is locked
2 replies to this topic

#1 GeriCooper

GeriCooper

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:37 AM

Posted 11 August 2014 - 03:07 PM

I have run multiple antivirus scans, seems something is still there.  I have many problems, BSOD every time I shut down, can't run any windows updates, missing drivers but am unable to update them at all.  The computer properties page displays a link to a known malware driver update. Running windows 7 Home Premium. I did a bad thing and ran the Combofix without checking these forums. Is there any help?

  DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 8.0.7600.16385
Run by Family at 12:54:27 on 2014-08-11
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.3990.2278 [GMT -7:00]
.
AV: Panda Cloud Antivirus *Enabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
SP: Panda Cloud Antivirus *Enabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Cloud Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filteringb.exe
C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\nacl64.exe
C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\nacl64.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: Panda Security Toolbar: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll
mWinlogon: Userinit = C:\Windows\SysWOW64\userinit.exe,
BHO: Panda Security Toolbar: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll
BHO: AlxHelper Class: {F443A627-5009-4323-9C1D-7FD598D0D712} - C:\Program Files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll
TB: Amazon Browser Bar: {EA582743-9076-4178-9AA6-7393FDF4D5CE} - C:\Program Files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll
TB: Panda Security Toolbar: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll
mRun: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray
StartupFolder: C:\Users\Family\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MYPCBA~1.LNK - C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{7AFDA50F-7667-4E56-852D-3997684F560E} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{7AFDA50F-7667-4E56-852D-3997684F560E}\34F6F60756277237 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{FF36AFF4-0B62-485E-B85B-84369E9EA77A} : DHCPNameServer = 192.168.254.254
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mWinlogon: Userinit = C:\Windows\SysWOW64\userinit.exe,
x64-BHO: Panda Security Toolbar: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll
x64-TB: Panda Security Toolbar: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R1 {55dce8ba-9dec-4013-937e-adbf9317d990}Gw64;{55dce8ba-9dec-4013-937e-adbf9317d990}Gw64;C:\Windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gw64.sys [2014-7-29 61072]
R1 NNSALPC;NNSALPC;C:\Windows\System32\drivers\NNSAlpc.sys [2014-5-2 96800]
R1 NNSHTTP;NNSHTTP;C:\Windows\System32\drivers\NNSHttp.sys [2014-5-2 162336]
R1 NNSHTTPS;NNSHTTPS;C:\Windows\System32\drivers\NNSHttps.sys [2014-5-2 112160]
R1 NNSIDS;NNSIDS;C:\Windows\System32\drivers\NNSIds.sys [2014-5-2 115232]
R1 NNSPICC;NNSPICC;C:\Windows\System32\drivers\NNSpicc.sys [2014-5-2 95776]
R1 NNSPOP3;NNSPOP3;C:\Windows\System32\drivers\NNSPop3.sys [2014-5-2 125984]
R1 NNSPROT;NNSPROT;C:\Windows\System32\drivers\NNSProt.sys [2014-5-2 306720]
R1 NNSPRV;NNSPRV;C:\Windows\System32\drivers\NNSPrv.sys [2014-5-2 169504]
R1 NNSSMTP;NNSSMTP;C:\Windows\System32\drivers\NNSSmtp.sys [2014-5-2 115744]
R1 NNSSTRM;NNSSTRM;C:\Windows\System32\drivers\NNSStrm.sys [2014-5-2 261152]
R1 NNSTLSC;NNSTLSC;C:\Windows\System32\drivers\NNStlsc.sys [2014-5-2 109088]
R1 PSINKNC;PSINKNC;C:\Windows\System32\drivers\PSINKNC.sys [2014-5-4 195616]
R2 NanoServiceMain;Panda Cloud Antivirus Service;C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [2014-5-4 141560]
R2 panda_url_filteringService;panda_url_filtering Anti-Phishing Service;C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filteringb.exe -- --> C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filteringb.exe -- [?]
R2 PSINAflt;PSINAflt;C:\Windows\System32\drivers\PSINAflt.sys [2014-5-4 160800]
R2 PSINFile;PSINFile;C:\Windows\System32\drivers\PSINFile.sys [2014-5-4 119840]
R2 PSINProc;PSINProc;C:\Windows\System32\drivers\PSINProc.sys [2014-5-5 121888]
R2 PSINProt;PSINProt;C:\Windows\System32\drivers\PSINProt.sys [2014-5-6 132128]
R2 PSINReg;PSINReg;C:\Windows\System32\drivers\PSINReg.sys [2014-5-5 106016]
R2 PSUAService;Panda Product Service;C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [2014-5-6 38136]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-6-10 281088]
R3 panda_url_filteringd;panda_url_filteringd driver;C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filteringd.sys [2014-3-19 51288]
R3 PSKMAD;PSKMAD;C:\Windows\System32\drivers\PSKMAD.sys [2014-7-29 60400]
S2 avgwd;AVG WatchDog;"C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe" --> C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [?]
S2 BackupStack;Computer Backup (MyPC Backup);C:\Program Files (x86)\MyPC Backup\BackupStack.exe [2014-6-18 36424]
S2 PandaAgent;Panda Devices Agent;C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [2014-5-22 61688]
S2 rimspci;rimspci;C:\Windows\System32\drivers\rimspe64.sys [2014-6-13 72192]
S2 risdpcie;risdpcie;C:\Windows\System32\drivers\risdpe64.sys [2014-6-13 79360]
S2 risdsnpe;risdsnpe;C:\Windows\System32\drivers\risdsne64.sys [2014-6-13 78848]
S2 Updater Service for AMZN;Updater Service for AMZN;C:\Program Files (x86)\Amazon Browser Bar\ToolbarUpdaterService.exe [2013-3-21 222368]
S2 Util Deal Keeper;Util Deal Keeper;"C:\Program Files (x86)\Deal Keeper\bin\utilDealKeeper.exe" --> C:\Program Files (x86)\Deal Keeper\bin\utilDealKeeper.exe [?]
S3 5U877;USB Video Device;C:\Windows\System32\drivers\5U877.sys [2014-6-13 167040]
S3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2014-6-13 56344]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2014-6-13 158976]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 SWDUMon;SWDUMon;C:\Windows\System32\drivers\SWDUMon.sys [2014-7-28 16152]
S4 NNSPIHSW;NNSPIHSW;C:\Windows\System32\drivers\NNSPihsw.sys [2014-5-2 70176]
.
=============== Created Last 30 ================
.
2014-08-11 19:14:24 -------- d-s---w- C:\ComboFix
2014-08-11 18:33:03 -------- d-----w- C:\Users\Family\AppData\Roaming\Ambient Design
2014-08-10 23:28:10 -------- d-----w- C:\Program Files (x86)\PC Drivers HeadQuarters
2014-08-10 22:56:20 -------- d-----w- C:\Program Files (x86)\ThinkVantage
2014-08-10 17:13:48 10924376 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{72A38126-261C-44CF-9ABE-7B78619F73D1}\mpengine.dll
2014-08-10 15:00:52 -------- d-s---w- C:\Windows\System32\CompatTel
2014-08-10 06:55:01 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-08-10 06:54:12 148480 ----a-w- C:\Windows\System32\t2embed.dll
2014-08-10 06:53:50 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2014-08-10 06:53:49 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2014-08-10 06:53:27 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2014-08-10 06:53:26 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2014-08-10 06:52:49 340992 ----a-w- C:\Windows\System32\schannel.dll
2014-08-10 06:52:39 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-08-10 06:50:38 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
2014-08-10 04:54:48 -------- d-sh--w- C:\found.001
2014-08-09 22:49:54 46080 ----a-w- C:\Windows\System32\atmlib.dll
2014-08-09 22:49:54 367616 ----a-w- C:\Windows\System32\atmfd.dll
2014-08-09 08:31:03 4068864 ----a-w- C:\Windows\System32\mf.dll
2014-08-09 08:30:25 -------- d-----w- C:\Users\Family\AppData\Roaming\LockLizard
2014-08-09 08:29:03 -------- d-----w- C:\ProgramData\LockLizard
2014-08-09 08:29:03 -------- d-----w- C:\Program Files (x86)\Lizard Safeguard PDF Viewer
2014-08-09 08:28:17 2745856 ----a-w- C:\Windows\System32\gameux.dll
2014-08-09 08:05:34 -------- d-----w- C:\Users\Family\AppData\Local\AVG SafeGuard toolbar
2014-08-09 08:04:47 -------- d-----w- C:\ProgramData\AVG Secure Search
2014-08-09 08:04:45 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2014-08-09 08:04:17 -------- d-----w- C:\Program Files (x86)\AVG SafeGuard toolbar
2014-08-09 08:03:28 -------- d-----w- C:\ProgramData\AVG SafeGuard toolbar
2014-08-09 07:46:46 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2014-08-07 23:54:59 -------- d-----w- C:\Users\Family\AppData\Local\Facebook
2014-08-07 23:41:20 -------- d-----w- C:\Users\Family\AppData\Local\Skype
2014-08-01 06:56:54 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2014-08-01 06:56:54 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2014-08-01 06:26:10 -------- d-----w- C:\MATS
2014-08-01 05:06:15 956416 ----a-w- C:\Windows\System32\localspl.dll
2014-08-01 05:05:31 286720 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2014-08-01 05:05:31 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2014-08-01 05:05:31 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2014-08-01 05:05:30 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2014-08-01 05:05:10 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2014-08-01 05:05:10 331776 ----a-w- C:\Windows\System32\oleacc.dll
2014-08-01 05:05:09 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2014-08-01 05:05:09 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2014-08-01 05:04:57 723456 ----a-w- C:\Windows\System32\EncDec.dll
2014-08-01 05:04:57 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2014-08-01 05:04:01 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2014-08-01 05:04:00 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2014-08-01 05:04:00 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2014-08-01 05:04:00 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2014-08-01 05:04:00 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2014-08-01 05:03:27 5497688 ----a-w- C:\Windows\System32\ntoskrnl.exe
2014-08-01 05:03:24 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2014-08-01 05:03:24 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2014-08-01 05:03:24 3958120 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2014-08-01 05:03:24 3902312 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2014-08-01 05:03:24 112640 ----a-w- C:\Windows\System32\smss.exe
2014-08-01 05:03:06 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2014-08-01 05:02:33 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2014-08-01 05:02:10 720896 ----a-w- C:\Windows\System32\odbc32.dll
2014-08-01 05:02:10 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll
2014-08-01 05:02:08 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
2014-08-01 05:02:08 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
2014-08-01 05:02:08 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2014-08-01 05:02:08 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
2014-08-01 05:02:08 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
2014-08-01 05:02:08 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
2014-08-01 05:02:01 1739160 ----a-w- C:\Windows\System32\ntdll.dll
2014-08-01 05:02:01 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll
2014-08-01 05:01:56 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2014-08-01 05:01:56 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
2014-08-01 05:01:56 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
2014-08-01 05:01:56 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2014-08-01 05:01:56 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2014-07-31 23:11:56 1462784 ----a-w- C:\Windows\System32\crypt32.dll
2014-07-31 23:11:51 182272 ----a-w- C:\Windows\System32\cryptsvc.dll
2014-07-31 23:11:51 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2014-07-31 23:11:51 1157632 ----a-w- C:\Windows\SysWow64\crypt32.dll
2014-07-31 23:11:50 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2014-07-31 23:11:50 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2014-07-31 23:11:16 77312 ----a-w- C:\Windows\System32\packager.dll
2014-07-31 23:11:16 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2014-07-30 04:15:52 60400 ----a-w- C:\Windows\System32\drivers\PSKMAD.sys
2014-07-30 04:14:07 61072 ----a-w- C:\Windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}Gw64.sys
2014-07-30 04:10:10 -------- d-----w- C:\Program Files (x86)\NirSoft
2014-07-30 03:20:29 -------- d-----w- C:\ProgramData\panda_url_filtering
2014-07-30 03:20:29 -------- d-----w- C:\ProgramData\Panda Security URL Filtering
2014-07-30 03:20:10 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner
2014-07-30 03:19:57 -------- d-----w- C:\Program Files (x86)\pandasecuritytb
2014-07-30 03:19:50 -------- d-----w- C:\Users\Family\AppData\Roaming\Panda Security
2014-07-30 03:18:30 -------- d-----w- C:\Program Files (x86)\Panda Security
2014-07-30 03:13:49 -------- d-----w- C:\ProgramData\Panda Security
2014-07-30 03:12:33 -------- d-----w- C:\Users\Family\AppData\Roaming\0T1M1P0A1E1E0M1T1G
2014-07-30 03:12:00 -------- d-----w- C:\Users\Family\AppData\Roaming\Astromenda
2014-07-30 03:11:49 -------- d-----w- C:\Program Files (x86)\Deal Keeper
2014-07-30 03:11:48 -------- d-----w- C:\Program Files (x86)\Astromenda
2014-07-29 22:40:58 -------- d-----w- C:\ProgramData\Malwarebytes
2014-07-29 22:40:58 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-29 22:31:18 -------- d-----w- C:\Windows\jumpshot.com
2014-07-29 22:22:20 -------- d-----w- C:\Program Files (x86)\SpeedZooka
2014-07-29 22:15:42 -------- d-----w- C:\Users\Family\AppData\Roaming\SparkTrust
2014-07-29 22:15:42 -------- d-----w- C:\Users\Family\AppData\Roaming\DriverCure
2014-07-29 22:14:59 -------- d-----w- C:\ProgramData\SparkTrust
2014-07-29 21:00:16 -------- d-sh--w- C:\found.000
2014-07-29 19:31:20 -------- d-----w- C:\SWTOOLS
2014-07-29 18:01:46 -------- d-----w- C:\Users\Family\AppData\Local\ElevatedDiagnostics
2014-07-29 17:56:48 -------- d-----w- C:\Program Files\AuthenTec
2014-07-29 17:06:57 -------- d-----w- C:\DRIVERS
2014-07-29 15:42:00 -------- d-----w- C:\ProgramData\UAB
2014-07-29 15:41:42 -------- d-----w- C:\ProgramData\Driver Support
2014-07-29 15:40:33 -------- d-----w- C:\Program Files (x86)\Driver Support
2014-07-29 14:50:38 -------- d-----w- C:\Program Files (x86)\Advanced Driver Updater
2014-07-29 06:09:22 -------- d-----w- C:\Users\Family\AppData\Roaming\AVG2014
2014-07-29 06:09:12 -------- d-----w- C:\Users\Family\AppData\Roaming\TuneUp Software
2014-07-29 06:09:02 -------- d--h--w- C:\$AVG
2014-07-29 06:09:02 -------- d-----w- C:\ProgramData\AVG2014
2014-07-29 06:08:51 -------- d-----w- C:\Program Files (x86)\AVG
2014-07-29 06:04:57 -------- d--h--w- C:\ProgramData\Common Files
2014-07-29 06:04:57 -------- d-----w- C:\Users\Family\AppData\Local\MFAData
2014-07-29 06:04:57 -------- d-----w- C:\Users\Family\AppData\Local\Avg2014
2014-07-29 06:04:57 -------- d-----w- C:\ProgramData\MFAData
2014-07-29 05:24:39 10924376 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-07-29 04:17:19 -------- d-----w- C:\Users\Family\AppData\Local\AskPartnerNetwork
2014-07-29 04:17:17 -------- d-----w- C:\ProgramData\AskPartnerNetwork
2014-07-29 04:17:17 -------- d-----w- C:\Program Files (x86)\AskPartnerNetwork
2014-07-29 04:17:12 -------- d-----w- C:\ProgramData\APN
2014-07-29 04:15:18 -------- d-----w- C:\ProgramData\Oracle
2014-07-29 04:05:43 -------- d-----w- C:\ProgramData\Systweak
2014-07-29 04:05:42 16896 ----a-w- C:\Windows\System32\sasnative64.exe
2014-07-29 04:05:42 -------- d-----w- C:\Program Files (x86)\ASP
2014-07-29 04:05:30 -------- d-----w- C:\Program Files (x86)\Amazon
2014-07-29 04:05:20 -------- d-----w- C:\Program Files (x86)\Amazon Browser Bar
2014-07-29 04:05:02 -------- d-----w- C:\Users\Family\AppData\Roaming\Systweak
2014-07-29 04:05:00 20280 ----a-w- C:\Windows\System32\roboot64.exe
2014-07-29 04:04:58 -------- d-----w- C:\Program Files (x86)\RCP
2014-07-29 04:04:48 -------- d-----w- C:\Users\Family\AppData\Local\Programs
2014-07-29 03:58:31 -------- d-----w- C:\Program Files (x86)\MyPC Backup
2014-07-29 03:58:27 16152 ----a-w- C:\Windows\System32\drivers\SWDUMon.sys
2014-07-29 03:58:24 -------- d-----w- C:\Users\Family\AppData\Local\SlimWare Utilities Inc
2014-07-29 03:58:20 -------- d-----w- C:\Program Files (x86)\DriverUpdate
2014-07-29 03:55:46 43008 ----a-w- C:\Windows\SysWow64\agremove.exe
2014-07-28 04:24:58 -------- d-----w- C:\Windows\System32\MRT
2014-07-28 04:10:03 -------- d-----w- C:\Intel
2014-07-28 04:04:43 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-07-28 03:54:37 -------- d-----w- C:\Users\Family\AppData\Local\Google
2014-07-28 03:54:29 -------- d-----w- C:\Users\Family\AppData\Local\Deployment
2014-07-28 03:54:29 -------- d-----w- C:\Users\Family\AppData\Local\Apps
2014-07-28 03:52:12 -------- d-----w- C:\Users\Family\AppData\Local\Diagnostics
2014-07-28 03:51:39 -------- d-----w- C:\Users\Family\AppData\Local\Microsoft Games
2014-07-28 03:48:45 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.dll
2014-07-28 03:48:38 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.exe
2014-07-28 03:48:38 17920 ----a-w- C:\Windows\System32\rpcnetp.exe
.
==================== Find3M  ====================
.
2014-06-17 23:07:12 328984 ----a-w- C:\Windows\System32\drivers\avgloga.sys
.
============= FINISH: 12:54:47.95 ===============
 


BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,242 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:37 AM

Posted 16 August 2014 - 08:44 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.
 
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
 
Download Malwarebytes' Anti-Malware from Here
 
Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  •  
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
 
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.
===
 
Please download AdwCleaner by Xplode onto your Desktop.
  •  
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the  Scan  button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
 
IMPORTANT
 
  • If you click the Clean button all items listed in the report will be removed.
 
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
 
  •  
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the  Scan  button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===
 
Download the  version of this tool for your operating system.
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===
 
Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.
 
How is the computer running?
Wait for further instructions.


#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,242 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:37 AM

Posted 22 August 2014 - 07:55 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users