Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.GenericKD.1777082


  • This topic is locked This topic is locked
10 replies to this topic

#1 jonxps

jonxps

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:02:48 PM

Posted 18 October 2014 - 04:04 PM

My virus scanner "Charter Security Suite" found Trojan.GenericKD.1777082 and failed to remove or quarantine it.  It was found in two locations

 

  • C:\Users\Home\AppData\Local\Microsoft\Outlook\Outlook.bak Action: FAILED
  • C:\$RECYCLE.BIN\S-1-5-21-2115564945-400052552-2971327345-1002\$R45EJOI\Outlook.pst Action: FAILED

The F-Secure lists these aliases: Generic.malware.[variant], Generic.[variant], gen:win32.malware.[variant],, Gen:variant.[variant]

 

Can someone help me?

 

 

Thanks. 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:48 PM

Posted 23 October 2014 - 10:23 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

--RogueKiller--
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?
Wait for further instructions.

#3 jonxps

jonxps
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:02:48 PM

Posted 24 October 2014 - 03:13 PM

RogueKiller V10.0.3.0 [Oct 22 2014] by Adlice Software
 
Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : main [Administrator]
Mode : Delete -- Date : 10/24/2014  16:02:05
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 12 ¤¤¤
[Hj.RegVal] HKEY_LOCAL_MACHINE\RK_Software_ON_D_A149\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe  -> Replaced (explorer.exe)
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AFD (\SystemRoot\system32\drivers\afd.sys) -> Not selected
[PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.yahoo.com/  -> Not selected
[PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Not selected
[PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Not selected
[PUM.SearchPage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Not selected
[PUM.SearchPage] HKEY_USERS\S-1-5-21-2115564945-400052552-2971327345-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Not selected
[PUM.SearchPage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Not selected
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\RK_Software_ON_D_A149\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\RK_Software_ON_D_A149\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000AAKS-75A7B0 +++++
--- User ---
[MBR] 45c4f9a01a20c87e440f59cd218c4e43
[BSP] e223061d7b1f736c4877938e9af93bcf : HP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 62 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 129024 | Size: 15360 MB
2 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 31586304 | Size: 461516 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: Maxtor 6Y250M0 +++++
--- User ---
[MBR] 6f0781c3dc81a0b873333c2a78b6f57d
[BSP] 5cb2a305a49b3eaf8502ada3bc6dfb47 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 0 MB
1 - [ACTIVE] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 2048 | Size: 80000 MB
2 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 163842048 | Size: 159370 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive2: DELL USB   HS-CF Card USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive3: DELL USB   HS-xD/SM USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive4: DELL USB   HS-MS Card USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive5: DELL USB   HS-SD Card USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
 
============================================
RKreport_SCN_10242014_160108.log
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-10-2014
Ran by main (administrator) on MAIN-PC on 24-10-2014 16:05:01
Running from C:\Users\main\Desktop
Loaded Profile: main (Available profiles: main & Home & UpdatusUser & Denzil & Test Account & Guest)
Platform: Microsoft® Windows Vista™ Ultimate  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(American Power Conversion Corporation) C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Fitbit, Inc.) C:\Program Files\Fitbit Connect\FitbitConnectService.exe
(F-Secure Corporation) C:\Program Files\Charter Security Suite\fshoster32.exe
(F-Secure Corporation) C:\Program Files\Charter Security Suite\apps\CCF_Reputation\fsorsp.exe
(F-Secure Corporation) C:\Program Files\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\fsgk32.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Secunia) C:\Program Files\Secunia\PSI\psia.exe
(SigmaTel, Inc.) C:\Windows\System32\stacsv.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
() C:\Program Files\MillieSoft\TunerFreeMCE\TunerFreeMCEService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(F-Secure Corporation) C:\Program Files\Charter Security Suite\apps\ComputerSecurity\Common\FSMA32.EXE
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(F-Secure Corporation) C:\Program Files\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\fssm32.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(F-Secure Corporation) C:\Program Files\Charter Security Suite\apps\ComputerSecurity\Common\FSM32.EXE
(Bluebeam Software, Inc.) C:\Program Files\Common Files\Bluebeam Software\Bluebeam Revu\Brewery\V45\Printer Support\BBPrint.exe
(F-Secure Corporation) C:\Program Files\Charter Security Suite\fshoster32.exe
(SigmaTel, Inc.) C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(American Power Conversion Corporation) C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Bluetooth HCI Monitor] => RunDll32 HCIMNTR.DLL,RunCheckHCIMode
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-10-03] (Intel Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM\...\Run: [F-Secure Manager] => C:\Program Files\Charter Security Suite\apps\ComputerSecurity\Common\FSM32.EXE [310208 2013-08-14] (F-Secure Corporation)
HKLM\...\Run: [BbInstallUser] => C:\Program Files\Bluebeam Software\Bluebeam Revu\Pushbutton PDF\Bluebeam Admin User.exe [45968 2013-04-25] (Bluebeam Software, Inc.)
HKLM\...\Run: [BbPrintMonitor] => C:\Program Files\Common Files\Bluebeam Software\Bluebeam Revu\Brewery\V45\Printer Support\BBPrint.exe [173112 2013-04-25] (Bluebeam Software, Inc.)
HKLM\...\Run: [F-Secure Hoster (42626)] => C:\Program Files\Charter Security Suite\fshoster32.exe [191424 2013-05-15] (F-Secure Corporation)
HKLM\...\Run: [SigmatelSysTrayApp] => C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [405504 2007-09-12] (SigmaTel, Inc.)
HKLM\...\Run: [Fitbit Connect] => C:\Program Files\Fitbit Connect\Fitbit Connect.exe [3362336 2014-01-10] (Fitbit, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKU\S-1-5-21-2115564945-400052552-2971327345-1000\...\Run: [TomTomHOME.exe] => C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-08-27] (TomTom)
HKU\S-1-5-21-2115564945-400052552-2971327345-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2008-06-10] (Google Inc.)
HKU\S-1-5-21-2115564945-400052552-2971327345-1000\...\Run: [Steam] => "C:\Program Files\Steam\Steam.exe" -silent
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk
ShortcutTarget: APC UPS Status.lnk -> C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\main\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AVB3DF&pc=AVBR
SearchScopes: HKCU - {6F6B3280-6E8E-4B0E-9F78-930B4E1CAB9D} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
SearchScopes: HKCU - {B7B664DF-3AF9-4C8E-8148-F42BB7831D27} URL = http://www.ask.com/web?o=15710&l=dis&q={searchTerms}
BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.17.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @BluebeamPDF/PDF viewer -> C:\Program Files\Common Files\Bluebeam Software\Bluebeam Revu\Revu\Mozilla\npBluebeamMozillaPlugin.dll (Bluebeam Software, Inc.)
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-09]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-03-01]
 
Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 APC UPS Service; C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe [689408 2007-07-19] (American Power Conversion Corporation)
R2 Fitbit Connect; C:\Program Files\Fitbit Connect\FitbitConnectService.exe [1435680 2014-01-10] (Fitbit, Inc.)
R2 fshoster; C:\Program Files\Charter Security Suite\fshoster32.exe [191424 2013-05-15] (F-Secure Corporation)
R3 FSMA; C:\Program Files\Charter Security Suite\apps\ComputerSecurity\Common\FSMA32.EXE [216000 2013-08-14] (F-Secure Corporation)
R2 FSORSPClient; C:\Program Files\Charter Security Suite\apps\CCF_Reputation\fsorsp.exe [60352 2013-06-25] (F-Secure Corporation)
S2 RoxLiveShare10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [309744 2007-12-14] (Sonic Solutions)
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1225312 2012-11-26] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [659040 2012-11-26] (Secunia)
R2 STacSV; C:\Windows\system32\STacSV.exe [94208 2007-09-12] (SigmaTel, Inc.)
R2 TunerFreeMCEService; C:\Program Files\MillieSoft\TunerFreeMCE\TunerFreeMCEService.exe [9216 2010-06-11] () [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 F-Secure Gatekeeper; C:\Program Files\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [146472 2014-06-10] (F-Secure Corporation)
R1 F-Secure HIPS; C:\Program Files\Charter Security Suite\apps\ComputerSecurity\HIPS\drivers\fshs.sys [73896 2014-06-23] (F-Secure Corporation)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [44240 2013-10-12] ()
R3 fsni; C:\Program Files\Charter Security Suite\apps\CCF_Scanning\fsni32.sys [70184 2014-06-19] (F-Secure Corporation)
R1 fsvista; C:\Program Files\Charter Security Suite\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [12736 2013-08-14] ()
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [33616 2012-12-17] (GFI Software)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-02-05] (GFI Software)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)
R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [326656 2007-09-12] (SigmaTel, Inc.)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 XDva190; \??\C:\Windows\system32\XDva190.sys [X]
S3 XDva279; \??\C:\Windows\system32\XDva279.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-24 16:05 - 2014-10-24 16:05 - 00015909 _____ () C:\Users\main\Desktop\FRST.txt
2014-10-24 16:04 - 2014-10-24 16:05 - 00000000 ____D () C:\FRST
2014-10-24 16:02 - 2014-10-24 16:02 - 00004668 _____ () C:\Users\main\Desktop\RKreport_DEL_10242014_160205.log
2014-10-24 15:52 - 2014-10-24 15:52 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-10-24 15:52 - 2014-10-24 15:52 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-10-24 15:51 - 2014-10-24 15:43 - 01103360 _____ (Farbar) C:\Users\main\Desktop\FRST.exe
2014-10-24 15:51 - 2014-10-24 15:40 - 16281688 _____ () C:\Users\main\Desktop\RogueKiller.exe
2014-10-24 15:43 - 2014-10-24 15:43 - 01103360 _____ (Farbar) C:\Users\Home\Downloads\FRST.exe
2014-10-24 15:38 - 2014-10-24 15:39 - 16281688 _____ () C:\Users\Home\Downloads\RogueKiller.exe
2014-10-19 21:40 - 2014-10-19 21:40 - 00000000 ____D () C:\Users\Home\AppData\Local\Chromium
2014-10-19 17:05 - 2014-06-15 18:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-19 17:05 - 2014-06-13 14:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-19 17:05 - 2014-06-13 14:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-19 17:01 - 2014-09-27 19:29 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-19 16:52 - 2014-09-04 19:27 - 00143360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2014-10-19 16:50 - 2014-09-16 12:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-14 20:45 - 2014-09-19 18:53 - 12364288 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-14 20:45 - 2014-09-19 18:41 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-14 20:45 - 2014-09-19 18:39 - 01138688 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-14 20:45 - 2014-09-19 18:38 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-14 20:45 - 2014-09-19 18:37 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-14 20:45 - 2014-09-19 18:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-10-14 20:45 - 2014-09-19 18:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-14 20:45 - 2014-09-19 18:36 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-14 20:45 - 2014-09-19 18:35 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-14 20:45 - 2014-09-19 18:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-14 20:45 - 2014-09-19 18:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-14 20:45 - 2014-09-19 18:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-14 20:45 - 2014-09-19 18:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-10-14 20:45 - 2014-09-19 18:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-14 20:45 - 2014-09-19 18:34 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-14 20:45 - 2014-09-19 18:34 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-14 20:45 - 2014-09-19 18:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-14 20:45 - 2014-09-19 18:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-10-14 20:45 - 2014-09-19 18:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-10-14 20:45 - 2014-09-19 18:33 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-14 20:44 - 2014-09-19 18:44 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-14 17:31 - 2014-10-14 17:31 - 00000000 ____D () C:\Users\Home\Desktop\DropBox Backup
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-24 15:52 - 2013-02-08 14:47 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-24 15:48 - 2010-01-06 18:45 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-24 15:46 - 2011-12-31 15:06 - 00000000 ___RD () C:\Users\Home\Desktop\Dropbox
2014-10-24 15:45 - 2010-01-06 18:45 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-24 15:30 - 2013-02-24 21:25 - 00488448 _____ () C:\Users\Home\Desktop\Check Book Register.xls
2014-10-24 15:17 - 2006-11-02 08:51 - 01308983 _____ () C:\Windows\WindowsUpdate.log
2014-10-24 15:10 - 2010-01-13 18:06 - 00000000 ____D () C:\Users\Home\AppData\Roaming\vlc
2014-10-24 14:49 - 2011-12-31 14:59 - 00000000 ____D () C:\Users\Home\AppData\Roaming\Dropbox
2014-10-24 14:48 - 2013-02-15 16:49 - 00000596 _____ () C:\Windows\Tasks\Scheduled scanning task.job
2014-10-24 14:46 - 2008-06-10 12:31 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-24 14:46 - 2006-11-02 09:00 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-24 14:46 - 2006-11-02 08:47 - 00004816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-24 14:46 - 2006-11-02 08:47 - 00004816 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-23 23:07 - 2008-06-17 17:54 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-10-23 23:07 - 2006-11-02 09:00 - 00032650 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-23 23:05 - 2014-08-21 17:05 - 00000000 ____D () C:\Users\Home\Desktop\TSTO - Every Event
2014-10-20 20:09 - 2009-11-01 19:29 - 00178176 _____ () C:\Users\Home\Desktop\2010-Calendar.xls
2014-10-20 17:13 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-19 21:38 - 2006-11-02 08:46 - 00456208 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-19 16:56 - 2013-08-15 22:59 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-19 16:52 - 2006-11-02 06:24 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-10-18 16:49 - 2013-11-18 23:12 - 00000000 ____D () C:\Users\Home\Desktop\Backed Up
2014-10-17 18:29 - 2009-02-12 17:14 - 00000060 _____ () C:\Windows\wpd99.drv
2014-10-17 18:29 - 2009-02-12 17:14 - 00000000 ____D () C:\ProgramData\pdf995
2014-10-02 15:53 - 2009-10-02 13:28 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-28 22:29 - 2013-11-06 21:53 - 00052736 _____ () C:\Users\Home\Desktop\11-9 Hourly Planning Paper.xls
 
Files to move or delete:
====================
C:\Users\Home\garmin_rmu_cnnant2010_20.exe
 
 
Some content of TEMP:
====================
C:\Users\Denzil\AppData\Local\temp\$avantbrowser$.update.exe
C:\Users\Denzil\AppData\Local\temp\$browser$.update.exe
C:\Users\Denzil\AppData\Local\temp\Foxit Updater.exe
C:\Users\Home\AppData\Local\temp\$avantbrowser$.update.exe
C:\Users\Home\AppData\Local\temp\contentDATs.exe
C:\Users\Home\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpeyndeh.dll
C:\Users\Home\AppData\Local\temp\Foxit Updater.exe
C:\Users\Home\AppData\Local\temp\i4jdel0.exe
C:\Users\Home\AppData\Local\temp\SecurityScan_Release.exe
C:\Users\main\AppData\Local\temp\$avantbrowser$.update.exe
C:\Users\main\AppData\Local\temp\AdbWinApi.dll
C:\Users\main\AppData\Local\temp\AdbWinUsbApi.dll
C:\Users\main\AppData\Local\temp\dllnt_dump.dll
C:\Users\main\AppData\Local\temp\Downloader.exe
C:\Users\main\AppData\Local\temp\jre-7u65-windows-i586-iftw.exe
C:\Users\main\AppData\Local\temp\jre-7u67-windows-i586-iftw.exe
C:\Users\main\AppData\Local\temp\mssinstaller.exe
C:\Users\main\AppData\Local\temp\OneClickRoot_Installer.exe
C:\Users\main\AppData\Local\temp\tmp9B3B.exe
C:\Users\main\AppData\Local\temp\vcredist_x86.exe
C:\Users\Test Account\AppData\Local\temp\i4jdel0.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-24 14:53
 
==================== End Of Log ============================
 
 

 

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:48 PM

Posted 25 October 2014 - 07:41 AM

Clean your Temporary files/Folders.

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program.
  • TFC will close all open programs itself in order to run.
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted, it should not take long to finish.
  • Once it's finished, click OK to reboot.
  • If it does not reboot, reboot your system manually.

  • ===

    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
    start
    
    ShortcutTarget: Dropbox.lnk -> C:\Users\main\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
    SearchScopes: HKLM - DefaultScope value is missing.
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
    SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AVB3DF&pc=AVBR
    SearchScopes: HKCU - {B7B664DF-3AF9-4C8E-8148-F42BB7831D27} URL = http://www.ask.com/web?o=15710&l=dis&q={searchTerms}
    ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
    FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
    S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
    S3 XDva190; \??\C:\Windows\system32\XDva190.sys [X]
    S3 XDva279; \??\C:\Windows\system32\XDva279.sys [X]
    AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4
    AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
    
    End
    
    Save the files as fixlist.txt into the same folder as FRST

    Run FRST and click Fix only once and wait.

    Restart the computer normally to reset the registry.

    The tool will create a log Fixlog.txt please post it to your reply.
    ===

    My virus scanner "Charter Security Suite" found Trojan.GenericKD.1777082 and failed to remove or quarantine it. It was found in two locations

    C:\Users\Home\AppData\Local\Microsoft\Outlook\Outlook.bak Action: FAILED
    C:\$RECYCLE.BIN\S-1-5-21-2115564945-400052552-2971327345-1002\$R45EJOI\Outlook.pst Action: FAILED


    If these files are still present close all application and windows and Delete them.
    Keep them in your recycle bin and if all is well in a week then flush them.
    ===

    Download Security Check by screen317 from here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    p.s.
    If the SecurityCheck program fails to run for any reason, run it as an Administrator.

    If the site is busy or not available use this mirror site:
    http://www.bleepingcomputer.com/download/securitycheck/

    How is the computer running now?




Edited by nasdaq, 25 October 2014 - 07:41 AM.


#5 jonxps

jonxps
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:02:48 PM

Posted 25 October 2014 - 02:40 PM

Thank you for your help.  Below are the logs.  I will follow up with another post later tonight or tomorrow with how the computer is running. 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 25-10-2014
Ran by main at 2014-10-25 15:24:01 Run:1
Running from C:\Users\main\Desktop\FRST
Loaded Profile: main (Available profiles: main & Home & UpdatusUser & Denzil & Test Account & Guest)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start

ShortcutTarget: Dropbox.lnk -> C:\Users\main\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AVB3DF&pc=AVBR
SearchScopes: HKCU - {B7B664DF-3AF9-4C8E-8148-F42BB7831D27} URL = http://www.ask.com/web?o=15710&l=dis&q={searchTerms}
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 XDva190; \??\C:\Windows\system32\XDva190.sys [X]
S3 XDva279; \??\C:\Windows\system32\XDva279.sys [X]
AlternateDataStreams: C:\ProgramData\TEMP:0B4227B4
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2

End
*****************

C:\Users\main\AppData\Roaming\Dropbox\bin\Dropbox.exe not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7B664DF-3AF9-4C8E-8148-F42BB7831D27}" => Key deleted successfully.
"HKCR\CLSID\{B7B664DF-3AF9-4C8E-8148-F42BB7831D27}" => Key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} => value deleted successfully.
"HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}" => Key not found.
"HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0" => Key deleted successfully.
blbdrive => Service deleted successfully.
IpInIp => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
XDva190 => Service deleted successfully.
XDva279 => Service deleted successfully.
C:\ProgramData\TEMP => ":0B4227B4" ADS removed successfully.
C:\ProgramData\TEMP => ":DFC5A2B2" ADS removed successfully.

==== End of Fixlog ====

 

 

 

 Results of screen317's Security Check version 0.99.89 
 Windows Vista Service Pack 2 x86 (UAC is enabled) 
 Internet Explorer 9 
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Enabled! 
Computer Security  
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Secunia PSI (3.0.0.6001)  
 Java 7 Update 67 
  Adobe Flash Player  11.8.800.94 Flash Player out of Date! 
````````Process Check: objlist.exe by Laurent```````` 
 Charter Security Suite apps ComputerSecurity Anti-Virus\FSGK32.EXE
 Charter Security Suite apps ComputerSecurity Anti-Virus\fssm32.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 4 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 



#6 jonxps

jonxps
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:02:48 PM

Posted 25 October 2014 - 04:10 PM

I went ahead and updated Java and Flash.  Uninstalled Secunia PSI since it was not working.  I'm not sure if I'll reinstall or not.  It was good about keeping my programs up to date.

 

Everything seems stable and running fine.  I'll test some more and rerun my virus scanner.

 

Thank you again for all your help.  Do you see anything else that could be a problem?  Any other scans we can do to optimize operating efficiency?



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:48 PM

Posted 26 October 2014 - 07:39 AM

I went ahead and updated Java and Flash. Uninstalled Secunia PSI since it was not working. I'm not sure if I'll reinstall or not

I installed the tool awhile ago. After the scan I found that it was to agressive. Checking everytime I started the computer.
I do not need that. I removed it using the Add/Remove function.
I will re-install it if ever I feel I need it. Your call if you want to re-install it.

p.s. The Microsoft updates need to be restarted to reconfigure the system. At that point the Secunia PSI will start and may conflict with the updates.
===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#8 jonxps

jonxps
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:02:48 PM

Posted 28 October 2014 - 09:34 PM

My virus scanner is running now and it's finding 8 items and has quarantined 5 of them.  I'll post the results tomorrow.  Thank you again for all the help.



#9 jonxps

jonxps
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:02:48 PM

Posted 29 October 2014 - 04:08 PM

I finally made it back to check the virus scanner results.  I don't think I have a problem and have deleted the outlook.bak file now.

 

Suspicious:W32/Malware!Gemini (Suspected infection)

  • C:\Users\main\Desktop\FRST\FRST.exe Action: quarantined
  • C:\Users\main\Desktop\FRST\FRST-OlderVersion\FRST.exe Action: FAILED
  • C:\Users\main\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YMEDFC82\FRST[1].exe Action: FAILED
  • C:\Users\Home\Downloads\FRST.exe Action: quarantined
  • C:\Users\Home\Downloads\FRST (1).exe Action: quarantined
  • C:\$RECYCLE.BIN\S-1-5-21-2115564945-400052552-2971327345-1002\$RZ633SE.exe Action: quarantined
  • C:\$RECYCLE.BIN\S-1-5-21-2115564945-400052552-2971327345-1002\$RMKHH6A.exe Action: quarantined

Trojan.GenericKD.1777082 (virus)

  • C:\Users\Home\AppData\Local\Microsoft\Outlook\Outlook.bak Action: FAILED


#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:48 PM

Posted 30 October 2014 - 08:35 AM

You are clean. The FRST program is clean. Some of it's action may be found to be bad under other circumstance.
I'm sure it's clean.

#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:48 PM

Posted 04 November 2014 - 08:14 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users