Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Impossible to remove virus! - NO JOKE!


  • This topic is locked This topic is locked
3 replies to this topic

#1 potmasterjasper

potmasterjasper

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:26 AM

Posted 21 December 2014 - 09:54 AM

Okay, I've done EVERYTHING under the sun to remove this virus called "brontok" or "Bron-Spizaetus". 

 

The thing about this virus is that it's smart as hell.

For example: I would be searching the internet on how to get this virus removed it shuts down my pc if i goto an "antivirus" website.

 

I've had to resort to scripts i found online just to get into my registry editor because this virus disables almost everything.

The thing i hate most about it is that it Disabled the Windows MSI Installer. So i can't install x64 programs or .MSI files. I get an error saying "MSI Installer Cannot be Accessed". - No matter what fix i try it's doesn't change.

 

I'm this close [  ] to reinstalling windows, but what if the virus is deep into my pc and can't be removed? What if it infected my BIOS?  

 

As of right now i'm pretty sure the virus is dormant, because i run these two programs everytime i start me pc "CleanX-II" & "rkill64" without these programs i wouldn't even be able to come to this website because my pc would shutdown.

 

"I cannot attach files becausee i can't browse for any... (because of brontok)"

 

 

Attach.txt

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 12/18/2011 4:24:21 PM
System Uptime: 12/21/2014 6:18:20 AM (0 hours ago)
.
Motherboard: Hewlett-Packard |  | 3577
Processor: AMD C-50 Processor | Socket FT1 | 1000/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 228 GiB total, 134.974 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
7-Zip 9.20
Adobe AIR
Adobe Flash Player 15 ActiveX
Adobe Flash Player 15 Plugin
Adobe Help Manager
Adobe Illustrator CS6
Advanced SystemCare 8
AMD APP SDK Runtime
AMD Fuel
AMD Media Foundation Decoders
AMD VISION Engine Control Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
AVI MP4 Converter v5.5 build 1147
BatchPhoto
BatchPurifier
Bonjour
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
D3DX10
DivX Setup
EPSON N10 N11 Series Printer Uninstall
FileZilla Client 3.6.0.2
Google Update Helper
Handset USB Driver
Hewlett-Packard ACLM.NET v1.1.0.0
HitmanPro 3.7
HitmanPro 3.x.x
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB948127)
Hotfix for Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (KB944899)
HP Product Detection
HTC BMP USB Driver
HTC Driver Installer
IconPackager
IObit Uninstaller
ISO to USB
iTunes
Java 7 Update 21
Java 8 Update 25 (64-bit)
Java Auto Updater
Java™ 6 Update 22
Java™ 6 Update 31
JavaFX 2.1.1
KYOCERA USB Modem KC02US Driver
Logitech Gaming Software
Logitech Gaming Software 8.20
Lucky Savings Widget
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft DirectX SDK (June 2010)
Microsoft Silverlight
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140)
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mono for Windows 2.10.9
Mozilla Firefox 35.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP3 Parser
NETGEAR WG111v2 wireless USB 2.0 adapter
Notepad++
Nuance PDF Reader
OJOsoft Total Video Converter
OpenAL
OpenAL 1.1 Core PC SDK (ver 3.05)
OpenOffice.org 3.3
ophcrack 3.3.1
PDF Settings CS5
PDF Settings CS6
Pinger
QPST 2.7
ReadyBroadband 2.0.0.84
Realtek High Definition Audio Driver
REALTEK Wireless LAN Driver
Resource Hacker Version 3.6.0
SAMSUNG USB Driver for Mobile Phones
Saver2
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB2251487)
Should I Remove It
Sierra Wireless USB MUX Driver Package
Skype Click to Call
Skype™ 6.6
SourceGear DiffMerge 3.3.2.1139 (x64)
Spices.Net 5 Evaluation
Sql Server Customer Experience Improvement Program
SQL Server System CLR Types
Surfing Protection
swMSM
TeamViewer 7
Tencent QQ
Tether
TL-WN822N/TL-WN821N Driver
TP-LINK Wireless Client Utility
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
VC80CRTRedist - 8.0.50727.6195
VirtualDJ Home FREE
VistaGlazz 2.4
VLC media player
Whistle
Win32DiskImager version 0.9.5
Windows 7 Codec Pack 4.1.0
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinMerge 2.12.4
WModem Driver Installer
Xfire (remove only)
ZTE Handset USB Driver
.
==== Event Viewer Messages From Past Week ========
.
12/21/2014 6:19:29 AM, Error: Microsoft-Windows-WMPNSS-Service [14324]  - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(WindowsMediaPlayer) encountered error '0x80040154'. If possible, reinstall Windows Media Player.
12/21/2014 5:00:51 AM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
12/21/2014 5:00:50 AM, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-1073473535.
12/20/2014 4:31:54 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR1.
12/20/2014 11:14:59 PM, Error: volsnap [36]  - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
12/20/2014 1:54:30 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR7.
12/20/2014 1:54:11 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR6.
12/20/2014 1:53:58 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR5.
12/20/2014 1:53:29 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR3.
12/19/2014 7:05:10 PM, Error: Microsoft-Windows-WMPNSS-Service [14332]  - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
.
==== End Of File ===========================

 

 

 

 

dds.txt

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer:   BrowserJavaVersion: 10.21.2
Run by mango at 6:38:04 on 2014-12-21
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.1.1033.18.1643.589 [GMT -8:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe
C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com
mStart Page = hxxp://www.google.com
uProxyOverride = 127.0.0.1
BHO: {17BD4714-F47B-494B-9DA4-8D25C7AA94A4} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Advanced SystemCare Surfing Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [AdobeBridge] <no file>
dRun: [Tok-Cirrhatus] "C:\Windows\System32\config\systemprofile\AppData\Local\smss.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: New Value #2 = dword:0
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-Explorer: NoFolderOptions = dword:1
mPolicies-System: DisableRegistryTools = dword:1
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
Trusted Zone: alipay.com
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: alisoft.com
Trusted Zone: taobao.com
Trusted Zone: taobao.com
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{AF6F92B8-2F60-4588-91D9-28B9C5B4EABC} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{EC69F59F-6DC0-4631-A856-EF324E24F8F8} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{EC69F59F-6DC0-4631-A856-EF324E24F8F8}\14F4539553 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{EC69F59F-6DC0-4631-A856-EF324E24F8F8}\F4B4146533 : DHCPNameServer = 192.168.1.1
Handler: ms-help - <Clsid value has no data>
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SSODL: IconPackager Repair - <orphaned>
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - <is not referencing any dll>
x64-BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll
x64-Handler: ms-help - <Clsid value has no data>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair64.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\mango\AppData\Roaming\Mozilla\Firefox\Profiles\h05matj9.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Users\mango\AppData\Roaming\Mozilla\plugins\nppdf32.dll
FF - plugin: C:\Users\mango\AppData\Roaming\Mozilla\plugins\nptrademanager.dll
FF - plugin: C:\Users\mango\AppData\Roaming\Mozilla\plugins\npwangwang.dll
FF - plugin: C:\Windows\System32\itruscert\NPComBrg701.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-4-16 79488]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-4-16 40064]
R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\System32\drivers\SCMNdisP.sys [2011-12-18 25312]
R2 AdvancedSystemCareService8;Advanced SystemCare Service 8;C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [2014-12-7 815392]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2014-11-20 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-7-5 204288]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-7-5 365568]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 mfmonitor;mfmonitor;C:\Windows\System32\drivers\mfmonitor_x64.sys [2013-11-23 20696]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2014-11-20 292568]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-12-22 46136]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 pneteth;PdaNet Broadband;C:\Windows\System32\drivers\pneteth.sys [2012-3-7 15360]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2013-7-25 354016]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192ce.sys [2011-12-18 1109096]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-12-22 44672]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2014-12-7 2631456]
S3 athur;Wireless Network Adapter Service;C:\Windows\System32\drivers\athurx.sys [2012-11-7 1732096]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-5-3 95928]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\Windows\System32\drivers\hitmanpro37.sys [2014-12-7 43664]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-1 33736]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2010-6-25 36928]
S3 HtcUsbMdmV64;HTC Proprietary USB Driver;C:\Windows\System32\drivers\HtcUsbMdmV64.sys [2013-2-16 111616]
S3 HtcVCom32;HTC Diagnostic Port;C:\Windows\System32\drivers\HtcVComV64.sys [2012-3-9 121800]
S3 kc02us_bus;KYOCERA USB Composite Device KC02US Driver;C:\Windows\System32\drivers\kc02us_bus64.sys [2012-6-20 51608]
S3 kc02us_serd;KYOCERA USB KC02US Serial Port Driver;C:\Windows\System32\drivers\kc02us_serd64.sys [2012-6-20 66968]
S3 LADF_CaptureOnly;LADF Capture Filter Driver;C:\Windows\System32\drivers\ladfGSCamd64.sys [2011-4-11 410184]
S3 LADF_RenderOnly;LADF Render Filter Driver;C:\Windows\System32\drivers\ladfGSRamd64.sys [2011-4-11 341832]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
S3 massfilter_hs;HS HandSet Mass Storage Filter Driver;C:\Windows\System32\drivers\massfilter_hs.sys [2014-4-8 20232]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2013-7-25 23040]
S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\Windows\System32\drivers\wg111v2.sys [2011-12-18 450048]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2012-5-3 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2012-5-3 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2012-5-3 177640]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2012-5-3 203320]
S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-2-21 42184]
S3 tapoas;TAP-Win32 Adapter OAS;C:\Windows\System32\drivers\tapoas.sys [2011-8-19 30720]
S3 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-2-28 2886528]
S3 TGBMPEnum;TGB VPN Miniport Enumerator;C:\Windows\System32\drivers\TGBMPEnum.sys [2011-11-15 40624]
S3 TGBVPNVirtM;TheGreenBow Virtual Miniport;C:\Windows\System32\drivers\TGBVPNVirtM.sys [2011-11-15 140464]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S4 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-3-3 1363584]
S4 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-3-3 1748608]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2008-7-10 47128]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-7-10 369688]
.
=============== File Associations ===============
.
FileExt: .scr: scrfile="%1" %*
.
=============== Created Last 30 ================
.
2014-12-20 12:47:12    --------    d-----w-    C:\Program Files (x86)\RHAX3R
2014-12-20 12:45:56    --------    d-----w-    C:\Program Files (x86)\Resource Hacker
2014-12-19 21:36:49    --------    d-----w-    C:\Windows\WinToolkit_Temp
2014-12-19 17:52:37    69000    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{30E9131C-F3CD-4DA1-B775-911DB59DA542}\offreg.dll
2014-12-19 17:27:58    --------    d-----w-    C:\Users\mango\AppData\Roaming\MusicBrainz
2014-12-19 17:27:58    --------    d-----w-    C:\Users\mango\AppData\Local\MusicBrainz
2014-12-19 14:36:47    --------    d-----w-    C:\Users\mango\AppData\Roaming\TeamViewer
2014-12-17 16:50:56    188928    ----a-w-    C:\Windows\SysWow64\ssleay32.dll
2014-12-17 16:50:55    996352    ----a-w-    C:\Windows\SysWow64\libeay32.dll
2014-12-17 16:50:55    136192    ----a-w-    C:\Windows\SysWow64\keyhook.dll
2014-12-15 11:37:13    --------    d-----w-    C:\Users\mango\AppData\Local\Adobe
2014-12-13 02:10:50    --------    d-sh--w-    C:\found.002
2014-12-08 09:08:21    --------    d-----w-    C:\Users\mango\AppData\Roaming\PandoraClient
2014-12-08 09:04:19    --------    d-----w-    C:\Users\mango\AppData\Roaming\SProxy
2014-12-08 09:04:02    --------    d-----w-    C:\Program Files (x86)\Saver2
2014-12-08 05:15:06    --------    d-----w-    C:\ProgramData\DriverGenius
2014-12-08 03:09:59    --------    d-----w-    C:\Users\mango\AppData\Roaming\OpenCandy
2014-12-08 00:39:19    --------    d-----w-    C:\Program Files\ReviverSoft
2014-12-07 15:49:23    --------    d-sh--w-    C:\found.001
2014-12-07 13:54:26    --------    d-----w-    C:\IObit
2014-12-07 13:21:31    --------    d-----w-    C:\Users\mango\AppData\Roaming\ProductData
2014-12-07 13:20:35    --------    d-----w-    C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2014-12-07 13:20:12    --------    d-----w-    C:\ProgramData\ProductData
2014-12-07 13:20:01    --------    d-----w-    C:\ProgramData\IObit
2014-12-07 13:20:01    --------    d-----w-    C:\Program Files (x86)\Common Files\IObit
2014-12-07 13:19:34    --------    d-----w-    C:\Program Files (x86)\IObit
2014-12-07 13:19:32    --------    d-----w-    C:\Users\mango\AppData\Roaming\IObit
2014-12-07 12:03:44    --------    d-sh--w-    C:\$RECYCLE.BIN
2014-12-07 11:54:05    --------    d-----w-    C:\ProgramData\MFAData
2014-12-07 11:50:59    43664    ----a-w-    C:\Windows\System32\drivers\hitmanpro37.sys
2014-12-07 09:50:25    --------    d-----w-    C:\Program Files\HitmanPro
2014-12-07 09:46:04    --------    d-----w-    C:\ProgramData\HitmanPro
2014-12-05 19:51:45    --------    d-----w-    C:\Users\mango\AppData\Local\CrashDumps
2014-12-05 19:51:29    --------    d-----w-    C:\Program Files (x86)\Common Files\Bitdefender
2014-12-05 19:45:30    --------    d-----w-    C:\Users\mango\AppData\Roaming\QuickScan
2014-12-05 14:21:06    34808    ----a-w-    C:\Windows\System32\drivers\TrueSight.sys
2014-12-05 14:21:01    --------    d-----w-    C:\ProgramData\RogueKiller
2014-12-05 09:36:02    --------    d-----w-    C:\Users\mango\AppData\Local\MFAData
2014-12-05 09:36:02    --------    d-----w-    C:\Users\mango\AppData\Local\Avg2015
2014-12-05 07:33:47    111016    ----a-w-    C:\Windows\System32\WindowsAccessBridge-64.dll
2014-12-05 07:31:25    --------    d-----w-    C:\ProgramData\Oracle
2014-12-05 04:21:42    20268032    ----a-w-    C:\Windows\System32\imageres.dll
2014-12-05 04:06:25    --------    d-----w-    C:\Users\mango\AppData\Roaming\IHlpr
2014-12-05 04:05:32    --------    d-----w-    C:\Windows\SysWow64\C2MP
2014-12-05 01:56:04    17335984    ----a-w-    C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-12-04 11:52:47    --------    d-----w-    C:\TDSSKiller_Quarantine
2014-12-01 22:12:12    --------    d-----w-    C:\Users\mango\AppData\Local\Downloaded Installations
2014-11-30 07:17:32    --------    d-----w-    C:\Program Files (x86)\ImageWriter
2014-11-30 04:14:32    --------    d-----w-    C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-26 00:13:51    --------    d-----w-    C:\Windows\ShellNew
.
==================== Find3M  ====================
.
2014-12-07 08:14:35    701104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-12-07 08:14:34    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-24 23:08:11    603976    ----a-w-    C:\Windows\System32\winload.exe
2014-11-24 23:08:11    518160    ----a-w-    C:\Windows\System32\winresume.exe
.
============= FINISH:  6:40:05.40 ===============

 

 

 

 



BC AdBot (Login to Remove)

 


m

#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,499 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:26 AM

Posted 21 December 2014 - 03:43 PM

Hello potmasterjasper,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,499 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:26 AM

Posted 23 December 2014 - 12:53 AM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,499 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:05:26 AM

Posted 26 December 2014 - 07:25 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users