Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help with removal of rootkit or some kind of virus


  • This topic is locked This topic is locked
12 replies to this topic

#1 donaldduck77

donaldduck77

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 14 January 2015 - 10:24 PM

Hello everyone,

This is my first time on this forum.  I will try my best to follow the rules. 

ok so I have run into some viruses I cant fix.  My computer will not boot into safe mode and thats how i usually fixed my problems.  When i boot to safe mode i get to the login screen and i cant use the mouse or keyboard.  I have used wireless and wired keyboard and mouse but nothing works.  My computer boots fine with wireless keyboard and mouse on normal mode.

Also a virus is limiting my internet speed. Sometimes it turns my internet off. Also I cant use user accounts to change the settings.  I would really appreciate it if someone could help me fix my computer.  I have the DDS file ready if I need to attach it.

 

Thanks in Advance,

Kelly



BC AdBot (Login to Remove)

 


#2 donaldduck77

donaldduck77
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 14 January 2015 - 10:54 PM

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17496
Run by Simpson at 20:20:55 on 2015-01-14
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8191.5776 [GMT -6:00]
.
AV: Baidu Antivirus *Enabled/Updated* {10616E6C-0E20-8594-D377-A7D03F6128A6}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Baidu Antivirus *Disabled/Updated* {AB008F88-281A-8A1A-E9C7-9CA244E6621B}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\svchost.exe -k netsvcs
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavSvc.exe
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe
C:\Windows\system32\CISVC.EXE
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\bavhm.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\hasplms.exe
C:\Program Files (x86)\Comodo\IceDragon\icedragon_updater.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\ATT\8.3.1.18\ma\bin\pcTrayApp.exe
C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\UI0Detect.exe
C:\Program Files (x86)\XBMC\XBMC.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mRun: [Baidu Antivirus] "C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavTray.exe" -auto
mRun: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
uPolicies-Explorer: NoResolveTrack = dword:1
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: HideSCAHealth = dword:0
mPolicies-Explorer: MemCheckBoxInRunDlg = dword:1
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-Explorer: HideSCAHealth = dword:0
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{356CA738-6C20-4F18-90DB-192D10547C0A} : DHCPNameServer = 192.168.1.254
SSODL: WebCheck - <orphaned>
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\Windows\winsxs\x86_microsoft-windows-wpd-shellextension_31bf3856ad364e35_6.1.7601.17514_none_13305696250bcb70\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.10\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
x64-BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll
x64-BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [EvtMgr6] "C:\Program Files\Logitech\SetPointP\SetPoint.exe" /launchGaming
x64-Run: [ATT_McciTrayApp] "C:\Program Files\ATT\8.3.1.18\ma\bin\pcTrayApp.exe"
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-Notify: WB - <no file>
x64-SSODL: WebCheck - <orphaned>
x64-SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\Windows\System32\wpdshserviceobj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Simpson\AppData\Roaming\Mozilla\Firefox\Profiles\z6pkm369.default\
FF - prefs.js: browser.startup.homepage - hxxp://twomovies.us/user/donaldduck77/playlists/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\OSA Kit Pro Player v4.0\npmeadax.dll
FF - plugin: C:\Program Files (x86)\VDownloader\Addons\npVDownloader.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Winamp Detect\npwachk.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\Users\Simpson\AppData\Roaming\Mozilla\plugins\NPGetRt.dll
FF - plugin: C:\Users\Simpson\AppData\Roaming\Mozilla\plugins\npnul32.dll
FF - plugin: C:\Users\Simpson\AppData\Roaming\Mozilla\plugins\nppdf32.dll
FF - plugin: C:\Users\Simpson\AppData\Roaming\Mozilla\plugins\nppl3260.dll
FF - plugin: C:\Users\Simpson\AppData\Roaming\Mozilla\plugins\npqtplugin.dll
FF - plugin: C:\Users\Simpson\AppData\Roaming\Mozilla\plugins\npqtplugin2.dll
FF - plugin: C:\Users\Simpson\AppData\Roaming\Mozilla\plugins\npqtplugin3.dll
FF - plugin: C:\Users\Simpson\AppData\Roaming\Mozilla\plugins\npqtplugin4.dll
FF - plugin: C:\Users\Simpson\AppData\Roaming\Mozilla\plugins\npqtplugin5.dll
FF - plugin: C:\Users\Simpson\AppData\Roaming\Mozilla\plugins\npqtplugin6.dll
FF - plugin: C:\Users\Simpson\AppData\Roaming\Mozilla\plugins\nprpplugin.dll
FF - plugin: C:\Users\Simpson\AppData\Roaming\Mozilla\plugins\NPSWF64_15_0_0_239.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 99721682;99721682;C:\Windows\System32\drivers\99721682.sys [2014-10-28 458336]
R0 amdide64;amdide64;C:\Windows\System32\drivers\amdide64.sys [2014-12-26 11944]
R1 Bfilter;Baidu Antivirus Minifilter Driver;C:\Windows\System32\drivers\Bfilter.sys [2015-1-12 59712]
R1 Bfmon;Baidu FS Monitor Driver;C:\Windows\System32\drivers\Bfmon.sys [2015-1-12 38208]
R1 Bnbase;Bnbase;C:\Windows\System32\drivers\bnbasex64.sys [2015-1-12 77536]
R1 Bndef;Baidu NetDefense;C:\Windows\System32\drivers\bndef64.sys [2015-1-12 475488]
R1 Bprotect;Baidu Protect;C:\Windows\System32\drivers\Bprotect.sys [2015-1-12 164064]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [2014-12-26 26528]
R2 aksdf;aksdf;C:\Windows\System32\drivers\aksdf.sys [2013-12-19 90056]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2014-11-20 244736]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2014-2-11 59616]
R2 BavSvc;Baidu Antivirus Service;C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavSvc.exe [2015-1-12 2272576]
R2 BHipsSvc;Baidu Hips Service;C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe [2015-1-12 402584]
R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2012-3-4 21992]
R2 hasplms;Sentinel Local License Manager;C:\Windows\System32\hasplms.exe  -run --> C:\Windows\System32\hasplms.exe  -run [?]
R2 IceDragonUpdater;COMODO IceDragon Update Service;C:\Program Files (x86)\Comodo\IceDragon\icedragon_updater.exe [2013-12-19 1821384]
R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2015-1-12 344896]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2015-1-12 1738168]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2015-1-12 2088408]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2015-1-12 171928]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2014-6-21 94720]
R3 BNmon;(BNmon);C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Bnmon64.sys [2015-1-12 59200]
R3 johci;JMicron 1394 Filter Driver;C:\Windows\System32\drivers\johci.sys [2014-7-18 26208]
R3 JSWSCIMD;jswscimd Service;C:\Windows\System32\drivers\jswscimdx.sys [2012-3-5 75264]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2014-3-18 77592]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2014-3-18 13080]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2014-12-20 58536]
R3 VST64_DPV;VST64_DPV;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
R3 VST64HWBS2;VST64HWBS2;C:\Windows\System32\drivers\VSTBS26.SYS [2009-7-13 411136]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2012-3-27 398112]
S0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\Windows\System32\drivers\sfsync03.sys [2006-7-11 52120]
S2 AcfXAudioService;AcfXAudioService;C:\Windows\System32\svchost.exe -k AcfXAudioService [2009-7-13 27136]
S2 AODDriver4.3;AODDriver4.3;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2014-2-11 59616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 HsfXAudioService;HsfXAudioService;C:\Windows\System32\svchost.exe -k HsfXAudioService [2009-7-13 27136]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2015-1-8 418376]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2015-1-8 701512]
S2 NovaPdfServer;novaPDF Server;C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [2014-8-1 204576]
S2 SparkSvc;Baidu Spark Service; [x]
S3 acfva;acfva;C:\Windows\System32\drivers\ACFVA64.sys [2014-1-3 122624]
S3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-3-3 46136]
S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [2014-9-16 31920]
S3 BdSandbox;Baidu BdSandbox Driver;C:\Windows\System32\drivers\BdSandbox.sys [2015-1-12 201536]
S3 BdSandboxSrv;Baidu BdSandbox Virtual Service;C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdSandboxSrv64.exe --> C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdSandboxSrv64.exe [?]
S3 CAXHWBS2;CAXHWBS2;C:\Windows\System32\drivers\CAXHWBS2.sys [2014-1-3 411136]
S3 CAXHWBS3;CAXHWBS3;C:\Windows\System32\drivers\CAXHWBS3.sys [2013-10-6 288256]
S3 dgcfltr;DGC Filter Driver;C:\Windows\System32\drivers\ACFDCP64.sys [2014-1-3 34944]
S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2014-4-16 21712]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-1-11 114688]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2015-1-8 25928]
S3 NvnUsbAudio;Novation USB Audio Driver;C:\Windows\System32\drivers\nvnusbaudio.sys [2014-1-24 53552]
S3 P1764;Sound Blaster Audigy;C:\Windows\System32\drivers\P1764.SYS [2005-7-6 1579008]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-5-13 19456]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8192su.sys [2010-9-29 695400]
S3 SaiK0728;SaiK0728;C:\Windows\System32\drivers\SaiK0728.sys [2012-12-5 180584]
S3 sopcastp2p;sopcastp2p;C:\Program Files (x86)\SopCast\srvany.exe [2015-1-3 8192]
S3 SrvHsfPCI;SrvHsfPCI;C:\Windows\System32\drivers\VSTBS26.SYS [2009-7-13 411136]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-5-13 56832]
S3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2015-1-12 23016]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 VsEtwService120;Visual Studio ETW Event Collection Service;C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [2014-1-9 87728]
S3 xcbdaNtscV;ViXS Tuner Card (NTSC) - V;C:\Windows\System32\drivers\xcbdaVx64.sys [2009-6-10 214784]
S4 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2014-9-15 344064]
S4 AT&T Troubleshoot & Resolve;AT&T Troubleshoot & Resolve;"C:\Program Files (x86)\ATT\8.3.1.18\ma\bin\MAHostService.exe" --> C:\Program Files (x86)\ATT\8.3.1.18\ma\bin\MAHostService.exe [?]
S4 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2015-1-12 23048]
S4 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2014-1-27 227904]
S4 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S4 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2013-10-3 2630432]
S4 msvsmon120;Remote Debugger;C:\Program Files\Microsoft Visual Studio 12.0\Common7\IDE\Remote Debugger\x64\rdbgservice.exe [2014-1-9 219312]
S4 pcCMService64;pcCMService64;C:\Program Files\Common Files\Motive\pcCMService.exe [2014-2-5 460288]
S4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2014-7-30 39568]
S4 SBUpd;SpeedBit Update;C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe /service --> C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe  [?]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .ini: inifile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .jse: JSEFile=C:\Windows\SysWow64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2015-01-15 01:33:43    --------    dcsh--w-    C:\$RECYCLE.BIN
2015-01-15 00:23:53    --------    dc----w-    C:\Program Files (x86)\InCode Solutions
2015-01-14 19:33:32    --------    dcs---w-    C:\ComboFix
2015-01-14 13:31:42    57856    ----a-w-    C:\Windows\System32\drivers\ndproxy.sys
2015-01-13 13:43:00    --------    d-----w-    C:\ProgramData\Logs
2015-01-13 13:37:08    --------    dc----w-    C:\Users\Simpson\AppData\Roaming\Simply Super Software
2015-01-13 13:36:45    --------    d-----w-    C:\ProgramData\Simply Super Software
2015-01-13 11:18:34    75888    -c--a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C5C3E344-E5A0-4D4F-B1B0-C08F3D0A23A9}\offreg.dll
2015-01-13 05:41:09    --------    d-----w-    C:\ProgramData\BavSvc_exe
2015-01-12 10:16:21    201536    ----a-w-    C:\Windows\System32\drivers\BdSandbox.sys
2015-01-12 10:16:20    77536    ----a-w-    C:\Windows\System32\drivers\bnbasex64.sys
2015-01-12 10:16:20    475488    ----a-w-    C:\Windows\System32\drivers\bndef64.sys
2015-01-12 10:16:17    164064    ----a-w-    C:\Windows\System32\drivers\Bprotect.sys
2015-01-12 10:16:11    38208    ----a-w-    C:\Windows\System32\drivers\Bfmon.sys
2015-01-12 10:16:06    59712    ----a-w-    C:\Windows\System32\drivers\Bfilter.sys
2015-01-12 10:11:17    --------    d-----w-    C:\ProgramData\baidu
2015-01-12 10:00:51    --------    dc----w-    C:\Users\Simpson\AppData\Local\eSupport.com
2015-01-12 09:37:06    --------    dc----w-    C:\Program Files\Windows Firewall Control
2015-01-12 09:34:31    --------    d-----w-    C:\ProgramData\Kaspersky Lab Setup Files
2015-01-12 08:37:19    21040    ----a-w-    C:\Windows\System32\sdnclean64.exe
2015-01-12 00:16:15    144384    ----a-w-    C:\Windows\System32\ieUnatt.exe
2015-01-12 00:16:15    115712    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2015-01-11 22:53:57    --------    dc----w-    C:\Users\Simpson\AppData\Local\Secunia PSI
2015-01-11 22:53:25    --------    dc----w-    C:\Program Files (x86)\Secunia
2015-01-11 06:38:54    968704    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2015-01-11 05:11:46    683520    ----a-w-    C:\Windows\System32\termsrv.dll
2015-01-11 05:10:32    3969984    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2015-01-11 05:09:19    424448    ----a-w-    C:\Windows\System32\rastls.dll
2015-01-11 05:09:19    372736    ----a-w-    C:\Windows\SysWow64\rastls.dll
2015-01-11 05:08:17    519680    ----a-w-    C:\Windows\SysWow64\qdvd.dll
2015-01-11 05:08:17    371712    ----a-w-    C:\Windows\System32\qdvd.dll
2015-01-11 04:55:05    --------    d-----w-    C:\Windows\System32\catroot2
2015-01-11 02:56:09    801280    ----a-w-    C:\Windows\System32\usp10.dll
2015-01-11 02:56:09    626688    ----a-w-    C:\Windows\SysWow64\usp10.dll
2015-01-10 22:36:29    --------    dc----w-    C:\Program Files (x86)\ESET
2015-01-10 21:51:37    11870360    -c--a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C5C3E344-E5A0-4D4F-B1B0-C08F3D0A23A9}\mpengine.dll
2015-01-08 13:33:55    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2015-01-08 13:33:55    --------    dc----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2015-01-07 07:05:21    --------    dc----w-    C:\Users\Simpson\AppData\Roaming\XBMC
2015-01-03 09:45:51    --------    dc----w-    C:\Program Files (x86)\SopCast
2015-01-02 09:27:57    --------    dc----w-    C:\Program Files (x86)\XBMC
2014-12-31 18:17:05    --------    d-----w-    C:\ProgramData\GroupPolicy
2014-12-28 21:05:13    --------    d-----w-    C:\Windows\SysWow64\BestPractices
2014-12-28 21:05:06    --------    d-----w-    C:\Windows\System32\BestPractices
2014-12-28 21:05:01    --------    dc----w-    C:\inetpub
2014-12-28 20:33:23    878080    ----a-w-    C:\Windows\System32\IMJP10K.DLL
2014-12-28 20:33:23    701440    ----a-w-    C:\Windows\SysWow64\IMJP10K.DLL
2014-12-28 19:21:14    55808    ----a-w-    C:\Windows\System32\rrinstaller.exe
2014-12-28 19:21:14    50176    ----a-w-    C:\Windows\SysWow64\rrinstaller.exe
2014-12-28 19:21:14    3209728    ----a-w-    C:\Windows\SysWow64\mf.dll
2014-12-28 19:21:14    24576    ----a-w-    C:\Windows\System32\mfpmp.exe
2014-12-28 19:21:14    23040    ----a-w-    C:\Windows\SysWow64\mfpmp.exe
2014-12-28 19:21:14    206848    ----a-w-    C:\Windows\System32\mfps.dll
2014-12-28 19:21:14    2048    ----a-w-    C:\Windows\SysWow64\mferror.dll
2014-12-28 19:21:14    2048    ----a-w-    C:\Windows\System32\mferror.dll
2014-12-28 19:21:14    103424    ----a-w-    C:\Windows\SysWow64\mfps.dll
2014-12-28 19:21:13    4121600    ----a-w-    C:\Windows\System32\mf.dll
2014-12-28 19:15:05    2777088    ----a-w-    C:\Windows\System32\msmpeg2vdec.dll
2014-12-28 19:15:05    2285056    ----a-w-    C:\Windows\SysWow64\msmpeg2vdec.dll
2014-12-28 19:08:09    99480    ----a-w-    C:\Windows\SysWow64\infocardapi.dll
2014-12-28 19:08:09    619672    ----a-w-    C:\Windows\SysWow64\icardagt.exe
2014-12-28 19:08:09    171160    ----a-w-    C:\Windows\System32\infocardapi.dll
2014-12-28 19:08:09    1389208    ----a-w-    C:\Windows\System32\icardagt.exe
2014-12-28 19:08:08    8856    ----a-w-    C:\Windows\SysWow64\icardres.dll
2014-12-28 19:08:08    8856    ----a-w-    C:\Windows\System32\icardres.dll
2014-12-28 19:07:50    35480    ----a-w-    C:\Windows\SysWow64\TsWpfWrp.exe
2014-12-28 19:07:50    35480    ----a-w-    C:\Windows\System32\TsWpfWrp.exe
2014-12-28 19:06:28    455168    ----a-w-    C:\Windows\System32\winlogon.exe
2014-12-28 19:06:24    235520    ----a-w-    C:\Windows\System32\winsta.dll
2014-12-28 19:06:23    39936    ----a-w-    C:\Windows\System32\drivers\tssecsrv.sys
2014-12-28 19:06:23    212480    ----a-w-    C:\Windows\System32\drivers\rdpwd.sys
2014-12-28 19:06:23    157696    ----a-w-    C:\Windows\SysWow64\winsta.dll
2014-12-28 19:06:23    150528    ----a-w-    C:\Windows\System32\rdpcorekmts.dll
2014-12-28 19:06:07    861696    ----a-w-    C:\Windows\System32\oleaut32.dll
2014-12-28 19:06:07    571904    ----a-w-    C:\Windows\SysWow64\oleaut32.dll
2014-12-28 19:06:02    2871808    ----a-w-    C:\Windows\explorer.exe
2014-12-28 19:06:02    2616320    ----a-w-    C:\Windows\SysWow64\explorer.exe
2014-12-28 19:04:37    793600    ----a-w-    C:\Windows\SysWow64\TSWorkspace.dll
2014-12-28 18:57:03    3241984    ----a-w-    C:\Windows\System32\msi.dll
2014-12-28 18:57:02    504320    ----a-w-    C:\Windows\System32\msihnd.dll
2014-12-28 18:57:02    2363904    ----a-w-    C:\Windows\SysWow64\msi.dll
2014-12-28 18:57:02    1941504    ----a-w-    C:\Windows\System32\authui.dll
2014-12-28 18:57:02    1805824    ----a-w-    C:\Windows\SysWow64\authui.dll
2014-12-28 18:57:02    112064    ----a-w-    C:\Windows\System32\consent.exe
2014-12-28 18:57:01    337408    ----a-w-    C:\Windows\SysWow64\msihnd.dll
2014-12-28 18:56:43    404480    ----a-w-    C:\Windows\System32\gdi32.dll
2014-12-28 18:56:43    311808    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2014-12-28 18:56:41    67072    ----a-w-    C:\Windows\splwow64.exe
2014-12-28 18:56:41    559104    ----a-w-    C:\Windows\System32\spoolsv.exe
2014-12-28 17:41:35    --------    d-----w-    C:\Windows\CheckSur
2014-12-28 16:15:45    --------    dcsh--w-    C:\Users\Simpson\AppData\Local\EmieBrowserModeList
2014-12-28 09:55:18    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2014-12-28 09:55:18    2048    ----a-w-    C:\Windows\System32\tzres.dll
2014-12-28 09:54:41    96768    ----a-w-    C:\Windows\System32\fsutil.exe
2014-12-28 09:54:41    2565632    ----a-w-    C:\Windows\System32\esent.dll
2014-12-28 09:54:41    1699328    ----a-w-    C:\Windows\SysWow64\esent.dll
2014-12-28 09:54:40    74240    ----a-w-    C:\Windows\SysWow64\fsutil.exe
2014-12-28 09:54:40    410496    ----a-w-    C:\Windows\System32\drivers\iaStorV.sys
2014-12-28 09:54:40    27008    ----a-w-    C:\Windows\System32\drivers\amdxata.sys
2014-12-28 09:54:40    166272    ----a-w-    C:\Windows\System32\drivers\nvstor.sys
2014-12-28 09:54:40    148352    ----a-w-    C:\Windows\System32\drivers\nvraid.sys
2014-12-28 09:54:40    107904    ----a-w-    C:\Windows\System32\drivers\amdsata.sys
2014-12-28 09:26:03    1216000    ----a-w-    C:\Windows\System32\rpcrt4.dll
2014-12-28 09:26:02    664064    ----a-w-    C:\Windows\SysWow64\rpcrt4.dll
2014-12-28 08:49:26    --------    dc----w-    C:\Users\Simpson\AppData\Roaming\AVAST Software
2014-12-28 08:47:46    43152    ----a-w-    C:\Windows\avastSS.scr
2014-12-28 08:47:22    --------    dc----w-    C:\Program Files\AVAST Software
2014-12-28 08:43:32    --------    d-----w-    C:\ProgramData\AVAST Software
2014-12-27 06:42:27    --------    d-----w-    C:\ProgramData\Baidu Security
2014-12-26 10:30:06    98216    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-12-26 10:21:18    11944    ----a-w-    C:\Windows\System32\drivers\amdide64.sys
2014-12-26 09:40:15    --------    d-----w-    C:\ProgramData\GetRight
2014-12-26 09:33:39    26528    ----a-w-    C:\Windows\SysWow64\drivers\HWiNFO64A.SYS
2014-12-25 05:23:50    --------    dc----w-    C:\Users\Simpson\.fontconfig
2014-12-24 19:42:54    --------    dc----w-    C:\Users\Simpson\AppData\Roaming\AMD
2014-12-22 19:06:30    1253888    ----a-w-    C:\Windows\System32\fmodex.dll
2014-12-22 18:26:43    --------    dc----w-    C:\Users\Simpson\AppData\Local\MiniService
2014-12-22 18:25:46    --------    dc----w-    C:\BavSandboxRoot
2014-12-22 18:25:07    417824    ----a-w-    C:\Windows\System32\BdSandboxDll64.dll
2014-12-22 18:25:07    330272    ----a-w-    C:\Windows\SysWow64\BdSandboxDll32.dll
2014-12-22 14:21:30    540688    ----a-w-    C:\Windows\System32\d3dx10_39.dll
2014-12-22 14:21:30    467984    ----a-w-    C:\Windows\SysWow64\d3dx10_39.dll
2014-12-22 14:21:30    1942552    ----a-w-    C:\Windows\System32\D3DCompiler_39.dll
2014-12-22 14:21:30    1493528    ----a-w-    C:\Windows\SysWow64\D3DCompiler_39.dll
2014-12-22 14:21:26    4992520    ----a-w-    C:\Windows\System32\D3DX9_39.dll
2014-12-22 14:21:26    3851784    ----a-w-    C:\Windows\SysWow64\D3DX9_39.dll
2014-12-20 16:50:40    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-20 16:50:40    701616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-12-20 14:31:52    58536    ----a-w-    C:\Windows\System32\drivers\usbfilter.sys
2014-12-20 12:07:00    --------    dc----w-    C:\FRST
2014-12-18 17:55:52    --------    dc----w-    C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-12-18 03:25:05    11870360    -c--a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-12-18 03:18:26    --------    dc----w-    C:\Program Files (x86)\Spybot - Search & Destroy
2014-12-17 17:55:04    --------    dc----w-    C:\ProgramData\VS Revo Group
2014-12-17 17:46:55    --------    dc----w-    C:\Program Files (x86)\Common Files\SpeedBit
2014-12-17 17:46:54    9728    ----a-w-    C:\Windows\SysWow64\EasyHook32.dll
2014-12-17 17:12:36    --------    dc----w-    C:\Program Files\Common Files\SpeedBit
2014-12-17 16:12:26    --------    dc----w-    C:\Program Files (x86)\MSSOAP
2014-12-17 16:12:26    --------    dc----w-    C:\Program Files (x86)\Common Files\MSSoap
2014-12-17 10:38:05    --------    dc----w-    C:\Program Files\McAfee
.
==================== Find3M  ====================
.
2015-01-14 17:30:07    37624    ----a-w-    C:\Windows\System32\drivers\TrueSight.sys
2015-01-06 10:36:02    298120    ------w-    C:\Windows\System32\MpSigStub.exe
2015-01-06 09:48:17    18960    ----a-w-    C:\Windows\System32\drivers\LNonPnP.sys
2014-12-07 06:14:09    172032    ----a-w-    C:\Windows\SysWow64\AniGIF.ocx
2014-11-23 15:24:00    24448    ----a-w-    C:\Windows\SysWow64\drivers\rkhdrv40.sys
2014-11-21 02:44:42    78432    ----a-w-    C:\Windows\System32\atimpc64.dll
2014-11-21 02:44:42    78432    ----a-w-    C:\Windows\System32\amdpcom64.dll
2014-11-21 02:44:40    71704    ----a-w-    C:\Windows\SysWow64\atimpc32.dll
2014-11-21 02:44:40    71704    ----a-w-    C:\Windows\SysWow64\amdpcom32.dll
2014-11-21 02:44:28    144328    ----a-w-    C:\Windows\System32\atiuxp64.dll
2014-11-21 02:44:26    126848    ----a-w-    C:\Windows\SysWow64\atiuxpag.dll
2014-11-21 02:44:24    118096    ----a-w-    C:\Windows\System32\atiu9p64.dll
2014-11-21 02:44:22    100032    ----a-w-    C:\Windows\SysWow64\atiu9pag.dll
2014-11-21 02:44:20    1348928    ----a-w-    C:\Windows\System32\aticfx64.dll
2014-11-21 02:44:16    1127496    ----a-w-    C:\Windows\SysWow64\aticfx32.dll
2014-11-21 02:44:10    11076784    ----a-w-    C:\Windows\System32\atidxx64.dll
2014-11-21 02:44:04    9401480    ----a-w-    C:\Windows\SysWow64\atidxx32.dll
2014-11-21 02:43:56    7558816    ----a-w-    C:\Windows\SysWow64\atiumdva.dll
2014-11-21 02:43:50    7077776    ----a-w-    C:\Windows\SysWow64\atiumdag.dll
2014-11-21 02:43:42    8379720    ----a-w-    C:\Windows\System32\atiumd6a.dll
2014-11-21 02:43:38    8369408    ----a-w-    C:\Windows\System32\atiumd64.dll
2014-11-21 02:41:36    294600    ----a-w-    C:\Windows\System32\drivers\amdacpksd.sys
2014-11-21 02:40:00    18959360    ----a-w-    C:\Windows\System32\drivers\atikmdag.sys
2014-11-21 02:33:12    235008    ----a-w-    C:\Windows\System32\clinfo.exe
2014-11-21 02:33:06    98816    ----a-w-    C:\Windows\System32\OpenVideo64.dll
2014-11-21 02:33:06    83456    ----a-w-    C:\Windows\SysWow64\OpenVideo.dll
2014-11-21 02:33:04    86528    ----a-w-    C:\Windows\System32\OVDecode64.dll
2014-11-21 02:33:02    73216    ----a-w-    C:\Windows\SysWow64\OVDecode.dll
2014-11-21 02:33:00    47899136    ----a-w-    C:\Windows\System32\amdocl64.dll
2014-11-21 02:32:08    40987136    ----a-w-    C:\Windows\SysWow64\amdocl.dll
2014-11-21 02:31:18    65024    ----a-w-    C:\Windows\System32\OpenCL.dll
2014-11-21 02:31:16    58880    ----a-w-    C:\Windows\SysWow64\OpenCL.dll
2014-11-21 02:24:50    28354560    ----a-w-    C:\Windows\System32\atio6axx.dll
2014-11-21 02:19:36    23621632    ----a-w-    C:\Windows\SysWow64\atioglxx.dll
2014-11-21 02:19:26    49664    ----a-w-    C:\Windows\System32\amdmmcl6.dll
2014-11-21 02:19:22    38912    ----a-w-    C:\Windows\SysWow64\amdmmcl.dll
2014-11-21 02:18:46    127488    ----a-w-    C:\Windows\System32\mantle64.dll
2014-11-21 02:18:42    113664    ----a-w-    C:\Windows\SysWow64\mantle32.dll
2014-11-21 02:18:36    5837312    ----a-w-    C:\Windows\System32\amdmantle64.dll
2014-11-21 02:17:04    367104    ----a-w-    C:\Windows\System32\atiapfxx.exe
2014-11-21 02:17:02    62464    ----a-w-    C:\Windows\System32\aticalrt64.dll
2014-11-21 02:17:02    52224    ----a-w-    C:\Windows\SysWow64\aticalrt.dll
2014-11-21 02:16:58    55808    ----a-w-    C:\Windows\System32\aticalcl64.dll
2014-11-21 02:16:58    49152    ----a-w-    C:\Windows\SysWow64\aticalcl.dll
2014-11-21 02:16:52    15716352    ----a-w-    C:\Windows\System32\aticaldd64.dll
2014-11-21 02:16:04    14302208    ----a-w-    C:\Windows\SysWow64\aticaldd.dll
2014-11-21 02:15:42    4590592    ----a-w-    C:\Windows\SysWow64\amdmantle32.dll
2014-11-21 02:13:12    91648    ----a-w-    C:\Windows\System32\mantleaxl64.dll
2014-11-21 02:13:10    85504    ----a-w-    C:\Windows\SysWow64\mantleaxl32.dll
2014-11-21 02:12:50    442368    ----a-w-    C:\Windows\System32\atidemgy.dll
2014-11-21 02:12:50    31232    ----a-w-    C:\Windows\System32\atimuixx.dll
2014-11-21 02:12:48    774656    ----a-w-    C:\Windows\System32\atieclxx.exe
2014-11-21 02:12:40    244736    ----a-w-    C:\Windows\System32\atiesrxx.exe
2014-11-21 02:12:26    190976    ----a-w-    C:\Windows\System32\atitmm64.dll
2014-11-21 02:10:02    843776    ----a-w-    C:\Windows\System32\coinst_14.50.dll
2014-11-21 02:09:06    1214976    ----a-w-    C:\Windows\System32\atiadlxx.dll
2014-11-21 02:09:04    903168    ----a-w-    C:\Windows\SysWow64\atiadlxy.dll
2014-11-21 02:09:00    75264    ----a-w-    C:\Windows\System32\atig6pxx.dll
2014-11-21 02:09:00    69632    ----a-w-    C:\Windows\SysWow64\atiglpxx.dll
2014-11-21 02:09:00    69632    ----a-w-    C:\Windows\System32\atiglpxx.dll
2014-11-21 02:08:58    146944    ----a-w-    C:\Windows\System32\atig6txx.dll
2014-11-21 02:08:56    133632    ----a-w-    C:\Windows\SysWow64\atigktxx.dll
2014-11-21 02:08:54    589312    ----a-w-    C:\Windows\System32\drivers\atikmpag.sys
2014-11-21 02:08:54    43520    ----a-w-    C:\Windows\System32\drivers\ati2erec.dll
2014-11-19 07:35:50    111016    ----a-w-    C:\Windows\System32\WindowsAccessBridge-64.dll
2014-11-11 03:09:06    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2014-11-11 03:08:52    241152    ----a-w-    C:\Windows\System32\pku2u.dll
2014-11-11 03:08:48    728064    ----a-w-    C:\Windows\System32\kerberos.dll
2014-11-11 02:44:45    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44:32    186880    ----a-w-    C:\Windows\SysWow64\pku2u.dll
2014-11-11 02:44:25    550912    ----a-w-    C:\Windows\SysWow64\kerberos.dll
2014-11-11 01:46:26    119296    ----a-w-    C:\Windows\System32\drivers\tdx.sys
2014-10-30 02:03:43    165888    ----a-w-    C:\Windows\System32\charmap.exe
2014-10-30 01:45:43    155136    ----a-w-    C:\Windows\SysWow64\charmap.exe
2014-10-28 22:27:25    458336    ----a-w-    C:\Windows\System32\drivers\99721682.sys
2014-10-25 01:57:59    77824    ----a-w-    C:\Windows\System32\packager.dll
2014-10-25 01:32:37    67584    ----a-w-    C:\Windows\SysWow64\packager.dll
.
============= FINISH: 20:23:32.08 ===============



#3 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:52 AM

Posted 15 January 2015 - 10:21 AM

Please do the following:

Please download the appropriate version of Farbar Recovery Scan Tool (FRST.exe) from here:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ (for 32bit systems)
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ (for 64bit systems)
save it to your desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
NEXT

Please download Malwarebytes Anti-Rootkit (MBAR) from here and save it to your desktop.
  • before running MBAR exit malwarebytes antimalware (if you have it) via the system tray icon > exit.
  • Doubleclick on the MBAR file you downloaded and approve the UAC prompt in Vista and newer operating systems.
  • Click OK on the next screen, to allow the package to extract the contents of the file to its own folder, mbar.
  • mbar.exe will launch automatically. On some systems, this may take a few extra seconds. Please be patient and wait for the program to open.
  • After reading the Introduction, click 'Next' if you agree.
  • On the Update Database screen, click on the 'Update' button.
  • Once you see 'Success: Database was successfully updated' click on 'Next'.
  • Click the 'Scan' button.
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
If malware is found, press the Cleanup button when the scan completes.
Then, please send the following logs as attachments to your reply.
These logs are located in the mbar folder on your desktop where the tool extracted itself to.

mbar-log-2013-xx-xx(xx-xx-xx).txt (where xx-xx(xx-xx-xx) is the date and time of the scan)
system-log.txt

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#4 donaldduck77

donaldduck77
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 15 January 2015 - 06:36 PM

Thanks very much for your help.  I am running the MBAR  scan now. Attached File  FRST.txt   90.8KB   3 downloadsAttached File  Addition.txt   54.46KB   1 downloads



#5 donaldduck77

donaldduck77
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 15 January 2015 - 09:30 PM

Attached File  mbar-log-2015-01-15 (16-52-27).txt   2.2KB   2 downloads



#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:52 AM

Posted 16 January 2015 - 10:10 AM

Please do the following:

Download attached fixlist.txt file and save it to the Desktop.

Attached File  FixList.txt   2.12KB   3 downloads

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Please let me know how the computer is running now

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 donaldduck77

donaldduck77
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 16 January 2015 - 10:52 AM

Attached File  Fixlog.txt   4.56KB   2 downloads



#8 donaldduck77

donaldduck77
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 16 January 2015 - 11:05 AM

Hello CatByte,

 

The internet seems faster and the operating system seems more stable.



#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:52 AM

Posted 16 January 2015 - 11:13 AM

very good, we need to sweep for any adware leftovers, please run the following:


Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • If items are found, please select the Clean button
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 donaldduck77

donaldduck77
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 16 January 2015 - 11:59 AM

Attached File  AdwCleanerS15.txt   3.13KB   1 downloads



#11 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:52 AM

Posted 16 January 2015 - 12:05 PM

Looks good, if there are no other issues, then we can clean up our tools:

You can delete the FRST and DDS logs and programs from your desktop.


NEXT

Double click on adwcleaner.exe to run the tool.
Click on the Uninstall button
Confirm with yes

If there are any logs/tools remaining on your desktop > right click and delete them

NEXT

Below I have included a couple of recommendations for how to protect your computer against malware infections.

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article - Strong passwords: How to create and use them
http://www.microsoft.com/security/online-privacy/passwords-create.aspx

Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com
This will ensure your computer has always the latest security updates available installed on your computer.

http://www.mywot.com
Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
Green to go
Yellow for caution
Red to stop
WOT has an addon available for Chrome, Firefox and IE

AdblockPlus, Surf the web without annoying ads!
Blocks banners, pop-ups and video ads - even on Facebook and YouTube
Protects your online privacy
Two-click installation, It's free!

https://adblockplus.org/en/internet-explorer
https://adblockplus.org/en/firefox
https://adblockplus.org/en/chrome


Thank you for your patience, and performing all of the procedures requested.

Edited by CatByte, 16 January 2015 - 12:05 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#12 donaldduck77

donaldduck77
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 16 January 2015 - 12:49 PM

Thank You for the help.  I will keep your recommendations in mind.  :busy:



#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:04:52 AM

Posted 18 January 2015 - 01:07 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users