Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

im not sure what its called but it seems to be related to svchost


  • This topic is locked This topic is locked
4 replies to this topic

#1 srock22

srock22

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:51 PM

Posted 25 March 2015 - 07:11 PM

Im not really  sure how to explain it... Ive never seen anything like it. It feels like im in a movie. I literally watch my files disappear from right in front of my face. The computer starts to run slow as processes associated with sharing information online. The fax machine Radio control controls. I even see other devices connecting on my network. And then slowly things start to disappear. Whole folders just become empty.  And then everything just disappears. I mean literally everything. Ive used rescue and bought all new stuff, meaning a new computer and modem/router. when I used just a little bit ago, files that were on the computer before the recovery suddenly appeared. Its the weirdest virus ive ever encountered.

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by srock222 (administrator) on STUPID on 25-03-2015 16:05:05
Running from C:\Users\srock222\Desktop
Loaded Profiles: srock222 (Available profiles: srock222)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(McAfee, Inc.) C:\Program Files\mcafee\virusscan\mcods.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17200_none_fa7026dd9b04586e\TiWorker.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7634288 2014-06-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1386712 2014-06-23] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe /hideui
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [506680 2014-06-19] (Hewlett-Packard Development Company, L.P.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT14/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPNOT14/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
HKU\S-1-5-21-315648556-1214206620-1832030148-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT14/1
HKU\S-1-5-21-315648556-1214206620-1832030148-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1
HKU\S-1-5-21-315648556-1214206620-1832030148-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://js.redirect.hp.com/jumpstation?bd=all&c=144&locale=ww_ww&pf=cnnb&s=ieHPtab&tp=iehome
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {A69E5EDC-0DC4-4012-8543-BB6F11320FBE} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-315648556-1214206620-1832030148-1001 -> {A69E5EDC-0DC4-4012-8543-BB6F11320FBE} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2014-04-25] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2014-04-25] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 204.186.110.114 216.144.187.199 204.186.0.180
Tcpip\..\Interfaces\{D79E888F-12CE-4213-BF80-AC8344DF5746}: [NameServer] 8.8.8.8,8.8.4.4

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-12-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2014-06-03] (Hewlett-Packard Company) [File not signed]
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [475960 2014-06-19] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-08] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-06-09] (Intel Corporation)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-29] (McAfee, Inc.)
R2 mcbootdelaystartsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-14] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025712 2014-01-21] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-03-17] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [185792 2014-03-17] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-06-23] (Realtek Semiconductor)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-04-02] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-09-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-09-03] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-03-17] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-03-22] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-03-17] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-03-17] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69344 2014-03-17] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-03-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-03-17] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [422712 2014-01-21] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-01-21] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [345456 2014-03-17] (McAfee, Inc.)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [294104 2014-04-30] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3463896 2014-06-20] (Realtek Semiconductor Corporation                           )
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-09-03] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
S3 clwvd; \SystemRoot\system32\DRIVERS\clwvd.sys [X]
S3 SmbDrvI; \SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-25 16:05 - 2015-03-25 16:05 - 00012496 _____ () C:\Users\srock222\Desktop\FRST.txt
2015-03-25 16:04 - 2015-03-25 16:05 - 00000000 ____D () C:\FRST
2015-03-25 16:04 - 2015-03-25 16:04 - 02095616 _____ (Farbar) C:\Users\srock222\Desktop\FRST64.exe
2015-03-25 14:54 - 2015-03-25 14:54 - 00000663 _____ () C:\Windows\SynInst.log
2015-03-25 14:41 - 2014-04-16 15:08 - 00658000 _____ (WildTangent, Inc.) C:\ProgramData\uninstall2485616.exe
2015-03-25 14:23 - 2015-03-25 14:23 - 00351904 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-22 09:50 - 2015-03-22 09:50 - 00000000 ____D () C:\Users\srock222\AppData\Roaming\WildTangent
2015-03-22 09:27 - 2015-03-22 09:51 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-22 09:27 - 2015-03-22 09:27 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-22 09:26 - 2015-03-25 14:28 - 00006592 _____ () C:\Windows\system32\PerfStringBackup.TMP
2015-03-22 09:26 - 2015-03-22 09:27 - 00000000 ____D () C:\ProgramData\ETTB
2015-03-22 09:22 - 2015-03-22 09:22 - 00000144 _____ () C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-03-22 06:27 - 2015-03-22 06:27 - 00000000 ____D () C:\Users\srock222\AppData\Roaming\hpqlog
2015-03-22 06:26 - 2015-03-22 06:26 - 00002324 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-315648556-1214206620-1832030148-500
2015-03-22 06:25 - 2015-03-22 06:25 - 00000000 _____ () C:\Recovery.txt
2015-03-22 05:49 - 2015-03-22 06:27 - 00016384 ___SH () C:\Users\srock222\Desktop\Thumbs.db
2015-03-22 05:03 - 2015-03-22 06:27 - 00000000 ____D () C:\Users\srock222\AppData\Local\Hewlett-Packard
2015-03-22 05:03 - 2015-03-22 05:03 - 00004026 _____ () C:\Windows\System32\Tasks\HPGenoobeReminder
2015-03-22 04:49 - 2015-03-25 16:03 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{218BB5F0-136D-455D-ACE7-B14A947F5FEE}
2015-03-22 04:49 - 2015-03-25 14:47 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-315648556-1214206620-1832030148-1001
2015-03-22 04:49 - 2015-03-22 04:49 - 00000000 __SHD () C:\Users\srock222\AppData\Local\EmieUserList
2015-03-22 04:49 - 2015-03-22 04:49 - 00000000 __SHD () C:\Users\srock222\AppData\Local\EmieSiteList
2015-03-22 04:49 - 2015-03-22 04:49 - 00000000 ____D () C:\Users\srock222\AppData\Roaming\Macromedia
2015-03-22 04:47 - 2015-03-22 05:03 - 00000000 ____D () C:\Users\srock222\AppData\Roaming\Hewlett-Packard
2015-03-22 04:45 - 2015-03-22 04:45 - 00000000 ____D () C:\Users\srock222\AppData\Local\CyberLink
2015-03-22 04:44 - 2015-03-22 04:44 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-22 04:43 - 2015-03-25 14:26 - 00000000 ____D () C:\Users\srock222
2015-03-22 04:43 - 2015-03-22 05:03 - 00000000 ____D () C:\Users\srock222\AppData\Local\Packages
2015-03-22 04:43 - 2015-03-22 04:43 - 00003566 _____ () C:\Windows\System32\Tasks\HPCheckDropBoxStatus
2015-03-22 04:43 - 2015-03-22 04:43 - 00001449 _____ () C:\Users\srock222\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-22 04:43 - 2015-03-22 04:43 - 00000184 _____ () C:\Windows\insFileSpec
2015-03-22 04:43 - 2015-03-22 04:43 - 00000020 ___SH () C:\Users\srock222\ntuser.ini
2015-03-22 04:43 - 2015-03-22 04:43 - 00000000 ____D () C:\Users\srock222\AppData\Roaming\Synaptics
2015-03-22 04:43 - 2015-03-22 04:43 - 00000000 ____D () C:\Users\srock222\AppData\Roaming\Adobe
2015-03-22 04:43 - 2015-03-22 04:43 - 00000000 ____D () C:\Users\srock222\AppData\Local\VirtualStore
2015-03-22 04:43 - 2014-12-17 10:32 - 00001332 _____ () C:\Users\Public\Desktop\HP Smart Friend.lnk
2015-03-22 04:43 - 2014-12-17 10:22 - 00002387 _____ () C:\Users\Public\Desktop\Walmart Photo Center.lnk
2015-03-22 04:43 - 2014-12-17 10:07 - 00001306 _____ () C:\Users\Public\Desktop\TripAdvisor.lnk
2015-03-22 04:43 - 2014-09-03 07:07 - 00000000 ___RD () C:\Users\srock222\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-22 04:43 - 2014-09-03 06:51 - 00000000 ___RD () C:\Users\srock222\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-22 04:43 - 2014-09-03 06:35 - 00002262 _____ () C:\Users\Public\Desktop\Get Dropbox Offer.lnk
2015-03-22 04:43 - 2014-09-03 06:23 - 00000000 ___HD () C:\Users\srock222\Documents\hp.system.package.metadata
2015-03-22 04:43 - 2014-03-18 02:54 - 00000369 _____ () C:\Users\srock222\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-03-22 04:43 - 2014-03-18 02:54 - 00000369 _____ () C:\Users\srock222\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-03-22 04:43 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\srock222\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-22 04:43 - 2013-08-22 08:36 - 00000000 ____D () C:\Users\srock222\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-03-22 04:35 - 2015-03-25 16:04 - 01004602 _____ () C:\Windows\WindowsUpdate.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-25 16:04 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-03-25 15:11 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\sru
2015-03-25 15:07 - 2014-09-03 06:33 - 00000000 ___HD () C:\HP
2015-03-25 14:58 - 2014-09-03 06:23 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2015-03-25 14:54 - 2014-12-17 10:06 - 00000000 ____D () C:\ProgramData\Synaptics
2015-03-25 14:42 - 2014-12-17 10:16 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-25 14:42 - 2014-12-17 10:16 - 00000000 ____D () C:\ProgramData\WildTangent
2015-03-25 14:42 - 2014-12-17 10:16 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2015-03-25 14:41 - 2014-09-03 06:27 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2015-03-25 14:39 - 2014-09-03 06:28 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-25 14:38 - 2014-12-17 10:14 - 00000000 ____D () C:\ProgramData\CyberLink
2015-03-25 14:37 - 2014-12-17 10:24 - 00000000 ____D () C:\Users\Public\CyberLink
2015-03-25 14:32 - 2014-12-17 10:15 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2015-03-25 14:30 - 2014-12-17 10:28 - 00001867 _____ () C:\Users\Public\Desktop\McAfee LiveSafe - Internet Security.lnk
2015-03-25 14:30 - 2014-09-03 06:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2015-03-25 14:23 - 2013-08-22 07:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-22 09:24 - 2013-08-22 07:46 - 00020715 _____ () C:\Windows\setupact.log
2015-03-22 07:31 - 2014-09-03 06:36 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2015-03-22 06:39 - 2014-04-02 16:51 - 00000000 ____D () C:\Windows\Panther
2015-03-22 06:32 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\rescache
2015-03-22 06:29 - 2014-04-02 16:13 - 00010342 _____ () C:\Windows\iis.log
2015-03-22 06:29 - 2013-08-22 08:37 - 00005496 _____ () C:\Windows\DtcInstall.log
2015-03-22 06:29 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\Recovery
2015-03-22 06:29 - 2013-08-22 06:36 - 00000000 ____D () C:\Windows\system32\oobe
2015-03-22 06:25 - 2014-03-18 02:44 - 00002348 _____ () C:\Windows\PFRO.log
2015-03-22 06:25 - 2013-08-22 08:36 - 00262144 _____ () C:\Windows\system32\config\BCD-Template
2015-03-22 06:24 - 2014-12-17 10:26 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-03-22 06:23 - 2013-08-22 06:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-03-22 05:47 - 2014-12-17 10:26 - 00000000 ____D () C:\ProgramData\McAfee
2015-03-22 05:26 - 2014-09-03 06:35 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-22 05:19 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\restore
2015-03-22 04:51 - 2013-08-22 06:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-03-22 04:43 - 2014-04-04 16:45 - 00000000 ___HD () C:\SYSTEM.SAV

==================== Files in the root of some directories =======

2015-03-25 14:41 - 2014-04-16 15:08 - 0658000 _____ (WildTangent, Inc.) C:\ProgramData\uninstall2485616.exe

Files to move or delete:
====================
C:\ProgramData\uninstall2485616.exe

Some content of TEMP:
====================
C:\Users\srock222\AppData\Local\Temp\FoxitUpdater.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-04-02 15:59

==================== End Of Log ============================

 

 



BC AdBot (Login to Remove)

 


#2 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:51 PM

Posted 29 March 2015 - 09:26 AM

**In any case where you happen to be busy or unable to give us a reply, we would be grateful if you keep us informed in advance and we will be more than happy to wait. Failure to do so we will have your thread closed in THREE(3) days.

:)


Hello there, srock22

:welcome:

I'm Conspire, I'll be glad to help you with your computer problems.

Please observe these rules while we work:
  • Read the entire procedure
  • It is important to perform ALL actions in sequence.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with me till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.
IMPORTANT NOTE : Please do not delete anything unless instructed to. Remember to backup all your important data(if possible) before moving on.

---------------------------------------------------------------------------------------------------

Do you still require help?

---------------------------------------------------------------------------------------------------
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#3 srock22

srock22
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:51 PM

Posted 29 March 2015 - 12:51 PM

ok thank you very much. I honestly have no idea what is going on but it has infected 2 computers and just a lo of weird stuff seems to be going on



#4 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:51 PM

Posted 30 March 2015 - 05:51 AM

Ok. We will focus on this one first. I need you to run again the log since it is 5 days old.


Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#5 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:51 PM

Posted 02 April 2015 - 07:29 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users