Jump to content


Photo
- - - - -

Windows Command Processor - HELP


  • This topic is locked This topic is locked
8 replies to this topic

#1 MagiX110

MagiX110

    New Member

  • Members
  • Pip
  • 6 posts

Posted 20 September 2012 - 11:48 AM

Hi i have recently had severe issues with malware that has infected my PC.

at first it disconnected my internet by uninstalling my network driver and many other things, after restoring then UNDOing my restoring it somehow restored my driver so i can access the internet, it has disabled my Mcafee, and a window keeps popping up called "Windows Command Processor"

Ive read many threads now with people who have had the same issues, ive tryed Rkill, Malwarebytez anti-virus, Spybot search and destroy, CCleaner, etc, nothing seems to get rid of it. Ive also tryed to detect the raw process using Hijackthis and it doesnt seem to detect it.

can someone help me get this off as its a major problem, would be really appreciative thanks people

#2 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,237 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 20 September 2012 - 12:13 PM

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs here.....DDS.txt and Attach.txt

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Quit all running programs.

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.


Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#3 MagiX110

MagiX110

    New Member

  • Members
  • Pip
  • 6 posts

Posted 20 September 2012 - 12:16 PM

im currently in safemode or it wont let me visit this website, i hope thats ok, i will do what you asked now thank you

#4 MagiX110

MagiX110

    New Member

  • Members
  • Pip
  • 6 posts

Posted 20 September 2012 - 12:26 PM

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by HousePC at 18:20:09 on 2012-09-20
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4079.2495 [GMT 1:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\mfevtps.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\mcafee\VirusScan\mcods.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120624172116.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [AdobeBridge]
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Comrade.exe] C:\Program Files (x86)\GameSpy\Comrade\Comrade.exe
uRun: [DscIhece] C:\Users\HousePC\AppData\Local\umkvwevn\dscihece.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
StartupFolder: C:\Users\HousePC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dscihece.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SHORTK~1.LNK - C:\Program Files (x86)\ShortKeys 3\shortkey.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{2E30D14A-B6FE-462B-B8DC-B5082BBC5B74} : DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{8206B912-0058-4392-9AF0-E7426FCA9975} : NameServer = 8.8.8.8
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120624172116.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO-X64: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
mRun-x64: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun-x64: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [(Default)]
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\HousePC\AppData\Roaming\Mozilla\Firefox\Profiles\ofsmj58t.default\
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\system32\DRIVERS\hssdrv6.sys --> C:\Windows\system32\DRIVERS\hssdrv6.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-28 249936]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2011-11-15 210584]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-25 116648]
S2 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-8-3 476016]
S2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [2012-8-3 387440]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-16 399432]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-16 676936]
S2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-28 249936]
S2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-28 249936]
S2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2011-11-15 199272]
S2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-26 2823000]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-4-19 1153368]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-19 250056]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
S3 CGVPNCliSrvc;CyberGhost VPN Client;C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2012-9-6 2438696]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-25 116648]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-11-15 224704]
S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-8-3 114144]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
S3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
S3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
S3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-28 249936]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2012-09-20 13:05:48 -------- d-----w- C:\Users\HousePC\AppData\Local\Microsoft Games
2012-09-20 12:17:03 -------- d-----w- C:\Users\HousePC\AppData\Local\{C93148A0-C609-44A3-ACEE-B3CC9D532EC3}
2012-09-17 13:11:19 -------- d-----w- C:\Users\HousePC\AppData\Local\Apps
2012-09-17 13:11:18 -------- d-----w- C:\Users\HousePC\AppData\Local\Deployment
2012-09-17 13:00:53 -------- d-----w- C:\Users\HousePC\AppData\Local\{9BF0F2F6-6560-4D13-83FB-662F150270C0}
2012-09-16 18:19:04 -------- d-----w- C:\Program Files (x86)\PC Tools
2012-09-16 18:18:01 251560 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
2012-09-16 18:18:01 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-09-16 18:15:15 -------- d-----w- C:\Users\HousePC\AppData\Roaming\TestApp
2012-09-16 18:15:15 -------- d-----w- C:\ProgramData\PC Tools
2012-09-16 13:03:27 -------- d-----w- C:\Program Files (x86)\Citrix
2012-09-16 13:03:23 -------- d-----w- C:\Users\HousePC\AppData\Local\Citrix
2012-09-16 13:03:19 103784 ----a-w- C:\Users\HousePC\GoToAssistDownloadHelper.exe
2012-09-16 12:56:50 -------- d-----w- C:\Users\HousePC\AppData\Roaming\McAfee
2012-09-16 12:08:32 -------- d-----w- C:\Users\HousePC\AppData\Local\{EDE0FE17-5CAF-42C9-9A8C-CA734A12705F}
2012-09-16 07:45:07 -------- d-----w- C:\Users\HousePC\AppData\Roaming\SUPERAntiSpyware.com
2012-09-16 07:44:41 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-09-16 07:44:41 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-09-16 07:31:06 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-16 06:58:09 -------- d-----w- C:\Users\HousePC\AppData\Roaming\Malwarebytes
2012-09-16 06:58:04 -------- d-----w- C:\ProgramData\Malwarebytes
2012-09-16 06:58:03 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-16 06:58:03 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-16 06:44:23 388096 ----a-r- C:\Users\HousePC\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-09-16 05:13:46 -------- d-----w- C:\Users\HousePC\AppData\Local\{1688A56A-33C9-43F7-B356-1B8B7EEDC46D}
2012-09-16 04:52:57 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-09-16 04:45:13 -------- d-----w- C:\Users\HousePC\AppData\Local\{D50FE16A-A060-458B-A5BA-D954525E6B00}
2012-09-16 04:26:34 -------- d-----w- C:\Users\HousePC\AppData\Local\{61A16220-7A30-4B37-AD43-0A41369925E7}
2012-09-16 04:14:01 -------- d-----w- C:\Users\HousePC\AppData\Local\{50F50541-CC27-4783-907E-1A08A2D6C3DB}
2012-09-16 04:10:06 -------- d-----w- C:\Users\HousePC\AppData\Local\{674580A8-59A9-45BB-B6B9-484E62855110}
2012-09-16 03:58:11 -------- d-----w- C:\Users\HousePC\AppData\Local\{7207BC5C-B9D4-4193-8806-4B6C2A5536C3}
2012-09-16 03:18:27 -------- d-----w- C:\Users\HousePC\AppData\Local\{A3D1370F-EB2A-4C51-8AAA-75FBE86B606D}
2012-09-16 03:07:29 -------- d-----w- C:\Users\HousePC\AppData\Local\umkvwevn
2012-09-16 03:07:28 95576 --s---w- C:\Users\HousePC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dscihece.exe
2012-09-15 18:42:54 -------- d-----w- C:\Users\HousePC\AppData\Local\{D123DE3B-2953-44F9-B7BD-CEAD1DF6516D}
2012-09-14 22:28:45 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-09-14 22:28:45 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2012-09-14 22:28:44 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-09-14 22:28:43 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-14 22:28:42 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-09-14 22:28:41 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-09-14 22:28:41 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-13 15:04:42 -------- d-----w- C:\Users\HousePC\AppData\Local\{15443F7C-3411-4207-9DAB-6902B4C82706}
2012-09-13 03:08:20 -------- d-----w- C:\Users\HousePC\AppData\Roaming\Sony Online Entertainment
2012-09-13 01:23:54 -------- d-----w- C:\Users\HousePC\AppData\Local\SCE
2012-09-12 14:45:28 -------- d-----w- C:\Users\HousePC\AppData\Local\{52C20FBC-00E2-497A-B042-B71033755392}
2012-09-12 14:31:05 -------- d-----w- C:\ProgramData\7531CCA91881015F6476D5DFF875F002
2012-09-11 22:37:50 -------- d-----w- C:\Users\HousePC\AppData\Roaming\Vauruh
2012-09-11 22:37:50 -------- d-----w- C:\Users\HousePC\AppData\Roaming\Herefi
2012-09-10 16:53:29 -------- d-----w- C:\Program Files (x86)\Rockstar Games
2012-09-09 21:21:10 -------- d-----w- C:\ProgramData\Firefly Studios
2012-09-09 21:20:41 -------- d-----w- C:\Program Files (x86)\GameSpy Arcade
2012-09-09 18:22:46 -------- d-----w- C:\Fraps
2012-09-06 15:25:15 -------- d-----w- C:\Program Files\CyberGhost VPN
2012-09-04 12:45:34 -------- d-----w- C:\Users\HousePC\AppData\Local\LogMeIn Rescue Applet
2012-09-03 17:11:16 -------- d-----w- C:\Program Files (x86)\Microsoft XNA
2012-09-03 16:40:34 -------- d-----w- C:\Users\HousePC\AppData\Local\Turbine
2012-09-01 16:40:47 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-08-30 13:46:46 71680 ----a-w- C:\Windows\System32\frapsv64.dll
2012-08-30 13:46:44 65536 ----a-w- C:\Windows\SysWow64\frapsvid.dll
2012-08-29 18:11:40 -------- d-----w- C:\Users\HousePC\AppData\Local\ShellShock_Enterprises
2012-08-26 19:52:55 -------- d-----w- C:\Users\HousePC\AppData\Local\{9125DA0A-F078-476B-B396-0B07960492DD}
2012-08-26 18:57:00 -------- d-----w- C:\Users\HousePC\AppData\Local\{01FB5684-3E1D-43E7-8736-D05719E68454}
2012-08-26 18:56:16 -------- d-----w- C:\Users\HousePC\AppData\Local\GameSpy
2012-08-25 14:46:54 -------- d-----w- C:\Users\HousePC\AppData\Roaming\Black Sea Studios
2012-08-24 23:01:44 -------- d-----w- C:\Users\HousePC\AppData\Local\ApplicationHistory
2012-08-24 22:58:11 -------- d-----w- C:\.jagex_cache_32
2012-08-24 10:50:03 -------- d-----w- C:\Users\HousePC\AppData\Local\FalloutNV
2012-08-22 23:27:50 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2012-08-22 11:07:29 -------- d-----w- C:\Users\HousePC\AppData\Roaming\Helios
2012-08-22 11:07:04 -------- d-----w- C:\Program Files (x86)\TextPad 6
2012-08-22 10:40:19 -------- d-----w- C:\Windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2012-08-22 10:23:06 -------- d-----w- C:\Program Files (x86)\Mass Effect 2
2012-08-22 10:23:06 -------- d-----w- C:\Program Files (x86)\Common Files\BioWare
2012-08-21 23:04:52 -------- d-----w- C:\Users\HousePC\AppData\Local\My Games
2012-08-21 21:20:05 -------- d-----w- C:\Program Files (x86)\2K Games
2012-08-21 21:18:47 -------- d-----w- C:\Windows\SysWow64\URTTEMP
.
==================== Find3M ====================
.
2012-09-16 07:30:58 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-09-16 07:30:58 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-08-15 15:37:22 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 15:37:22 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-15 15:37:16 9826504 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-10 02:48:18 41704 ----a-w- C:\Windows\System32\drivers\hssdrv6.sys
2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-26 17:53:50 281152 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-06-26 17:53:50 281152 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-06-26 17:36:26 10256384 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-06-26 17:32:02 24827392 ----a-w- C:\Windows\System32\atio6axx.dll
2012-06-26 17:01:56 20466176 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-06-26 16:28:30 163840 ----a-w- C:\Windows\System32\atiapfxx.exe
2012-06-26 16:28:20 930304 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-06-26 16:26:22 1101312 ----a-w- C:\Windows\System32\aticfx64.dll
2012-06-26 16:22:48 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2012-06-26 16:22:44 532992 ----a-w- C:\Windows\System32\atieclxx.exe
2012-06-26 16:21:54 239616 ----a-w- C:\Windows\System32\atiesrxx.exe
2012-06-26 16:20:30 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-06-26 16:20:14 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-06-26 16:20:10 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-06-26 16:20:02 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-06-26 16:19:16 6380032 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-06-26 16:17:50 70144 ----a-w- C:\Windows\System32\coinst_8.981.2.dll
2012-06-26 16:02:04 6998016 ----a-w- C:\Windows\System32\atidxx64.dll
2012-06-26 15:44:06 4254208 ----a-w- C:\Windows\System32\atiumd6a.dll
2012-06-26 15:43:36 5530112 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-06-26 15:40:32 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-06-26 15:40:30 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-06-26 15:40:24 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2012-06-26 15:40:22 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-06-26 15:40:10 15703040 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-06-26 15:36:16 4734976 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-06-26 15:35:58 13277696 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-06-26 15:33:54 6674432 ----a-w- C:\Windows\System32\atiumd64.dll
2012-06-26 15:22:58 539136 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-06-26 15:22:48 368640 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-06-26 15:22:34 17920 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-06-26 15:22:30 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-06-26 15:22:30 14848 ----a-w- C:\Windows\System32\atiglpxx.dll
2012-06-26 15:22:26 41984 ----a-w- C:\Windows\System32\atig6txx.dll
2012-06-26 15:22:18 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-06-26 15:22:10 367616 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2012-06-26 15:21:12 55296 ----a-w- C:\Windows\System32\atiuxp64.dll
2012-06-26 15:21:04 42496 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-06-26 15:20:56 45056 ----a-w- C:\Windows\System32\atiu9p64.dll
2012-06-26 15:20:48 32768 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-06-26 15:20:02 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2012-06-26 15:18:08 56320 ----a-w- C:\Windows\System32\atimpc64.dll
2012-06-26 15:18:08 56320 ----a-w- C:\Windows\System32\amdpcom64.dll
2012-06-26 15:18:04 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-06-26 15:18:04 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2012-06-26 11:41:18 187392 ----a-w- C:\Windows\System32\clinfo.exe
2012-06-26 11:41:04 75264 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-06-26 11:40:58 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-06-26 11:40:52 63488 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-06-26 11:40:48 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-06-26 11:40:40 16457728 ----a-w- C:\Windows\System32\amdocl64.dll
2012-06-26 11:39:56 13008896 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-06-26 11:39:10 54784 ----a-w- C:\Windows\System32\OpenCL.dll
2012-06-26 11:39:04 50176 ----a-w- C:\Windows\SysWow64\OpenCL.dll
.
============= FINISH: 18:23:02.27 ===============

DDS LOG

#5 MagiX110

MagiX110

    New Member

  • Members
  • Pip
  • 6 posts

Posted 20 September 2012 - 12:27 PM

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 19/04/2012 15:30:30
System Uptime: 20/09/2012 17:34:49 (1 hours ago)
.
Motherboard: Dell Inc. | | 0GDG8Y
Processor: Intel® Core™ i3-2120 CPU @ 3.30GHz | CPU 1 | 3292/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 667.589 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
==== System Restore Points ===================
.
RP129: 20/09/2012 13:48:51 - Windows Backup
RP130: 20/09/2012 13:50:57 - Windows Backup
RP131: 20/09/2012 14:29:55 - Windows Backup
RP132: 20/09/2012 14:34:15 - Windows Backup
.
==== Installed Programs ======================
.
"The last Kingdom"
Adobe AIR
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop CS6
Adobe Reader X (10.1.4) MUI
Adobe Shockwave Player 11.6
AIM for Windows
Apple Application Support
Apple Software Update
Assassin's Creed Revelations
Battlefield 2™
Battlefield 3™
Battlelog Web Plugins
Blio
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Company of Heroes
Contrôle ActiveX Windows Live Mesh pour connexions à distance
Counter-Strike: Global Offensive
CyberLink PowerDVD 9.5
D3DX10
Dead Rising 2
Dell DataSafe Online
Dell MusicStage
Dell PhotoStage
Dell Stage
Dell VideoStage
DirectX 9 Runtime
DivX Setup
Dual-Core Optimizer
ESN Sonar
Fallout: New Vegas
Fraps
Galerie de photos Windows Live
GameSpy Comrade
Google Earth
Google Update Helper
HiJackThis
Hitman: Blood Money
Hotspot Shield 2.67
InterActual Player
Java 7 Update 7
Java Auto Updater
Junk Mail filter update
Killing Floor
King Arthur - The Role-playing Wargame
Knights of Honor
L.A. Noire
League of Legends
LIMBO
Magicka
Malwarebytes Anti-Malware version 1.65.0.1400
Mass Effect 2
Mass Effect™ 3
McAfee SecurityCenter
McAfee Virtual Technician
Medieval II: Total War
Medieval II: Total War Kingdoms
Mesh Runtime
Microsoft .NET Framework 1.1
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 3.1
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
Mount & Blade: Warband
Mount & Blade: With Fire and Sword
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Multiplayer Monopoly Online Game
NVIDIA PhysX
Origin
Pando Media Booster
PDF Settings CS6
PhotoShowExpress
Pirates of the Burning Sea
PlayReady PC Runtime x86
Rockstar Games Social Club
Rome: Total War Gold Edition
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
ShortKeys 3
Sid Meier's Civilization 4 Complete
SimSolar v2.0
Skype™ 5.10
Sonic CinePlayer Decoder Pack
Spybot - Search & Destroy
Steam
Stronghold
Stronghold 2
Stronghold Crusader + Extreme
Stronghold Legends
swMSM
System Requirements Lab CYRI
TeamSpeak 3 Client
TextPad 6
The Lord of the Rings Online™
The Lord of the Rings Online™ v03.07.01.8015
The Ship
Third Age - Total War 3.0 (Part 1of2)
Third Age - Total War 3.0 (Part 2of2)
Tom Clancy's H.A.W.X. 2
Tom Clancy's Rainbow Six 3: Gold Edition
Tom Clancy's Rainbow Six: Vegas
Total War: SHOGUN 2
Trine 2
Ubisoft Game Launcher
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
VC80CRTRedist - 8.0.50727.6195
Ventrilo Client
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalerie
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.20 (32-bit)
Xfire (remove only)
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
Zinio Reader 4
.
==== Event Viewer Messages From Past Week ========
.
20/09/2012 18:05:23, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
20/09/2012 17:49:29, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {395633B1-EED9-4DFC-B67F-9788B51C9F06}
20/09/2012 17:39:20, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
20/09/2012 17:35:28, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
20/09/2012 17:35:28, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
20/09/2012 17:35:28, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
20/09/2012 17:35:26, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
20/09/2012 17:35:20, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
20/09/2012 17:35:18, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache SASDIFSV SASKUTIL spldr Wanarpv6
20/09/2012 17:35:10, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
20/09/2012 13:41:10, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
18/09/2012 03:28:14, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
16/09/2012 19:37:07, Error: Service Control Manager [7022] - The McAfee VirusScan Announcer service hung on starting.
16/09/2012 19:34:34, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the mcmscsvc service.
16/09/2012 19:33:55, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
16/09/2012 19:29:58, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.
16/09/2012 19:29:58, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
16/09/2012 19:19:05, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
16/09/2012 13:13:17, Error: Service Control Manager [7031] - The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
16/09/2012 13:08:17, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
16/09/2012 13:08:17, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
16/09/2012 08:37:15, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6
16/09/2012 07:11:35, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
16/09/2012 07:10:54, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..
16/09/2012 07:06:03, Error: Application Popup [1060] - \??\C:\Users\HousePC\AppData\Local\Temp\kedshbxq.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
16/09/2012 07:04:51, Error: Service Control Manager [7001] - The SBSD Security Center Service service depends on the Security Center service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
16/09/2012 07:04:51, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
16/09/2012 06:52:39, Error: Service Control Manager [7024] - The Power service terminated with service-specific error The operation completed successfully..
16/09/2012 06:52:35, Error: Service Control Manager [7023] -
16/09/2012 06:52:33, Error: Service Control Manager [7038] - The PolicyAgent service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
16/09/2012 06:52:33, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The service did not start due to a logon failure.
16/09/2012 06:52:33, Error: Microsoft-Windows-Directory-Services-SAM [12291] - SAM failed to start the TCP/IP or SPX/IPX listening thread
16/09/2012 06:16:31, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: The system cannot find the file specified.
16/09/2012 06:16:31, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
16/09/2012 06:16:31, Error: Service Control Manager [7000] - The TCP/IP Protocol Driver service failed to start due to the following error: The system cannot find the file specified.
16/09/2012 06:15:49, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-2147014846
16/09/2012 06:15:14, Error: Service Control Manager [7034] - The Hotspot Shield Monitoring Service service terminated unexpectedly. It has done this 1 time(s).
16/09/2012 06:14:59, Error: Service Control Manager [7001] - The Windows Media Player Network Sharing Service service depends on the HTTP service which failed to start because of the following error: The system cannot find the file specified.
16/09/2012 06:14:59, Error: Service Control Manager [7000] - The HTTP service failed to start due to the following error: The system cannot find the file specified.
16/09/2012 06:14:53, Error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error %%-2147014846.
16/09/2012 06:14:53, Error: Microsoft-Windows-Bits-Client [16392] - The BITS service failed to start. Error 0x80072742.
16/09/2012 06:13:22, Error: Service Control Manager [7023] - The DHCP Client service terminated with the following error: Element not found.
16/09/2012 06:13:22, Error: Microsoft-Windows-DHCPv6-Client [1004] - Error occurred in stopping the Dhcpv6 client service. ErrorCode is 0x32.ShutDown Flag value is 0.
16/09/2012 06:13:22, Error: Microsoft-Windows-Dhcp-Client [1004] - Error occurred in stopping the Dhcpv4 Client service. Error code is 0x490. ShutDown Flag value is 0
16/09/2012 06:13:21, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
16/09/2012 06:12:53, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: mfewfpk Psched Tcpip Wanarpv6 WfpLwf
16/09/2012 06:12:51, Error: Service Control Manager [7023] - The Server service terminated with the following error: The request is not supported.
16/09/2012 06:12:42, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
16/09/2012 06:12:40, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
16/09/2012 06:12:40, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start.
16/09/2012 06:12:40, Error: Service Control Manager [7001] - The IP Helper service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
16/09/2012 06:12:40, Error: Service Control Manager [7001] - The IKE and AuthIP IPsec Keying Modules service depends on the Base Filtering Engine service which failed to start because of the following error: The system cannot find the file specified.
16/09/2012 06:12:39, Error: Service Control Manager [7023] - The Base Filtering Engine service terminated with the following error: The system cannot find the file specified.
16/09/2012 06:12:39, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Base Filtering Engine service which failed to start because of the following error: The system cannot find the file specified.
16/09/2012 06:12:39, Error: Service Control Manager [7001] - The Print Spooler service depends on the HTTP service which failed to start because of the following error: The system cannot find the file specified.
16/09/2012 06:12:39, Error: Service Control Manager [7001] - The Function Discovery Resource Publication service depends on the HTTP service which failed to start because of the following error: The system cannot find the file specified.
16/09/2012 06:12:39, Error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
16/09/2012 06:12:39, Error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
16/09/2012 06:12:39, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: The system cannot find the file specified.
16/09/2012 06:00:05, Error: Service Control Manager [7031] - The Hotspot Shield Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
15/09/2012 16:44:36, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.
.
==== End Of File ===========================

ATTACH LOG

#6 MagiX110

MagiX110

    New Member

  • Members
  • Pip
  • 6 posts

Posted 20 September 2012 - 12:30 PM

RogueKiller V8.0.4 [09/19/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode with network support
User : HousePC [Admin rights]
Mode : Scan -- Date : 09/20/2012 18:29:09
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 9 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : DscIhece (C:\Users\HousePC\AppData\Local\umkvwevn\dscihece.exe) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-3599475045-2592845502-126183622-1000[...]\Run : DscIhece (C:\Users\HousePC\AppData\Local\umkvwevn\dscihece.exe) -> FOUND
[STARTUP][SUSP PATH] dscihece.exe @HousePC : C:\Users\HousePC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dscihece.exe -> FOUND
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$c2b00cb4dd03ee471e951501606c1771\U --> FOUND
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-3599475045-2592845502-126183622-1000\$c2b00cb4dd03ee471e951501606c1771\U --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-18\$c2b00cb4dd03ee471e951501606c1771\L --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-3599475045-2592845502-126183622-1000\$c2b00cb4dd03ee471e951501606c1771\L --> FOUND
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST31000524AS ATA Device +++++
--- User ---
[MBR] 2edc0ff9c67fb79551bbf300a137fc64
[BSP] 89db72b057502aab5700853c8127b0c9 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 750 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1617920 | Size: 953078 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt

ROGUEKILLER LOG

#7 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,237 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 20 September 2012 - 02:24 PM

Here you go......

Your computer is infected with a nasty rootkit. Please read the following information first.

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall
http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.

Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.


-----------------------------------------

Please make sure system restore is running and create a new restore point before continuing!

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

How to tell > 32 or 64 bit

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
services.exe
[*]Now press the Search button
[*]When the search is complete, search.txt will also be written to your USB
[*]Type exit and reboot the computer normally
[*]Please copy and paste both logs in your reply.(FRST.txt and Search.txt)[/list]
MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#8 MagiX110

MagiX110

    New Member

  • Members
  • Pip
  • 6 posts

Posted 20 September 2012 - 02:42 PM

hey and thanks for your help, just with that first post you have helped me, this is how to delete this malware :

1. in task manager delete the process, when windows command processor keeps popping up, close that too.
2. scan using Hijackthis and delete the syswow64 process.
3. run Roguekiller and then delete the "zeroaccess" malware it detects.

This should fix the problem, whomever has the windows command processor virus, however its not guranteed clean, but to assure you are clean from anything, run CCleaner 35 guttermen passes and also renable your security afterwards.


even though you stated not to delete it, it seems to have worked, but ofcourse some part of the rootkit can remain, all i can do is hope for the best, this seems like a possible fix.

thanks again for your help.

#9 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 21 September 2012 - 01:20 PM

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users