It's Cyber Monday - fantastic 70% discount

Buy Now

Limited time offer:

03

Days

/

00

Hrs

/

04

Min

/

04

Sec

Constant AVG notifications of threats, even after they have been "taken care of"

Posted 4/28/2013 7:41 PM
#95519
User avatar

Landonech Valued member

Date Joined Nov 2016
Total Posts: 13
The ever-annoying AVG has been giving me multiple warnings and notices of threats. I choose to let AVG take care of them, and even after the threat has been "successfully removed" they keep popping back up, sometimes after a restarts, other times when the computer is still running in the same session. Obviously, it's likely I will have to remove a number of things manually, as AVG is too weak to figure it out, and/or the infection (whatever it may be) is too malicious. <br/> <br/>Hopefully someone can help me! This forum has been a miracle in the past. Your time is much appreciated. <br/> <br/>Logfile of Trend Micro HijackThis v2.0.4 <br/>Scan saved at 12:36:40 PM, on 4/28/2013 <br/>Platform: Windows 7 SP1 (WinNT 6.00.3505) <br/>MSIE: Internet Explorer v8.00 (8.00.7601.17514) <br/>Boot mode: Normal <br/> <br/>Running processes: <br/>C:\Program Files (x86)\CenturyLink\Desktop\CenturyLinkTouchPointAgent.exe <br/>C:\Program Files\iTunes\iTunesHelper.exe <br/>C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe <br/>C:\Program Files (x86)\AVG\AVG2013\avgui.exe <br/>C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe <br/>C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe <br/>C:\Program Files (x86)\Mozilla Firefox\firefox.exe <br/>C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe <br/>C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe <br/> <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={6CADFB77-9452-11E2-BE8B-0026B911C204} <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm <br/>R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = <br/>R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file) <br/>F2 - REG:system.ini: UserInit=userinit.exe, <br/>O2 - BHO: Dell Toolbar - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll <br/>O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll <br/>O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (file missing) <br/>O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll <br/>O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file) <br/>O2 - BHO: WeCareReminder - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll <br/>O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll <br/>O3 - Toolbar: Dell Toolbar - {09B71986-2AC5-482d-B6CB-42EA34F4F85B} - C:\Program Files\Dell Printable Web\toolband.dll <br/>O3 - Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file) <br/>O4 - HKLM\..\Run: [CenturyLinkTouchPointAgent] "C:\Program Files (x86)\CenturyLink\Desktop\CenturyLinkTouchPointAgent.exe" /autostart <br/>O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" <br/>O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" <br/>O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" <br/>O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY <br/>O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe" <br/>O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') <br/>O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') <br/>O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') <br/>O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') <br/>O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 <br/>O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll <br/>O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll <br/>O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL <br/>O9 - Extra button: (no name) - {6ED0A312-78F5-493C-A90C-5DAF321D0BF8} - C:\ProgramData\WeCareReminder\IEMenuItem.dll (HKCU) <br/>O9 - Extra 'Tools' menuitem: We-Care Add-on - {6ED0A312-78F5-493C-A90C-5DAF321D0BF8} - C:\ProgramData\WeCareReminder\IEMenuItem.dll (HKCU) <br/>O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - <br/>O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (file missing) <br/>O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll <br/>O20 - AppInit_DLLs: c:\progra~3\browse~1\23796~1.11\{16cdf~1\browse~1.dll <br/>O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing) <br/>O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe <br/>O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe <br/>O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) <br/>O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) <br/>O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe <br/>O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe <br/>O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe <br/>O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe <br/>O23 - Service: dleaCATSCustConnectService - Unknown owner - C:\Windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe <br/>O23 - Service: dlea_device - - C:\Windows\system32\dleacoms.exe <br/>O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) <br/>O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) <br/>O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe <br/>O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe <br/>O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe <br/>O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) <br/>O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe <br/>O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) <br/>O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) <br/>O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) <br/>O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) <br/>O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) <br/>O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) <br/>O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) <br/>O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) <br/>O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe <br/>O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) <br/>O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) <br/>O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) <br/>O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) <br/>O23 - Service: vToolbarUpdater14.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe <br/>O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) <br/>O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) <br/>O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) <br/>O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) <br/> <br/>-- <br/>End of file - 9881 bytes
Posted 4/29/2013 9:16 AM
#95522
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Hi http://download.bleepingcomputer.com/sUBs/ComboFix.exe <br/> <br/> And save to the desktop. <br/> <br/><font face="Times New Roman"><span lang="DA">  <br/> <br/><font face="Arial"><span lang="EN-GB">After the download is complete, perform the following tasks before using the ComboFix tool to scan your PC: <br/> <br/>Exit all windows that are currently open on your computer. <br/> <br/>To prevent interference, temporarily disable your antivirus, antispyware, firewall and other security tools that may be running on your computer. <br/> <br/></font><span lang="DA"> <br/> <br/><span lang="X-NONE">  <br/> <br/><span lang="EN-GB">Double-click on the combofix icon found on your desktop. <br/> <br/>  <br/> <br/><b>Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete. <br/> <br/></b> <br/> <br/> When finished, it will produce a logfile located at C:\combofix.txt. <br/> <br/>  <br/> <br/> <br/> <br/>Post the contents of that log in your next reply <br/> <br/><span lang="DA"> <br/> <br/><span lang="X-NONE">The logs will be reasonably large so you may have to divide them into sections and make several posts to post them. <br/> <br/> <br/> <br/> <br/></font>

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 5/1/2013 5:56 AM
#95544
User avatar

Landonech Valued member

Date Joined Nov 2016
Total Posts: 13
ComboFix 13-04-29.01 - Jobie 04/30/2013 22:16:06.1.2 - x64 <br/>Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.2416 [GMT -7:00] <br/>Running from: c:\users\Jobie\Downloads\ComboFix.exe <br/>AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} <br/>SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} <br/>SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} <br/>. <br/>. <br/>((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>c:\windows\assembly\GAC_32\Desktop.ini <br/>c:\windows\assembly\GAC_64\Desktop.ini <br/>c:\windows\Installer\{58e0aeff-2d03-8293-e470-ddbaa1d80523}\@ <br/>c:\windows\Installer\{58e0aeff-2d03-8293-e470-ddbaa1d80523}\L\00000004.@ <br/>c:\windows\Installer\{58e0aeff-2d03-8293-e470-ddbaa1d80523}\L\201d3dde <br/>c:\windows\Installer\{58e0aeff-2d03-8293-e470-ddbaa1d80523}\L\6715e287 <br/>c:\windows\Installer\{58e0aeff-2d03-8293-e470-ddbaa1d80523}\L\76603ac3 <br/>c:\windows\Installer\{58e0aeff-2d03-8293-e470-ddbaa1d80523}\U\00000004.@ <br/>c:\windows\Installer\{58e0aeff-2d03-8293-e470-ddbaa1d80523}\U\00000004.@_1366556788.arl <br/>c:\windows\Installer\{58e0aeff-2d03-8293-e470-ddbaa1d80523}\U\00000008.@ <br/>c:\windows\Installer\{58e0aeff-2d03-8293-e470-ddbaa1d80523}\U\000000cb.@ <br/>c:\windows\Installer\{58e0aeff-2d03-8293-e470-ddbaa1d80523}\U\80000000.@ <br/>c:\windows\Installer\{58e0aeff-2d03-8293-e470-ddbaa1d80523}\U\80000032.@ <br/>c:\windows\Installer\{58e0aeff-2d03-8293-e470-ddbaa1d80523}\U\80000064.@ <br/>. <br/>c:\windows\system32\services.exe . . . is infected!! <br/>. <br/>. <br/>((((((((((((((((((((((((( Files Created from 2013-04-01 to 2013-05-01 ))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>2013-05-01 05:28 . 2013-05-01 05:28 -------- d-----w- c:\users\Default\AppData\Local\temp <br/>2013-05-01 04:47 . 2013-05-01 04:51 -------- d-----w- c:\users\Jobie\AppData\Local\Avg2013 <br/>2013-04-28 19:27 . 2013-04-28 19:27 388096 ----a-r- c:\users\Jobie\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe <br/>2013-04-28 19:27 . 2013-04-28 19:27 -------- dc----w- c:\program files (x86)\Trend Micro <br/>2013-04-07 20:54 . 2013-04-07 20:54 -------- d-----w- c:\users\Jobie\AppData\Roaming\Malwarebytes <br/>2013-04-07 20:53 . 2013-04-07 20:53 -------- d-----w- c:\programdata\Malwarebytes <br/>2013-04-07 20:53 . 2013-04-13 02:40 -------- dc----w- c:\program files (x86)\Malwarebytes' Anti-Malware <br/>2013-04-07 20:53 . 2013-04-04 21:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys <br/>. <br/>. <br/>. <br/>(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>2013-04-13 21:30 . 2012-04-13 02:38 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe <br/>2013-04-13 21:30 . 2011-05-20 06:49 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl <br/>2013-03-27 08:02 . 2013-03-27 08:02 224256 ----a-w- c:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dll <br/>2013-03-19 17:40 . 2013-03-19 17:40 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll <br/>2013-03-19 17:40 . 2012-06-26 22:52 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll <br/>2013-03-19 17:40 . 2012-06-26 22:52 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll <br/>2013-03-13 09:46 . 2011-05-13 19:51 72013344 ----a-w- c:\windows\system32\MRT.exe <br/>2013-02-28 13:57 . 2013-03-13 04:35 1188864 ----a-w- c:\windows\system32\wininet.dll <br/>2013-02-28 13:57 . 2013-03-13 04:35 1493504 ----a-w- c:\windows\system32\urlmon.dll <br/>2013-02-28 13:57 . 2013-03-13 04:35 134144 ----a-w- c:\windows\system32\url.dll <br/>2013-02-28 13:57 . 2013-03-13 04:35 9061376 ----a-w- c:\windows\system32\mshtml.dll <br/>2013-02-28 13:57 . 2013-03-13 04:35 735744 ----a-w- c:\windows\system32\msfeeds.dll <br/>2013-02-28 13:57 . 2013-03-13 04:35 97792 ----a-w- c:\windows\system32\mshtmled.dll <br/>2013-02-28 13:57 . 2013-03-13 04:35 12296192 ----a-w- c:\windows\system32\ieframe.dll <br/>2013-02-28 13:57 . 2013-03-13 04:35 2458112 ----a-w- c:\windows\system32\iertutil.dll <br/>2013-02-28 13:57 . 2013-03-13 04:35 65024 ----a-w- c:\windows\system32\jsproxy.dll <br/>2013-02-28 13:57 . 2013-03-13 04:35 247808 ----a-w- c:\windows\system32\ieui.dll <br/>2013-02-28 13:37 . 2013-03-13 04:35 981504 ----a-w- c:\windows\SysWow64\wininet.dll <br/>2013-02-28 12:03 . 2013-03-13 04:35 1638912 ----a-w- c:\windows\system32\mshtml.tlb <br/>2013-02-28 11:38 . 2013-03-13 04:35 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb <br/>2013-02-12 05:45 . 2013-03-13 04:35 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll <br/>2013-02-12 05:45 . 2013-03-13 04:35 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll <br/>2013-02-12 05:45 . 2013-03-13 04:35 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll <br/>2013-02-12 05:45 . 2013-03-13 04:35 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll <br/>2013-02-12 04:48 . 2013-03-13 04:35 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll <br/>2013-02-12 04:48 . 2013-03-13 04:35 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll <br/>2013-02-12 04:12 . 2013-03-18 02:21 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys <br/>. <br/>. <br/>------- Sigcheck ------- <br/>Note: Unsigned files aren't necessarily malware. <br/>. <br/>[-] 2009-07-14 . 50BEA589F7D7958BDD2528A8F69D05CC . 329216 . . [6.1.7600.16385] .. c:\windows\system32\services.exe <br/>. <br/>((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>*Note* empty entries & legit default entries are not shown <br/>REGEDIT4 <br/>. <br/>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0MediaIconsOerlay] <br/>@="{1EC23CFF-4C58-458f-924C-8519AEF61B32}" <br/>[HKEY_CLASSES_ROOT\CLSID\{1EC23CFF-4C58-458f-924C-8519AEF61B32}] <br/>2013-03-27 08:02 224256 ----a-w- c:\programdata\Microsoft\Media Tools\MediaIconsOverlays.dll <br/>. <br/>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] <br/>@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" <br/>[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] <br/>2012-11-13 23:32 129272 ----a-w- c:\users\Jobie\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll <br/>. <br/>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] <br/>@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" <br/>[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] <br/>2012-11-13 23:32 129272 ----a-w- c:\users\Jobie\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll <br/>. <br/>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] <br/>@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" <br/>[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] <br/>2012-11-13 23:32 129272 ----a-w- c:\users\Jobie\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] <br/>"CenturyLinkTouchPointAgent"="c:\program files (x86)\CenturyLink\Desktop\CenturyLinkTouchPointAgent.exe" [2012-05-17 46760] <br/>"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720] <br/>"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392] <br/>"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] <br/>"ConsentPromptBehaviorAdmin"= 5 (0x5) <br/>"ConsentPromptBehaviorUser"= 3 (0x3) <br/>"EnableUIADesktopToggle"= 0 (0x0) <br/>. <br/>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] <br/>"LoadAppInit_DLLs"=1 (0x1) <br/>. <br/>R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] <br/>R2 dleaCATSCustConnectService;dleaCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe [2010-04-01 40448] <br/>R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] <br/>R3 TASCAM_US2000;TASCAM US-2000 Audio Device driver;c:\windows\system32\Drivers\tus2000u.sys [2010-06-19 408128] <br/>R3 TASCAM_US2000_WDM;TASCAM US-2000 WDM;c:\windows\system32\drivers\tus2000a.sys [2010-06-19 50240] <br/>R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] <br/>R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784] <br/>R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-19 1255736] <br/>R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-07 14464] <br/>S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280] <br/>S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 203264] <br/>S2 dlea_device;dlea_device;c:\windows\system32\dleacoms.exe [2009-12-09 1047552] <br/>S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704] <br/>S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-01-14 283200] <br/>S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-10 270848] <br/>. <br/>. <br/>Contents of the 'Scheduled Tasks' folder <br/>. <br/>2013-05-01 c:\windows\Tasks\Adobe Flash Player Updater.job <br/>- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 21:30] <br/>. <br/>2013-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job <br/>- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-02 04:33] <br/>. <br/>2013-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job <br/>- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-02 04:33] <br/>. <br/>2013-01-23 c:\windows\Tasks\ROC_REG_JAN_DELETE.job <br/>- c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-22 21:16] <br/>. <br/>. <br/>--------- X64 Entries ----------- <br/>. <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] <br/>@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" <br/>[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] <br/>2012-11-13 23:32 162552 ----a-w- c:\users\Jobie\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] <br/>@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" <br/>[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] <br/>2012-11-13 23:32 162552 ----a-w- c:\users\Jobie\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] <br/>@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" <br/>[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] <br/>2012-11-13 23:32 162552 ----a-w- c:\users\Jobie\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] <br/>@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" <br/>[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] <br/>2012-11-13 23:32 162552 ----a-w- c:\users\Jobie\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll <br/>. <br/>------- Supplementary Scan ------- <br/>. <br/>uLocal Page = c:\windows\system32\blank.htm <br/>uStart Page = hxxp://www.google.com/ <br/>mStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={6CADFB77-9452-11E2-BE8B-0026B911C204} <br/>mLocal Page = c:\windows\SysWOW64\blank.htm <br/>uInternet Settings,ProxyOverride = *.local <br/>IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 <br/>LSP: mswsock.dll <br/>TCP: DhcpNameServer = 192.168.0.1 205.171.2.25 <br/>FF - ProfilePath - c:\users\Jobie\AppData\Roaming\Mozilla\Firefox\Profiles\e165bewp.default\ <br/>FF - user.js: extensions.claro.tlbrSrchUrl - <br/>FF - user.js: extensions.claro.id - 0ec9a87a000000000000904ce53b63de <br/>FF - user.js: extensions.claro.appId - {C3110516-8EFC-49D6-8B72-69354F332062} <br/>FF - user.js: extensions.claro.instlDay - 15658 <br/>FF - user.js: extensions.claro.vrsn - 1.8.3.10 <br/>FF - user.js: extensions.claro.vrsni - 1.8.3.10 <br/>FF - user.js: extensions.claro_i.vrsnTs - 1.8.3.1021:28 <br/>FF - user.js: extensions.claro.prtnrId - claro <br/>FF - user.js: extensions.claro.prdct - claro <br/>FF - user.js: extensions.claro.aflt - babsst <br/>FF - user.js: extensions.claro_i.smplGrp - none <br/>FF - user.js: extensions.claro.tlbrId - claro <br/>FF - user.js: extensions.claro.instlRef - sst <br/>FF - user.js: extensions.claro.dfltLng - en <br/>FF - user.js: extensions.claro.excTlbr - false <br/>FF - user.js: extensions.claro.admin - false <br/>FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=0ec9a87a000000000000904ce53b63de&q= <br/>FF - user.js: extensions.BabylonToolbar.id - 0ec9a87a000000000000904ce53b63de <br/>FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB} <br/>FF - user.js: extensions.BabylonToolbar.instlDay - 15658 <br/>FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.3.8 <br/>FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.3.8 <br/>FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.3.822:12 <br/>FF - user.js: extensions.BabylonToolbar.prtnrId - babylon <br/>FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar <br/>FF - user.js: extensions.BabylonToolbar.aflt - babsst <br/>FF - user.js: extensions.BabylonToolbar_i.smplGrp - none <br/>FF - user.js: extensions.BabylonToolbar.tlbrId - base <br/>FF - user.js: extensions.BabylonToolbar.instlRef - sst <br/>FF - user.js: extensions.BabylonToolbar.dfltLng - en <br/>FF - user.js: extensions.BabylonToolbar.excTlbr - false <br/>FF - user.js: extensions.BabylonToolbar.admin - false <br/>. <br/>- - - - ORPHANS REMOVED - - - - <br/>. <br/>URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file) <br/>AddRemove-OJOsoft Total Video Converter_is1 - e:\ojosoft total video converter cracked\OJOsoft Total Video Converter\unins000.exe <br/>. <br/>. <br/>. <br/>--------------------- LOCKED REGISTRY KEYS --------------------- <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] <br/>@Denied: (A 2) (Everyone) <br/>@="FlashBroker" <br/>"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] <br/>"Enabled"=dword:00000001 <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] <br/>@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] <br/>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] <br/>@Denied: (A 2) (Everyone) <br/>@="IFlashBroker5" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] <br/>@="{00020424-0000-0000-C000-000000000046}" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] <br/>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" <br/>"Version"="1.0" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] <br/>@Denied: (A 2) (Everyone) <br/>@="FlashBroker" <br/>"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] <br/>"Enabled"=dword:00000001 <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] <br/>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] <br/>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] <br/>@Denied: (A 2) (Everyone) <br/>@="Shockwave Flash Object" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] <br/>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" <br/>"ThreadingModel"="Apartment" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] <br/>@="0" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] <br/>@="ShockwaveFlash.ShockwaveFlash.11" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] <br/>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] <br/>@="{D27CDB6B-AE6D-11cf-96B8-444553540000}" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] <br/>@="1.0" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] <br/>@="ShockwaveFlash.ShockwaveFlash" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] <br/>@Denied: (A 2) (Everyone) <br/>@="Macromedia Flash Factory Object" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] <br/>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" <br/>"ThreadingModel"="Apartment" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] <br/>@="FlashFactory.FlashFactory.1" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] <br/>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] <br/>@="{D27CDB6B-AE6D-11cf-96B8-444553540000}" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] <br/>@="1.0" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] <br/>@="FlashFactory.FlashFactory" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] <br/>@Denied: (A 2) (Everyone) <br/>@="IFlashBroker5" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] <br/>@="{00020424-0000-0000-C000-000000000046}" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] <br/>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" <br/>"Version"="1.0" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*] <br/>@="?????????????????? v1" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID] <br/>@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*] <br/>@="?????????????????? v2" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID] <br/>@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip] <br/>"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, <br/> 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\ <br/>. <br/>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] <br/>@Denied: (Full) (Everyone) <br/>. <br/>------------------------ Other Running Processes ------------------------ <br/>. <br/>c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe <br/>c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe <br/>. <br/>************************************************************************** <br/>. <br/>Completion time: 2013-04-30 22:39:47 - machine was rebooted <br/>ComboFix-quarantined-files.txt 2013-05-01 05:39 <br/>. <br/>Pre-Run: 18,972,512,256 bytes free <br/>Post-Run: 22,971,846,656 bytes free <br/>. <br/>- - End Of File - - 22821E6432EB656D9C8081CF99E8A3F9
Posted 5/1/2013 8:43 AM
#95545
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Looks like you´ve got a rootkit.</div> <br/> <br/>Please download Farbar Recovery Scan Tool <br/> <br/>32 bit Windows: <br/>http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ <br/>Save it to desktop <br/> <br/>Or <br/> <br/>64 bit Windows: <br/>http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ <br/> <br/>Save it to desktop <br/> <br/>When Farbar Recovery Scan Tool is started, click Scan. <br/>Frst will let you know when the scan is finished, and has written FRST.txt to file, then close this message, then type the following in the search box: <br/>services.exe <br/>Press the search button <br/>When the search is complete, the search.txt also written to your desktop <br/> <br/> <br/>Copy and paste both logs in your reply. (FRST.txt and Search.txt)

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Saturday, December 3, 2016, 6:44 PM (GMT +1)
There are a total of 61,160 posts in 13,449 threads.
In the last 3 days there were 3 new threads and 4 reply posts.

Who's online

This forum has 37,968 registered members. Please welcome our newest member, Old shape.
There are currently no users on-line.