SpyWare BeWare! ASAP
June 25, 2017, 02:12:29 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News:
 
   Home   Help Search Calendar Donations Login Register Chat  



Google It!
Pages: [1] 2   Go Down
  Print  
Author Topic: attacked by Worm:Win32/Gamarue.gen!lnk  (Read 2868 times)
0 Members and 1 Guest are viewing this topic.
Ashleshy
Jr. Member
**
Offline Offline

Gender: Female
Date Registered:May 16, 2007, 07:29:21 AM
Posts: 90


« on: October 06, 2013, 11:48:07 AM »

My system is infected by "Worm:Win32/Gamarue.gen!lnk" virus...I wanted to transfer some stuff via USB to another laptop (with MS Security essentials installed)...Microsoft Security Essentials on my other laptop showed detecting "Win32/Gamarue.gen!lnk" on the USB so i removed it, still unable to view contents on the flash drive...the USB does show data on it but i am unable to see it...

So I want to clean my infected system , which have no anti virus on it at the moment, and also the USB drive, how can I view the contents again?

The other laptop with Security Essentials looks clean to me

I am running Windows 7 Home Basic 32 bit on the infected system

Here are the logs

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16686
Run by hp at 21:35:54 on 2013-10-06
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2998.1778 [GMT 5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\IDT\WDM\STacSV.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\Hpservice.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\IDT\WDM\aestsrv.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.facebook.com/
uWindows: Load = c:\users\hp\locals~1\temp\msncya.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1 192.168.0.1
TCP: Interfaces\{F3001683-7C70-49FE-B225-D77A9CFF6FF1} : DHCPNameServer = 192.168.1.1 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\hp\appdata\roaming\mozilla\firefox\profiles\gswe47ia.default\
FF - prefs.js: browser.startup.homepage - www.facebook.com
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_168.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;c:\windows\system32\drivers\iaStorA.sys [2013-9-28 526392]
R0 iaStorF;iaStorF;c:\windows\system32\drivers\iaStorF.sys [2013-9-28 25656]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys [2013-9-28 16440]
R2 AESTFilters;Andrea ST Filters Service;c:\program files\idt\wdm\AEstSrv.exe [2013-10-6 81920]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2013-9-28 27968]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k6232.sys [2013-9-28 388264]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2013-9-28 44800]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2013-9-28 132480]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2013-9-28 270336]
R3 NETwNs32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\Netwsn00.sys [2013-9-28 10383360]
R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [2013-9-28 49152]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-9-5 171680]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-21 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 27264]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2013-9-28 1343400]
.
=============== Created Last 30 ================
.
2013-10-06 16:22:30   70656   ----a-w-   c:\windows\system32\fontsub.dll
2013-10-06 16:22:30   34304   ----a-w-   c:\windows\system32\atmlib.dll
2013-10-06 16:22:30   295424   ----a-w-   c:\windows\system32\atmfd.dll
2013-10-06 15:55:30   9728   ----a-w-   c:\windows\system32\Wdfres.dll
2013-10-06 15:55:30   526952   ----a-w-   c:\windows\system32\drivers\Wdf01000.sys
2013-10-06 15:55:30   47720   ----a-w-   c:\windows\system32\drivers\WdfLdr.sys
2013-10-06 15:54:44   73216   ----a-w-   c:\windows\system32\WUDFSvc.dll
2013-10-06 15:54:44   66560   ----a-w-   c:\windows\system32\drivers\WUDFPf.sys
2013-10-06 15:54:44   613888   ----a-w-   c:\windows\system32\WUDFx.dll
2013-10-06 15:54:44   38912   ----a-w-   c:\windows\system32\WUDFCoinstaller.dll
2013-10-06 15:54:44   196608   ----a-w-   c:\windows\system32\WUDFHost.exe
2013-10-06 15:54:44   172032   ----a-w-   c:\windows\system32\WUDFPlatform.dll
2013-10-06 15:54:44   155136   ----a-w-   c:\windows\system32\drivers\WUDFRd.sys
2013-10-06 15:54:01   5120   ----a-w-   c:\windows\system32\wmi.dll
2013-10-06 15:54:01   19824   ----a-w-   c:\windows\system32\drivers\fs_rec.sys
2013-10-06 15:54:01   159232   ----a-w-   c:\windows\system32\imagehlp.dll
2013-10-06 15:43:24   --------   d-----w-   c:\windows\system32\MRT
2013-10-06 15:38:40   9728   ---ha-w-   c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-10-06 15:37:36   1505280   ----a-w-   c:\windows\system32\d3d11.dll
2013-10-06 15:14:17   317440   ----a-w-   c:\windows\system32\spoolsv.exe
2013-10-06 15:14:15   1211752   ----a-w-   c:\windows\system32\drivers\ntfs.sys
2013-10-06 15:14:12   652800   ----a-w-   c:\windows\system32\rpcrt4.dll
2013-10-06 15:14:12   626688   ----a-w-   c:\windows\system32\usp10.dll
2013-10-06 15:14:11   712048   ----a-w-   c:\windows\system32\drivers\ndis.sys
2013-10-06 15:14:11   33280   ----a-w-   c:\windows\system32\drivers\RNDISMP.sys
2013-10-06 15:14:10   175104   ----a-w-   c:\windows\system32\wintrust.dll
2013-10-06 15:14:10   140288   ----a-w-   c:\windows\system32\cryptsvc.dll
2013-10-06 15:14:10   1166848   ----a-w-   c:\windows\system32\crypt32.dll
2013-10-06 15:14:10   103936   ----a-w-   c:\windows\system32\cryptnet.dll
2013-10-06 15:11:36   311808   ----a-w-   c:\windows\system32\drivers\srv.sys
2013-10-06 15:11:36   310272   ----a-w-   c:\windows\system32\drivers\srv2.sys
2013-10-06 15:11:36   114688   ----a-w-   c:\windows\system32\drivers\srvnet.sys
2013-10-06 15:11:33   338944   ----a-w-   c:\windows\system32\drivers\afd.sys
2013-10-06 15:11:33   15872   ----a-w-   c:\windows\system32\drivers\usb8023.sys
2013-10-06 15:11:16   376832   ----a-w-   c:\windows\system32\dpnet.dll
2013-10-06 15:11:16   31232   ----a-w-   c:\windows\system32\prevhost.exe
2013-10-06 13:04:51   196328   ----a-w-   c:\windows\system32\drivers\fvevol.sys
2013-10-06 13:04:10   708608   ----a-w-   c:\program files\common files\system\wab32.dll
2013-10-06 13:04:10   28672   ----a-w-   c:\windows\system32\dnscacheugc.exe
2013-10-06 13:04:10   132608   ----a-w-   c:\windows\system32\dnsrslvr.dll
2013-10-06 13:02:25   36864   ----a-w-   c:\windows\system32\tsgqec.dll
2013-10-06 13:02:25   3217408   ----a-w-   c:\windows\system32\mstscax.dll
2013-10-06 13:02:25   131584   ----a-w-   c:\windows\system32\aaclient.dll
2013-10-06 13:02:22   741376   ----a-w-   c:\windows\system32\inetcomm.dll
2013-10-06 13:02:22   492544   ----a-w-   c:\windows\system32\win32spl.dll
2013-10-06 13:02:22   1389568   ----a-w-   c:\windows\system32\msxml6.dll
2013-10-06 13:02:21   903168   ----a-w-   c:\windows\system32\certutil.exe
2013-10-06 13:02:20   43008   ----a-w-   c:\windows\system32\certenc.dll
2013-10-06 13:01:55   52224   ----a-w-   c:\windows\system32\nlaapi.dll
2013-10-06 13:01:55   499712   ----a-w-   c:\windows\system32\iphlpsvc.dll
2013-10-06 13:01:55   35328   ----a-w-   c:\windows\system32\drivers\tcpipreg.sys
2013-10-06 13:01:55   242176   ----a-w-   c:\windows\system32\nlasvc.dll
2013-10-06 13:01:55   18944   ----a-w-   c:\windows\system32\netevent.dll
2013-10-06 13:01:55   175104   ----a-w-   c:\windows\system32\netcorehc.dll
2013-10-06 13:01:55   156672   ----a-w-   c:\windows\system32\ncsi.dll
2013-10-06 13:00:39   67072   ----a-w-   c:\windows\system32\packager.dll
2013-10-06 13:00:25   86528   ----a-w-   c:\windows\system32\SearchFilterHost.exe
2013-10-06 13:00:25   666624   ----a-w-   c:\windows\system32\mssvp.dll
2013-10-06 13:00:25   59392   ----a-w-   c:\windows\system32\msscntrs.dll
2013-10-06 13:00:25   427520   ----a-w-   c:\windows\system32\SearchIndexer.exe
2013-10-06 13:00:25   337408   ----a-w-   c:\windows\system32\mssph.dll
2013-10-06 13:00:25   197120   ----a-w-   c:\windows\system32\mssphtb.dll
2013-10-06 13:00:25   164352   ----a-w-   c:\windows\system32\SearchProtocolHost.exe
2013-10-06 13:00:25   1549312   ----a-w-   c:\windows\system32\tquery.dll
2013-10-06 13:00:25   1401344   ----a-w-   c:\windows\system32\mssrch.dll
2013-10-06 12:58:39   514560   ----a-w-   c:\windows\system32\qdvd.dll
2013-10-06 12:58:39   1328128   ----a-w-   c:\windows\system32\quartz.dll
2013-10-06 12:57:41   542208   ----a-w-   c:\windows\system32\kerberos.dll
2013-10-06 12:57:37   2616320   ----a-w-   c:\windows\explorer.exe
2013-10-06 12:57:30   2342400   ----a-w-   c:\windows\system32\msi.dll
2013-10-06 12:57:27   988672   ----a-w-   c:\program files\windows journal\JNTFiltr.dll
2013-10-06 12:57:27   969216   ----a-w-   c:\program files\windows journal\JNWDRV.dll
2013-10-06 12:57:27   936448   ----a-w-   c:\program files\common files\microsoft shared\ink\journal.dll
2013-10-06 12:57:27   1221632   ----a-w-   c:\program files\windows journal\NBDoc.DLL
2013-10-06 12:47:00   44032   ----a-w-   c:\windows\system32\dhcpcsvc6.dll
2013-10-06 12:47:00   193536   ----a-w-   c:\windows\system32\dhcpcore6.dll
2013-10-06 12:15:31   826880   ----a-w-   c:\windows\system32\rdpcore.dll
2013-10-06 12:15:31   24576   ----a-w-   c:\windows\system32\drivers\tdtcp.sys
2013-10-06 01:32:33   71048   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-06 01:32:33   692616   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2013-10-06 01:10:00   --------   d-sh--w-   c:\windows\Installer
2013-10-06 01:05:03   --------   d-----w-   c:\users\hp\appdata\local\Google
2013-10-06 01:04:33   --------   d-----w-   c:\users\hp\appdata\local\Deployment
2013-10-06 01:04:33   --------   d-----w-   c:\users\hp\appdata\local\Apps
2013-10-06 01:01:48   7328304   ----a-w-   c:\programdata\microsoft\windows defender\definition updates\{de3e5e23-3938-470c-aba5-24df360c5489}\mpengine.dll
2013-10-06 01:01:44   238872   ------w-   c:\windows\system32\MpSigStub.exe
2013-10-06 00:22:01   2422272   ----a-w-   c:\windows\system32\wucltux.dll
2013-10-06 00:21:56   88576   ----a-w-   c:\windows\system32\wudriver.dll
2013-10-06 00:21:50   33792   ----a-w-   c:\windows\system32\wuapp.exe
2013-10-06 00:21:50   171904   ----a-w-   c:\windows\system32\wuwebv.dll
2013-10-05 22:58:20   --------   d-----w-   C:\Drivers
2013-10-05 22:56:17   86016   ----a-w-   c:\windows\system32\AESTCom.dll
2013-10-05 22:56:17   61440   ----a-w-   c:\windows\system32\aestaren.dll
2013-10-05 22:56:17   495708   ----a-w-   c:\windows\sttray.exe
2013-10-05 22:56:17   380928   ----a-w-   c:\windows\system32\aestecap.dll
2013-10-05 22:56:17   1953792   ----a-w-   c:\windows\system32\stlang.dll
2013-10-05 22:56:17   140288   ----a-w-   c:\windows\system32\aestacap.dll
2013-10-05 22:56:17   12705884   ----a-w-   c:\windows\system32\idtcpl.cpl
2013-10-05 22:56:13   179712   ----a-w-   c:\windows\system32\staco.dll
2013-10-05 22:55:48   934912   ----a-w-   c:\windows\system32\stapo.dll
2013-10-05 22:55:48   531968   ------w-   c:\windows\system32\stapi32.dll
2013-10-05 22:55:48   431616   ----a-w-   c:\windows\system32\drivers\stwrt.sys
2013-10-05 22:55:48   405504   ----a-w-   c:\windows\system32\stcplx.dll
2013-10-05 22:55:45   --------   d-----w-   c:\program files\IDT
2013-10-05 22:55:40   --------   d-----w-   C:\SWSetup
2013-10-05 22:50:50   --------   d-----w-   c:\users\hp\appdata\local\ElevatedDiagnostics
2013-10-05 13:50:22   --------   d-----r-   c:\program files\Skype
2013-10-05 11:52:18   --------   d-----w-   c:\users\hp\appdata\local\Macromedia
2013-10-05 11:44:53   --------   d-----w-   c:\users\hp\appdata\local\Adobe
2013-09-28 09:10:39   --------   d-----w-   c:\windows\Panther
2013-09-28 08:41:56   --------   d-----w-   c:\users\hp\appdata\roaming\{869EE0AC-9F81-4D49-81EA-C21890B3CCC9}
2013-09-28 08:41:47   --------   d-----w-   c:\users\hp\appdata\roaming\{74865409-33C7-4D66-B1BE-5AF1BAA53947}
2013-09-28 08:41:39   --------   d-----w-   C:\Temp
2013-09-28 08:32:58   81920   ----a-w-   c:\windows\system32\igfxCoIn_v2827.dll
2013-09-28 08:31:56   37696   ----a-w-   c:\windows\system32\drivers\Accelerometer.sys
2013-09-28 08:30:42   44800   ----a-w-   c:\windows\system32\drivers\ifxtpm.sys
2013-09-28 08:30:42   41088   ----a-w-   c:\windows\system32\drivers\HECI.sys
2013-09-28 08:30:42   132480   ----a-w-   c:\windows\system32\drivers\Impcd.sys
2013-09-28 08:30:10   49152   ----a-w-   c:\windows\system32\drivers\rismc32.sys
2013-09-28 08:30:10   48128   ----a-w-   c:\windows\system32\drivers\rimmptsk.sys
2013-09-28 08:30:10   46592   ----a-w-   c:\windows\system32\drivers\risdptsk.sys
2013-09-28 08:30:03   37344   ----a-w-   c:\windows\system32\drivers\btcusb.sys
2013-09-28 08:30:03   20192   ----a-w-   c:\windows\system32\btinstall.dll
2013-09-28 08:28:20   --------   d-----w-   c:\windows\system32\wbem\framework\root\OpenHardwareMonitor
2013-09-28 08:28:20   --------   d-----w-   c:\windows\system32\wbem\framework\root
2013-09-28 08:28:20   --------   d-----w-   c:\windows\system32\wbem\Framework
2013-09-28 08:16:22   --------   d-----w-   c:\windows\system32\Wat
2013-09-28 08:15:52   --------   d-sh--w-   C:\Recovery
.
==================== Find3M  ====================
.
2013-10-06 15:38:40   906240   ----a-w-   c:\windows\system32\FntCache.dll
2013-09-28 08:16:33   409088   ----a-w-   c:\windows\system32\systemcpl.dll
2013-09-28 08:16:33   13824   ----a-w-   c:\windows\system32\slwga.dll
2013-09-28 08:16:32   811520   ----a-w-   c:\windows\system32\user32.dll
2013-08-08 01:03:07   2348544   ----a-w-   c:\windows\system32\win32k.sys
2013-08-05 01:56:47   133056   ----a-w-   c:\windows\system32\drivers\ataport.sys
2013-08-02 01:50:36   169984   ----a-w-   c:\windows\system32\winsrv.dll
2013-08-02 01:49:19   293376   ----a-w-   c:\windows\system32\KernelBase.dll
2013-08-02 00:52:57   271360   ----a-w-   c:\windows\system32\conhost.exe
2013-08-02 00:43:05   6144   ---ha-w-   c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05   4608   ---ha-w-   c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05   3584   ---ha-w-   c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05   3072   ---ha-w-   c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-07-25 08:57:27   1620992   ----a-w-   c:\windows\system32\WMVDECOD.DLL
2013-07-19 01:41:01   2048   ----a-w-   c:\windows\system32\tzres.dll
2013-07-09 05:03:34   3968960   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2013-07-09 05:03:34   3913664   ----a-w-   c:\windows\system32\ntoskrnl.exe
2013-07-09 04:53:46   1289096   ----a-w-   c:\windows\system32\ntdll.dll
.
============= FINISH: 21:36:16.26 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 9/28/2013 1:16:36 PM
System Uptime: 10/6/2013 9:27:48 PM (0 hours ago)
.
Motherboard: Hewlett-Packard |  | 172A
Processor: Intel(R) Core(TM) i5 CPU       M 520  @ 2.40GHz | CPU 1 | 2400/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 216.469 GiB free.
D: is CDROM ()
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP3: 9/28/2013 1:16:08 PM - Windows Update
RP4: 9/28/2013 1:29:54 PM - DriverPack Solution 12.12
RP5: 9/28/2013 1:31:41 PM - Device Driver Package Install: LSI Modems
RP9: 10/6/2013 3:56:30 AM - Installed IDT Audio
RP6: 10/6/2013 5:21:38 AM - Windows Update
RP7: 10/6/2013 6:01:33 AM - Windows Update
RP10: 10/6/2013 5:59:02 PM - Windows Update
RP11: 10/6/2013 8:36:25 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
IDT Audio
Intel(R) Network Connections Drivers
Intel(R) Processor Graphics
LSI HDA Modem
Mozilla Firefox 24.0 (x86 en-US)
Mozilla Maintenance Service
Skype™ 6.9
.
==== Event Viewer Messages From Past Week ========
.
10/6/2013 9:31:41 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 (KB2834140).
10/6/2013 9:31:41 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 (KB2703157).
10/6/2013 9:31:41 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Internet Explorer 8 Compatibility View List for Windows 7 (KB2598845).
10/6/2013 9:08:56 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x8024200d: Security Update for Windows 7 (KB2835361).
10/6/2013 8:25:40 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk2\DR2.
10/6/2013 8:11:04 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 (KB2798162).
10/6/2013 8:11:04 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Cumulative Security Update for ActiveX Killbits for Windows 7 (KB2820197).
10/6/2013 8:01:08 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 (KB2863058).
10/6/2013 8:01:08 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 (KB2786081).
10/6/2013 8:01:08 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 (KB2763523).
10/6/2013 8:01:08 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 (KB2640148).
10/6/2013 8:01:08 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 (KB2541014).
10/6/2013 8:01:08 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 (KB2872339).
10/6/2013 8:01:08 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 (KB2861855).
10/6/2013 8:01:08 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 (KB2847927).
10/6/2013 8:01:08 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 (KB2834886).
10/6/2013 8:01:08 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 (KB2712808).
10/6/2013 8:01:08 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 (KB2691442).
10/6/2013 8:01:08 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 (KB2511455).
10/6/2013 8:01:08 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 (KB2506212).
10/6/2013 8:01:08 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2833946).
10/6/2013 8:01:08 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2736422).
10/6/2013 8:01:07 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 (KB2868116).
10/6/2013 8:01:07 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 (KB2853952).
10/6/2013 8:01:07 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 (KB2773072).
10/6/2013 8:01:07 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 (KB2718704).
10/6/2013 8:01:07 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 (KB2709630).
10/6/2013 8:01:07 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 (KB2699779).
10/6/2013 8:01:07 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 (KB2515325).
10/6/2013 8:01:07 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for User-Mode Driver Framework version 1.11 for Windows 7 (KB2685813).
10/6/2013 8:01:07 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Kernel-Mode Driver Framework version 1.11 for Windows 7 (KB2685811).
10/6/2013 8:01:07 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 (KB2876315).
10/6/2013 8:01:07 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 (KB2835364).
10/6/2013 8:01:07 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 (KB2830290).
10/6/2013 8:01:07 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 (KB2785220).
10/6/2013 8:01:07 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 (KB2753842).
10/6/2013 8:01:07 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 (KB2743555).
10/6/2013 8:01:07 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 (KB2727528).
10/6/2013 8:01:07 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 (KB2690533).
10/6/2013 8:01:07 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 (KB2667402).
10/6/2013 8:01:07 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 (KB2654428).
10/6/2013 8:01:07 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 (KB2653956).
10/6/2013 8:01:07 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 (KB2631813).
10/6/2013 8:01:07 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 (KB2621440).
10/6/2013 8:01:07 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 (KB2585542).
10/6/2013 8:01:07 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 (KB2570947).
10/6/2013 8:01:07 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Windows 7 (KB2560656).
10/6/2013 8:01:07 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2840631).
10/6/2013 8:01:07 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2742599).
10/6/2013 8:01:07 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2656356).
10/6/2013 8:01:07 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Microsoft Browser Choice Screen Update for EEA Users of Windows 7  (KB976002).
10/6/2013 8:01:07 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800705b4: Cumulative Security Update for ActiveX Killbits for Windows 7 (KB2618451).
10/6/2013 8:00:26 PM, Error: Service Control Manager [7023]  -
10/6/2013 6:04:02 AM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk2\DR6.
10/6/2013 5:54:45 AM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk2\DR5.
10/6/2013 5:53:56 AM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk2\DR4.
10/6/2013 5:31:35 AM, Error: Microsoft-Windows-Time-Service [34]  - The time service has detected that the system time needs to be  changed by -54053 seconds. The time service will not change the system time by more than 54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->65.55.56.206:123) is working properly.
10/6/2013 5:22:25 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x8024d00e: Windows Update Core.
10/6/2013 3:34:41 AM, Error: Tcpip [4199]  - The system detected an address conflict for IP address 192.168.0.100 with the system having network hardware address 30-7C-30-1B-7B-C9. Network operations on this system may be disrupted as a result.
10/4/2013 4:27:47 AM, Error: pcmcia [9]  - The PCMCIA controller encountered an error powering up the inserted device.
.
==== End Of File ===========================
Logged
melboy
Moderator
Hero Member
*****
Offline Offline

Date Registered:April 02, 2009, 02:56:03 AM
Posts: 756



« Reply #1 on: October 06, 2013, 12:34:32 PM »

Hi and welcome back to the SWBW forums.  Smiley

I'm melboy and I am going to try to help you with your problem. Please take note of the following:

  • I will be working on your Malware issues this may or may not solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • If you don't know or understand something, please don't hesitate to ask.
  • Please refrain from making any further changes to your computer (Install/Uninstall programs, delete files, edit the registry, etc...)
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • It is important that you reply to this thread. Do not start a new topic.
  • DO NOT attach logs unless requested to. Please copy/paste all requested logs into your replies.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Absence of symptoms does not mean that everything is clear.
.

IMPORTANT: Please take time to read this topic where the Forum Guidelines are explained.

NOTE: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.


No Reply Within 3 Days Will Result In Your Topic Being Closed!! If you need more time, please inform me.


==================================


aswMBR

Download aswMBR and save it to your Desktop.

  • Right click aswMBR.exe & choose "Run as Administrator" to run it.
  • Click Yes to the prompt to download Avast! virus definitions.
    (Please be patient whilst the virus definitions download)
  • With the AVscan set to Quick Scan, click the Scan button.
    (Please be patient whilst your computer is scanned.)
  • When the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
  • Click OK
  • Two files will be created, aswMBR.txt & a file named MBR.dat
  • NOTE: Do not click to fix anything at this stage!
  • Click EXIT.
  • Copy & Paste the contents of aswMBR.txt into your next reply.
.



Logged

Ashleshy
Jr. Member
**
Offline Offline

Gender: Female
Date Registered:May 16, 2007, 07:29:21 AM
Posts: 90


« Reply #2 on: October 06, 2013, 03:01:16 PM »

Initially while in middle of the scan, blue window appeared which said that windows has encountered an error and my system restarted...so I ran the scan again and here is the log

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-10-07 00:53:24
-----------------------------
00:53:24.912    OS Version: Windows 6.1.7601 Service Pack 1
00:53:24.912    Number of processors: 4 586 0x2502
00:53:24.912    ComputerName: HP-PC  UserName: hp
00:53:25.629    Initialize success
00:53:39.997    AVAST engine defs: 13100601
00:53:42.992    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006e
00:53:42.992    Disk 0 Vendor: ATA_____ 0C__ Size: 238475MB BusType: 11
00:53:42.992    Disk 1  \Device\Harddisk1\DR1 -> \Device\00000076
00:53:43.008    Disk 1 Vendor: RICOH 01 Size: 238475MB BusType: 0
00:53:43.101    Disk 0 MBR read successfully
00:53:43.117    Disk 0 MBR scan
00:53:43.117    Disk 0 Windows 7 default MBR code
00:53:43.148    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
00:53:43.148    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       238373 MB offset 206848
00:53:43.164    Disk 0 scanning sectors +488394752
00:53:43.242    Disk 0 scanning C:\Windows\system32\drivers
00:53:49.887    Service scanning
00:54:40.291    Modules scanning
00:54:50.057    Module: C:\Windows\System32\user32.dll  **SUSPICIOUS**
00:54:51.133    Disk 0 trace - called modules:
00:54:51.149    ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys halmacpi.dll iaStorF.sys storport.sys iaStorA.sys
00:54:51.149    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87e06030]
00:54:51.164    3 CLASSPNP.SYS[8b79859e] -> nt!IofCallDriver -> [0x87e06610]
00:54:51.164    5 hpdskflt.sys[8b80a0fe] -> nt!IofCallDriver -> [0x87e06d78]
00:54:51.164    7 iaStorF.sys[8b9f37ee] -> nt!IofCallDriver -> \Device\0000006e[0x860ddb60]
00:54:51.929    AVAST engine scan C:\Windows
00:54:53.473    AVAST engine scan C:\Windows\system32
00:56:59.318    AVAST engine scan C:\Windows\system32\drivers
00:57:17.117    AVAST engine scan C:\Users\hp
00:58:34.369    File: C:\Users\hp\Desktop\Camera.exe  **INFECTED** Win32:Virtu-B
00:58:35.554    AVAST engine scan C:\ProgramData
00:58:41.997    Scan finished successfully
00:58:56.942    Disk 0 MBR has been saved successfully to "C:\Users\hp\Desktop\MBR.dat"
00:58:56.942    The log file has been saved successfully to "C:\Users\hp\Desktop\aswMBR.txt"


Logged
melboy
Moderator
Hero Member
*****
Offline Offline

Date Registered:April 02, 2009, 02:56:03 AM
Posts: 756



« Reply #3 on: October 06, 2013, 04:25:19 PM »

ComboFix (by sUBs)

Please visit this webpage for instructions for downloading and running ComboFix:
Bleeping Computer ComboFix Tutorial

  • You must download it to and run it from your Desktop
  • Now STOP all your security applications (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
    For instructions on how to disable your security programs, please see this topic:
    How to disable your security applications

  • Double click combofix.exe & follow the prompts.
  • Combofix may automatically reboot your computer. (possibly more than once). 
  • When finished, it will produce a log.  Please post the contents of that log in your next reply
  • It can also be found at C:\combofix.txt
  • Re-enable all the programs that were disabled during the running of ComboFix.
.
NOTE: This tool is not for everyday use. ComboFix SHOULD NOT be used unless requested by a forum helper.
Logged

Ashleshy
Jr. Member
**
Offline Offline

Gender: Female
Date Registered:May 16, 2007, 07:29:21 AM
Posts: 90


« Reply #4 on: October 06, 2013, 04:41:09 PM »

Combo Fix log

ComboFix 13-10-04.02 - hp 10/07/2013   2:33.1.4 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2998.1711 [GMT 5:00]
Running from: c:\users\hp\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-09-06 to 2013-10-06  )))))))))))))))))))))))))))))))
.
.
2013-10-06 21:36 . 2013-10-06 21:36   --------   d-----w-   c:\users\Default\AppData\Local\temp
2013-10-06 16:35 . 2013-04-09 23:34   1247744   ----a-w-   c:\windows\system32\DWrite.dll
2013-10-06 16:22 . 2012-12-16 14:13   295424   ----a-w-   c:\windows\system32\atmfd.dll
2013-10-06 16:22 . 2012-12-16 14:13   34304   ----a-w-   c:\windows\system32\atmlib.dll
2013-10-06 16:22 . 2010-09-30 06:47   70656   ----a-w-   c:\windows\system32\fontsub.dll
2013-10-06 15:55 . 2012-07-26 03:39   526952   ----a-w-   c:\windows\system32\drivers\Wdf01000.sys
2013-10-06 15:55 . 2012-07-26 03:39   47720   ----a-w-   c:\windows\system32\drivers\WdfLdr.sys
2013-10-06 15:55 . 2012-07-26 02:46   9728   ----a-w-   c:\windows\system32\Wdfres.dll
2013-10-06 15:54 . 2012-07-26 03:21   196608   ----a-w-   c:\windows\system32\WUDFHost.exe
2013-10-06 15:54 . 2012-07-26 03:20   73216   ----a-w-   c:\windows\system32\WUDFSvc.dll
2013-10-06 15:54 . 2012-07-26 03:20   613888   ----a-w-   c:\windows\system32\WUDFx.dll
2013-10-06 15:54 . 2012-07-26 03:20   38912   ----a-w-   c:\windows\system32\WUDFCoinstaller.dll
2013-10-06 15:54 . 2012-07-26 03:20   172032   ----a-w-   c:\windows\system32\WUDFPlatform.dll
2013-10-06 15:54 . 2012-07-26 02:33   66560   ----a-w-   c:\windows\system32\drivers\WUDFPf.sys
2013-10-06 15:54 . 2012-07-26 02:32   155136   ----a-w-   c:\windows\system32\drivers\WUDFRd.sys
2013-10-06 15:54 . 2012-03-01 05:46   19824   ----a-w-   c:\windows\system32\drivers\fs_rec.sys
2013-10-06 15:54 . 2012-03-01 05:33   159232   ----a-w-   c:\windows\system32\imagehlp.dll
2013-10-06 15:54 . 2012-03-01 05:29   5120   ----a-w-   c:\windows\system32\wmi.dll
2013-10-06 15:43 . 2013-10-06 15:43   --------   d-----w-   c:\windows\system32\MRT
2013-10-06 15:38 . 2013-10-06 15:38   9728   ---ha-w-   c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-10-06 15:37 . 2013-10-06 15:37   1505280   ----a-w-   c:\windows\system32\d3d11.dll
2013-10-06 15:14 . 2012-02-11 05:37   317440   ----a-w-   c:\windows\system32\spoolsv.exe
2013-10-06 15:14 . 2013-04-12 13:45   1211752   ----a-w-   c:\windows\system32\drivers\ntfs.sys
2013-10-06 15:14 . 2013-07-09 04:50   652800   ----a-w-   c:\windows\system32\rpcrt4.dll
2013-10-06 15:14 . 2012-11-22 04:45   626688   ----a-w-   c:\windows\system32\usp10.dll
2013-10-06 15:14 . 2012-08-22 17:16   712048   ----a-w-   c:\windows\system32\drivers\ndis.sys
2013-10-06 15:14 . 2012-07-04 19:45   33280   ----a-w-   c:\windows\system32\drivers\RNDISMP.sys
2013-10-06 15:14 . 2013-07-09 04:52   175104   ----a-w-   c:\windows\system32\wintrust.dll
2013-10-06 15:14 . 2013-07-09 04:46   140288   ----a-w-   c:\windows\system32\cryptsvc.dll
2013-10-06 15:14 . 2013-07-09 04:46   1166848   ----a-w-   c:\windows\system32\crypt32.dll
2013-10-06 15:14 . 2013-07-09 04:46   103936   ----a-w-   c:\windows\system32\cryptnet.dll
2013-10-06 15:11 . 2011-04-29 02:46   311808   ----a-w-   c:\windows\system32\drivers\srv.sys
2013-10-06 15:11 . 2011-04-29 02:46   310272   ----a-w-   c:\windows\system32\drivers\srv2.sys
2013-10-06 15:11 . 2011-04-29 02:46   114688   ----a-w-   c:\windows\system32\drivers\srvnet.sys
2013-10-06 15:11 . 2013-02-12 03:32   15872   ----a-w-   c:\windows\system32\drivers\usb8023.sys
2013-10-06 15:11 . 2011-04-25 02:18   338944   ----a-w-   c:\windows\system32\drivers\afd.sys
2013-10-06 15:11 . 2012-11-02 05:11   376832   ----a-w-   c:\windows\system32\dpnet.dll
2013-10-06 15:11 . 2011-02-18 05:39   31232   ----a-w-   c:\windows\system32\prevhost.exe
2013-10-06 13:04 . 2013-01-24 04:47   196328   ----a-w-   c:\windows\system32\drivers\fvevol.sys
2013-10-06 13:04 . 2011-10-01 04:37   708608   ----a-w-   c:\program files\Common Files\System\wab32.dll
2013-10-06 13:04 . 2011-03-03 05:38   132608   ----a-w-   c:\windows\system32\dnsrslvr.dll
2013-10-06 13:04 . 2011-03-03 05:36   28672   ----a-w-   c:\windows\system32\dnscacheugc.exe
2013-10-06 13:02 . 2013-02-15 04:37   3217408   ----a-w-   c:\windows\system32\mstscax.dll
2013-10-06 13:02 . 2013-02-15 04:34   131584   ----a-w-   c:\windows\system32\aaclient.dll
2013-10-06 13:02 . 2013-02-15 03:25   36864   ----a-w-   c:\windows\system32\tsgqec.dll
2013-10-06 13:02 . 2013-04-26 04:55   492544   ----a-w-   c:\windows\system32\win32spl.dll
2013-10-06 13:02 . 2012-11-01 04:47   1389568   ----a-w-   c:\windows\system32\msxml6.dll
2013-10-06 13:02 . 2011-05-03 04:30   741376   ----a-w-   c:\windows\system32\inetcomm.dll
2013-10-06 13:02 . 2013-05-13 03:08   903168   ----a-w-   c:\windows\system32\certutil.exe
2013-10-06 13:02 . 2013-05-13 03:08   43008   ----a-w-   c:\windows\system32\certenc.dll
2013-10-06 13:01 . 2012-10-03 16:42   52224   ----a-w-   c:\windows\system32\nlaapi.dll
2013-10-06 13:01 . 2012-10-03 16:42   242176   ----a-w-   c:\windows\system32\nlasvc.dll
2013-10-06 13:01 . 2012-10-03 16:42   18944   ----a-w-   c:\windows\system32\netevent.dll
2013-10-06 13:01 . 2012-10-03 16:42   175104   ----a-w-   c:\windows\system32\netcorehc.dll
2013-10-06 13:01 . 2012-10-03 16:42   156672   ----a-w-   c:\windows\system32\ncsi.dll
2013-10-06 13:01 . 2012-10-03 16:40   499712   ----a-w-   c:\windows\system32\iphlpsvc.dll
2013-10-06 13:01 . 2012-10-03 15:21   35328   ----a-w-   c:\windows\system32\drivers\tcpipreg.sys
2013-10-06 13:00 . 2011-11-19 14:01   67072   ----a-w-   c:\windows\system32\packager.dll
2013-10-06 13:00 . 2011-05-04 04:34   1549312   ----a-w-   c:\windows\system32\tquery.dll
2013-10-06 13:00 . 2011-05-04 04:32   666624   ----a-w-   c:\windows\system32\mssvp.dll
2013-10-06 13:00 . 2011-05-04 04:32   337408   ----a-w-   c:\windows\system32\mssph.dll
2013-10-06 13:00 . 2011-05-04 04:32   197120   ----a-w-   c:\windows\system32\mssphtb.dll
2013-10-06 13:00 . 2011-05-04 04:32   1401344   ----a-w-   c:\windows\system32\mssrch.dll
2013-10-06 13:00 . 2011-05-04 04:32   59392   ----a-w-   c:\windows\system32\msscntrs.dll
2013-10-06 13:00 . 2011-05-04 04:28   86528   ----a-w-   c:\windows\system32\SearchFilterHost.exe
2013-10-06 13:00 . 2011-05-04 04:28   427520   ----a-w-   c:\windows\system32\SearchIndexer.exe
2013-10-06 13:00 . 2011-05-04 04:28   164352   ----a-w-   c:\windows\system32\SearchProtocolHost.exe
2013-10-06 12:58 . 2011-10-26 04:32   514560   ----a-w-   c:\windows\system32\qdvd.dll
2013-10-06 12:58 . 2011-10-26 04:32   1328128   ----a-w-   c:\windows\system32\quartz.dll
2013-10-06 12:57 . 2012-08-10 23:56   542208   ----a-w-   c:\windows\system32\kerberos.dll
2013-10-06 12:57 . 2011-02-25 05:30   2616320   ----a-w-   c:\windows\explorer.exe
2013-10-06 12:57 . 2012-04-07 11:26   2342400   ----a-w-   c:\windows\system32\msi.dll
2013-10-06 12:57 . 2013-04-10 05:04   1221632   ----a-w-   c:\program files\Windows Journal\NBDoc.DLL
2013-10-06 12:57 . 2013-04-10 05:03   936448   ----a-w-   c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-10-06 12:57 . 2013-04-10 05:03   988672   ----a-w-   c:\program files\Windows Journal\JNTFiltr.dll
2013-10-06 12:57 . 2013-04-10 05:03   969216   ----a-w-   c:\program files\Windows Journal\JNWDRV.dll
2013-10-06 12:47 . 2012-10-09 17:40   44032   ----a-w-   c:\windows\system32\dhcpcsvc6.dll
2013-10-06 12:47 . 2012-10-09 17:40   193536   ----a-w-   c:\windows\system32\dhcpcore6.dll
2013-10-06 12:15 . 2012-02-17 05:34   826880   ----a-w-   c:\windows\system32\rdpcore.dll
2013-10-06 12:15 . 2012-02-17 04:13   24576   ----a-w-   c:\windows\system32\drivers\tdtcp.sys
2013-10-06 01:32 . 2013-10-05 11:56   71048   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-06 01:32 . 2013-10-05 11:56   692616   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2013-10-06 01:32 . 2013-10-06 01:32   --------   d-----w-   c:\windows\system32\Macromed
2013-10-06 01:10 . 2013-10-05 14:16   --------   d-sh--w-   c:\windows\Installer
2013-10-06 01:05 . 2013-10-05 14:16   --------   d-----w-   c:\program files\Google
2013-10-06 01:01 . 2013-09-16 07:50   7328304   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{DE3E5E23-3938-470C-ABA5-24DF360C5489}\mpengine.dll
2013-10-06 01:01 . 2013-08-07 11:22   238872   ------w-   c:\windows\system32\MpSigStub.exe
2013-10-06 00:22 . 2012-06-02 22:19   53784   ----a-w-   c:\windows\system32\wuauclt.exe
2013-10-06 00:22 . 2012-06-02 22:19   45080   ----a-w-   c:\windows\system32\wups2.dll
2013-10-06 00:22 . 2012-06-02 22:19   1933848   ----a-w-   c:\windows\system32\wuaueng.dll
2013-10-06 00:22 . 2012-06-02 22:12   2422272   ----a-w-   c:\windows\system32\wucltux.dll
2013-10-06 00:21 . 2012-06-02 22:19   35864   ----a-w-   c:\windows\system32\wups.dll
2013-10-06 00:21 . 2012-06-02 22:19   577048   ----a-w-   c:\windows\system32\wuapi.dll
2013-10-06 00:21 . 2012-06-02 22:12   88576   ----a-w-   c:\windows\system32\wudriver.dll
2013-10-06 00:21 . 2012-06-02 22:19   171904   ----a-w-   c:\windows\system32\wuwebv.dll
2013-10-06 00:21 . 2012-06-02 22:12   33792   ----a-w-   c:\windows\system32\wuapp.exe
2013-10-05 22:58 . 2013-10-05 22:58   --------   d-----w-   C:\Drivers
2013-10-05 22:55 . 2013-10-05 22:55   --------   d--h--w-   c:\program files\InstallShield Installation Information
2013-10-05 22:55 . 2013-10-05 22:55   --------   d-----w-   C:\SWSetup
2013-10-05 13:50 . 2013-10-05 13:50   --------   d-----w-   c:\program files\Common Files\Skype
2013-10-05 13:50 . 2013-10-05 13:50   --------   d-----r-   c:\program files\Skype
2013-10-05 13:50 . 2013-10-05 13:50   --------   d-----w-   c:\programdata\Skype
2013-10-05 11:00 . 2013-10-05 11:00   --------   d-----w-   c:\program files\Mozilla Maintenance Service
2013-09-28 09:10 . 2013-09-28 08:16   --------   d-----w-   c:\windows\Panther
2013-09-28 08:41 . 2013-09-28 08:41   --------   d-----w-   C:\Temp
2013-09-28 08:32 . 2012-08-09 22:21   81920   ----a-w-   c:\windows\system32\igfxCoIn_v2827.dll
2013-09-28 08:31 . 2012-09-24 09:40   37696   ----a-w-   c:\windows\system32\drivers\Accelerometer.sys
2013-09-28 08:30 . 2010-02-26 12:31   132480   ----a-w-   c:\windows\system32\drivers\Impcd.sys
2013-09-28 08:30 . 2009-09-18 02:54   41088   ----a-w-   c:\windows\system32\drivers\HECI.sys
2013-09-28 08:30 . 2007-12-18 06:46   44800   ----a-w-   c:\windows\system32\drivers\ifxtpm.sys
2013-09-28 08:30 . 2009-09-23 18:26   46592   ----a-w-   c:\windows\system32\drivers\risdptsk.sys
2013-09-28 08:30 . 2009-09-07 05:00   48128   ----a-w-   c:\windows\system32\drivers\rimmptsk.sys
2013-09-28 08:30 . 2009-07-20 14:05   49152   ----a-w-   c:\windows\system32\drivers\rismc32.sys
2013-09-28 08:30 . 2011-12-27 06:18   20192   ----a-w-   c:\windows\system32\btinstall.dll
2013-09-28 08:30 . 2011-12-27 06:18   37344   ----a-w-   c:\windows\system32\drivers\btcusb.sys
2013-09-28 08:28 . 2013-09-28 08:28   --------   d-----w-   c:\windows\system32\wbem\Framework
2013-09-28 08:17 . 2013-09-28 08:17   --------   d-----w-   c:\users\hp
2013-09-28 08:16 . 2013-09-28 08:16   --------   d-----w-   c:\windows\system32\Wat
2013-09-28 08:15 . 2013-09-28 08:15   --------   d-----w-   C:\Recovery
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-28 08:16 . 2010-11-20 21:29   409088   ----a-w-   c:\windows\system32\systemcpl.dll
2013-09-28 08:16 . 2010-11-20 21:29   13824   ----a-w-   c:\windows\system32\slwga.dll
2013-09-28 08:16 . 2010-11-20 21:29   811520   ----a-w-   c:\windows\system32\user32.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2013-09-28 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-13 142656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-13 177472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-13 177984]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-09-07 495708]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R1 akiqzxqf;akiqzxqf;c:\windows\system32\drivers\akiqzxqf.sys
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-09-05 171680]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-09-28 1343400]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys [2012-11-19 526392]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys [2012-11-19 25656]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-12-04 16440]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2009-03-01 81920]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2012-09-24 27968]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2012-02-02 388264]
S3 IFXTPM;IFXTPM;c:\windows\system32\DRIVERS\IFXTPM.SYS [2007-12-18 44800]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 132480]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-08-23 270336]
S3 NETwNs32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\Netwsn00.sys [2012-09-30 10383360]
S3 rismc32;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismc32.sys [2009-07-20 49152]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-06 11:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
TCP: DhcpNameServer = 192.168.1.1 192.168.0.1
FF - ProfilePath - c:\users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\gswe47ia.default\
FF - prefs.js: browser.startup.homepage - www.facebook.com
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-10-07  02:37:19
ComboFix-quarantined-files.txt  2013-10-06 21:37
.
Pre-Run: 231,875,305,472 bytes free
Post-Run: 232,294,572,032 bytes free
.
- - End Of File - - 9B2C1EC35932FCC15D87F24E86B650BA
A36C5E4F47E84449FF07ED3517B43A31
Logged
Ashleshy
Jr. Member
**
Offline Offline

Gender: Female
Date Registered:May 16, 2007, 07:29:21 AM
Posts: 90


« Reply #5 on: October 08, 2013, 01:34:15 AM »

Anything on this yet?
Logged
melboy
Moderator
Hero Member
*****
Offline Offline

Date Registered:April 02, 2009, 02:56:03 AM
Posts: 756



« Reply #6 on: October 08, 2013, 07:20:20 AM »

Hi

Please try to be patient.

COMBOFIX-Script

A word of warning: Please do not run ComboFix on your own. This tool is not for everyday use.

If combofix prompts you that an update is available, please allow it to update.

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

Code:
http://maddoktor2.com/forums/index.php/topic,65128.msg161949.html#msg161949

Driver::
akiqzxqf

Collect::
c:\windows\system32\drivers\akiqzxqf.sys

DDS::
uWindows: Load = c:\users\hp\locals~1\temp\msncya.exe
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.



  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • If you need help to disable your protection programs see here.
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
  • When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.
.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Logged

Ashleshy
Jr. Member
**
Offline Offline

Gender: Female
Date Registered:May 16, 2007, 07:29:21 AM
Posts: 90


« Reply #7 on: October 08, 2013, 07:40:23 AM »

Thanks  Smiley
Here is the log 

ComboFix 13-10-08.01 - hp 10/08/2013  17:29:45.2.4 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2998.2040 [GMT 5:00]
Running from: c:\users\hp\Desktop\ComboFix.exe
Command switches used :: c:\users\hp\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_akiqzxqf
.
.
(((((((((((((((((((((((((   Files Created from 2013-09-08 to 2013-10-08  )))))))))))))))))))))))))))))))
.
.
2013-10-08 12:33 . 2013-10-08 12:33   --------   d-----w-   c:\users\Default\AppData\Local\temp
2013-10-08 06:56 . 2013-09-16 07:50   7328304   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{62E51F7B-7324-424C-B838-47C1437BDE56}\mpengine.dll
2013-10-07 05:53 . 2012-08-24 17:05   136560   ----a-w-   c:\windows\system32\drivers\ksecpkg.sys
2013-10-07 05:53 . 2012-08-24 17:02   369856   ----a-w-   c:\windows\system32\drivers\cng.sys
2013-10-07 05:53 . 2012-08-24 16:57   247808   ----a-w-   c:\windows\system32\schannel.dll
2013-10-07 05:53 . 2012-08-24 16:56   1039360   ----a-w-   c:\windows\system32\lsasrv.dll
2013-10-07 05:53 . 2012-05-04 09:59   514560   ----a-w-   c:\windows\system32\qdvd.dll
2013-10-06 22:01 . 2013-10-06 22:01   --------   d-----w-   c:\program files\Microsoft.NET
2013-10-06 16:35 . 2013-04-09 23:34   1247744   ----a-w-   c:\windows\system32\DWrite.dll
2013-10-06 16:22 . 2012-12-16 14:13   295424   ----a-w-   c:\windows\system32\atmfd.dll
2013-10-06 16:22 . 2012-12-16 14:13   34304   ----a-w-   c:\windows\system32\atmlib.dll
2013-10-06 16:22 . 2010-09-30 06:47   70656   ----a-w-   c:\windows\system32\fontsub.dll
2013-10-06 15:55 . 2012-07-26 03:39   526952   ----a-w-   c:\windows\system32\drivers\Wdf01000.sys
2013-10-06 15:55 . 2012-07-26 03:39   47720   ----a-w-   c:\windows\system32\drivers\WdfLdr.sys
2013-10-06 15:55 . 2012-07-26 02:46   9728   ----a-w-   c:\windows\system32\Wdfres.dll
2013-10-06 15:54 . 2012-07-26 03:21   196608   ----a-w-   c:\windows\system32\WUDFHost.exe
2013-10-06 15:54 . 2012-07-26 03:20   73216   ----a-w-   c:\windows\system32\WUDFSvc.dll
2013-10-06 15:54 . 2012-07-26 03:20   613888   ----a-w-   c:\windows\system32\WUDFx.dll
2013-10-06 15:54 . 2012-07-26 03:20   38912   ----a-w-   c:\windows\system32\WUDFCoinstaller.dll
2013-10-06 15:54 . 2012-07-26 03:20   172032   ----a-w-   c:\windows\system32\WUDFPlatform.dll
2013-10-06 15:54 . 2012-07-26 02:33   66560   ----a-w-   c:\windows\system32\drivers\WUDFPf.sys
2013-10-06 15:54 . 2012-07-26 02:32   155136   ----a-w-   c:\windows\system32\drivers\WUDFRd.sys
2013-10-06 15:54 . 2012-03-01 05:46   19824   ----a-w-   c:\windows\system32\drivers\fs_rec.sys
2013-10-06 15:54 . 2012-03-01 05:33   159232   ----a-w-   c:\windows\system32\imagehlp.dll
2013-10-06 15:54 . 2012-03-01 05:29   5120   ----a-w-   c:\windows\system32\wmi.dll
2013-10-06 15:43 . 2013-10-06 15:43   --------   d-----w-   c:\windows\system32\MRT
2013-10-06 15:38 . 2013-10-06 15:38   9728   ---ha-w-   c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-10-06 15:37 . 2013-10-06 15:37   1505280   ----a-w-   c:\windows\system32\d3d11.dll
2013-10-06 15:14 . 2012-02-11 05:37   317440   ----a-w-   c:\windows\system32\spoolsv.exe
2013-10-06 15:14 . 2013-04-12 13:45   1211752   ----a-w-   c:\windows\system32\drivers\ntfs.sys
2013-10-06 15:14 . 2013-07-09 04:50   652800   ----a-w-   c:\windows\system32\rpcrt4.dll
2013-10-06 15:14 . 2012-11-22 04:45   626688   ----a-w-   c:\windows\system32\usp10.dll
2013-10-06 15:14 . 2012-08-22 17:16   712048   ----a-w-   c:\windows\system32\drivers\ndis.sys
2013-10-06 15:14 . 2012-07-04 19:45   33280   ----a-w-   c:\windows\system32\drivers\RNDISMP.sys
2013-10-06 15:14 . 2013-07-09 04:52   175104   ----a-w-   c:\windows\system32\wintrust.dll
2013-10-06 15:14 . 2013-07-09 04:46   140288   ----a-w-   c:\windows\system32\cryptsvc.dll
2013-10-06 15:14 . 2013-07-09 04:46   1166848   ----a-w-   c:\windows\system32\crypt32.dll
2013-10-06 15:14 . 2013-07-09 04:46   103936   ----a-w-   c:\windows\system32\cryptnet.dll
2013-10-06 15:11 . 2011-04-29 02:46   311808   ----a-w-   c:\windows\system32\drivers\srv.sys
2013-10-06 15:11 . 2011-04-29 02:46   310272   ----a-w-   c:\windows\system32\drivers\srv2.sys
2013-10-06 15:11 . 2011-04-29 02:46   114688   ----a-w-   c:\windows\system32\drivers\srvnet.sys
2013-10-06 15:11 . 2013-02-12 03:32   15872   ----a-w-   c:\windows\system32\drivers\usb8023.sys
2013-10-06 15:11 . 2011-04-25 02:18   338944   ----a-w-   c:\windows\system32\drivers\afd.sys
2013-10-06 15:11 . 2012-11-02 05:11   376832   ----a-w-   c:\windows\system32\dpnet.dll
2013-10-06 15:11 . 2011-02-18 05:39   31232   ----a-w-   c:\windows\system32\prevhost.exe
2013-10-06 13:04 . 2013-01-24 04:47   196328   ----a-w-   c:\windows\system32\drivers\fvevol.sys
2013-10-06 13:04 . 2011-10-01 04:37   708608   ----a-w-   c:\program files\Common Files\System\wab32.dll
2013-10-06 13:04 . 2011-03-03 05:38   132608   ----a-w-   c:\windows\system32\dnsrslvr.dll
2013-10-06 13:04 . 2011-03-03 05:36   28672   ----a-w-   c:\windows\system32\dnscacheugc.exe
2013-10-06 13:02 . 2013-04-26 04:55   492544   ----a-w-   c:\windows\system32\win32spl.dll
2013-10-06 13:02 . 2012-11-01 04:47   1389568   ----a-w-   c:\windows\system32\msxml6.dll
2013-10-06 13:02 . 2011-05-03 04:30   741376   ----a-w-   c:\windows\system32\inetcomm.dll
2013-10-06 13:02 . 2013-05-13 03:08   903168   ----a-w-   c:\windows\system32\certutil.exe
2013-10-06 13:02 . 2013-05-13 03:08   43008   ----a-w-   c:\windows\system32\certenc.dll
2013-10-06 13:01 . 2012-10-03 16:42   52224   ----a-w-   c:\windows\system32\nlaapi.dll
2013-10-06 13:01 . 2012-10-03 16:42   242176   ----a-w-   c:\windows\system32\nlasvc.dll
2013-10-06 13:01 . 2012-10-03 16:42   18944   ----a-w-   c:\windows\system32\netevent.dll
2013-10-06 13:01 . 2012-10-03 16:42   175104   ----a-w-   c:\windows\system32\netcorehc.dll
2013-10-06 13:01 . 2012-10-03 16:42   156672   ----a-w-   c:\windows\system32\ncsi.dll
2013-10-06 13:01 . 2012-10-03 16:40   499712   ----a-w-   c:\windows\system32\iphlpsvc.dll
2013-10-06 13:01 . 2012-10-03 15:21   35328   ----a-w-   c:\windows\system32\drivers\tcpipreg.sys
2013-10-06 13:00 . 2011-11-19 14:01   67072   ----a-w-   c:\windows\system32\packager.dll
2013-10-06 13:00 . 2011-05-04 04:34   1549312   ----a-w-   c:\windows\system32\tquery.dll
2013-10-06 13:00 . 2011-05-04 04:32   666624   ----a-w-   c:\windows\system32\mssvp.dll
2013-10-06 13:00 . 2011-05-04 04:32   337408   ----a-w-   c:\windows\system32\mssph.dll
2013-10-06 13:00 . 2011-05-04 04:32   197120   ----a-w-   c:\windows\system32\mssphtb.dll
2013-10-06 13:00 . 2011-05-04 04:32   1401344   ----a-w-   c:\windows\system32\mssrch.dll
2013-10-06 13:00 . 2011-05-04 04:32   59392   ----a-w-   c:\windows\system32\msscntrs.dll
2013-10-06 13:00 . 2011-05-04 04:28   86528   ----a-w-   c:\windows\system32\SearchFilterHost.exe
2013-10-06 13:00 . 2011-05-04 04:28   427520   ----a-w-   c:\windows\system32\SearchIndexer.exe
2013-10-06 13:00 . 2011-05-04 04:28   164352   ----a-w-   c:\windows\system32\SearchProtocolHost.exe
2013-10-06 12:58 . 2011-10-26 04:32   1328128   ----a-w-   c:\windows\system32\quartz.dll
2013-10-06 12:57 . 2012-08-10 23:56   542208   ----a-w-   c:\windows\system32\kerberos.dll
2013-10-06 12:57 . 2011-02-25 05:30   2616320   ----a-w-   c:\windows\explorer.exe
2013-10-06 12:57 . 2012-04-07 11:26   2342400   ----a-w-   c:\windows\system32\msi.dll
2013-10-06 12:57 . 2013-04-10 05:04   1221632   ----a-w-   c:\program files\Windows Journal\NBDoc.DLL
2013-10-06 12:57 . 2013-04-10 05:03   936448   ----a-w-   c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-10-06 12:57 . 2013-04-10 05:03   988672   ----a-w-   c:\program files\Windows Journal\JNTFiltr.dll
2013-10-06 12:57 . 2013-04-10 05:03   969216   ----a-w-   c:\program files\Windows Journal\JNWDRV.dll
2013-10-06 12:47 . 2012-10-09 17:40   44032   ----a-w-   c:\windows\system32\dhcpcsvc6.dll
2013-10-06 12:47 . 2012-10-09 17:40   193536   ----a-w-   c:\windows\system32\dhcpcore6.dll
2013-10-06 12:15 . 2012-02-17 05:34   826880   ----a-w-   c:\windows\system32\rdpcore.dll
2013-10-06 12:15 . 2012-02-17 04:13   24576   ----a-w-   c:\windows\system32\drivers\tdtcp.sys
2013-10-06 01:32 . 2013-10-05 11:56   71048   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-06 01:32 . 2013-10-05 11:56   692616   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2013-10-06 01:32 . 2013-10-06 01:32   --------   d-----w-   c:\windows\system32\Macromed
2013-10-06 01:10 . 2013-10-06 22:02   --------   d-sh--w-   c:\windows\Installer
2013-10-06 01:05 . 2013-10-05 14:16   --------   d-----w-   c:\program files\Google
2013-10-06 01:01 . 2013-08-07 11:22   238872   ------w-   c:\windows\system32\MpSigStub.exe
2013-10-06 00:22 . 2012-06-02 22:19   53784   ----a-w-   c:\windows\system32\wuauclt.exe
2013-10-06 00:22 . 2012-06-02 22:19   45080   ----a-w-   c:\windows\system32\wups2.dll
2013-10-06 00:22 . 2012-06-02 22:19   1933848   ----a-w-   c:\windows\system32\wuaueng.dll
2013-10-06 00:22 . 2012-06-02 22:12   2422272   ----a-w-   c:\windows\system32\wucltux.dll
2013-10-06 00:21 . 2012-06-02 22:19   35864   ----a-w-   c:\windows\system32\wups.dll
2013-10-06 00:21 . 2012-06-02 22:19   577048   ----a-w-   c:\windows\system32\wuapi.dll
2013-10-06 00:21 . 2012-06-02 22:12   88576   ----a-w-   c:\windows\system32\wudriver.dll
2013-10-06 00:21 . 2012-06-02 22:19   171904   ----a-w-   c:\windows\system32\wuwebv.dll
2013-10-06 00:21 . 2012-06-02 22:12   33792   ----a-w-   c:\windows\system32\wuapp.exe
2013-10-05 22:58 . 2013-10-05 22:58   --------   d-----w-   C:\Drivers
2013-10-05 22:55 . 2013-10-05 22:55   --------   d--h--w-   c:\program files\InstallShield Installation Information
2013-10-05 22:55 . 2013-10-05 22:55   --------   d-----w-   C:\SWSetup
2013-10-05 13:50 . 2013-10-05 13:50   --------   d-----w-   c:\program files\Common Files\Skype
2013-10-05 13:50 . 2013-10-05 13:50   --------   d-----r-   c:\program files\Skype
2013-10-05 13:50 . 2013-10-05 13:50   --------   d-----w-   c:\programdata\Skype
2013-10-05 11:00 . 2013-10-05 11:00   --------   d-----w-   c:\program files\Mozilla Maintenance Service
2013-09-28 09:10 . 2013-09-28 08:16   --------   d-----w-   c:\windows\Panther
2013-09-28 08:41 . 2013-09-28 08:41   --------   d-----w-   C:\Temp
2013-09-28 08:32 . 2012-08-09 22:21   81920   ----a-w-   c:\windows\system32\igfxCoIn_v2827.dll
2013-09-28 08:31 . 2012-09-24 09:40   37696   ----a-w-   c:\windows\system32\drivers\Accelerometer.sys
2013-09-28 08:31 . 2012-09-24 09:40   27968   ----a-w-   c:\windows\system32\drivers\hpdskflt.sys
2013-09-28 08:31 . 2012-09-24 09:40   18752   ----a-w-   c:\windows\system32\accelerometerdll.DLL
2013-09-28 08:31 . 2012-09-24 09:40   16192   ----a-w-   c:\windows\system32\HPMDPCoInst12.dll
2013-09-28 08:31 . 2012-09-24 09:40   27968   ----a-w-   c:\windows\system32\hpservice.exe
2013-09-28 08:31 . 2013-09-28 08:31   --------   d-----w-   c:\program files\LSI SoftModem
2013-09-28 08:31 . 2012-08-13 12:40   1163328   ----a-w-   c:\windows\system32\drivers\AGRSM.sys
2013-09-28 08:31 . 2012-08-13 12:40   26624   ----a-w-   c:\windows\system32\agrscoin.dll
2013-09-28 08:31 . 2012-08-13 12:40   64000   ----a-w-   c:\windows\agrsmdel.exe
2013-09-28 08:31 . 2012-11-19 08:10   526392   ----a-w-   c:\windows\system32\drivers\iaStorA.sys
2013-09-28 08:31 . 2012-11-19 08:10   25656   ----a-w-   c:\windows\system32\drivers\iaStorF.sys
2013-09-28 08:31 . 2012-12-11 21:11   300928   ----a-w-   c:\windows\system32\PROUnstl.exe
2013-09-28 08:31 . 2009-05-26 17:05   28792   ----a-w-   c:\windows\system32\NicCo36.dll
2013-09-28 08:30 . 2010-02-26 12:31   132480   ----a-w-   c:\windows\system32\drivers\Impcd.sys
2013-09-28 08:30 . 2009-09-18 02:54   41088   ----a-w-   c:\windows\system32\drivers\HECI.sys
2013-09-28 08:30 . 2007-12-18 06:46   44800   ----a-w-   c:\windows\system32\drivers\ifxtpm.sys
2013-09-28 08:30 . 2009-09-23 18:26   46592   ----a-w-   c:\windows\system32\drivers\risdptsk.sys
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-28 08:16 . 2010-11-20 21:29   409088   ----a-w-   c:\windows\system32\systemcpl.dll
2013-09-28 08:16 . 2010-11-20 21:29   13824   ----a-w-   c:\windows\system32\slwga.dll
2013-09-28 08:16 . 2010-11-20 21:29   811520   ----a-w-   c:\windows\system32\user32.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2013-09-28 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll
[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-13 142656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-13 177472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-13 177984]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-09-07 495708]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-03 1791272]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 27136]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-09-28 1343400]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys [2012-11-19 526392]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys [2012-11-19 25656]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-12-04 16440]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2009-03-01 81920]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2012-09-24 27968]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-09-05 171680]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2009-09-23 208552]
S3 IFXTPM;IFXTPM;c:\windows\system32\DRIVERS\IFXTPM.SYS [2007-12-18 44800]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 132480]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-08-23 270336]
S3 NETwNs32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\Netwsn00.sys [2012-09-30 10383360]
S3 rismc32;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismc32.sys [2009-07-20 49152]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-06 11:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
TCP: DhcpNameServer = 192.168.1.1 192.168.2.254
FF - ProfilePath - c:\users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\gswe47ia.default\
FF - prefs.js: browser.startup.homepage - www.facebook.com
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\IDT\WDM\STacSV.exe
c:\windows\system32\AUDIODG.EXE
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\windows\system32\taskhost.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
.
**************************************************************************
.
Completion time: 2013-10-08  17:36:17 - machine was rebooted
ComboFix-quarantined-files.txt  2013-10-08 12:36
ComboFix2.txt  2013-10-06 21:37
.
Pre-Run: 230,398,619,648 bytes free
Post-Run: 229,954,039,808 bytes free
.
- - End Of File - - 6A84B751BEB7A6D898F08334CE98B26B
A36C5E4F47E84449FF07ED3517B43A31


Logged
melboy
Moderator
Hero Member
*****
Offline Offline

Date Registered:April 02, 2009, 02:56:03 AM
Posts: 756



« Reply #8 on: October 08, 2013, 03:22:27 PM »

Hi

Install an AV now please.

No Antivirus

Looking over your log, it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently.  Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories.
Please download free anti-virus software NOW:
 
 Microsoft Security Essentials - Free anti-malware solution that helps protect against viruses, spyware, and other malicious software
 
It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts, system instability and false virus alerts.



Malwarebytes' Anti-Malware (MBAM)

Please download Malwarebytes' Anti-Malware to your desktop.

  • Right-click mbam-setup-version.number.exe, choose "Run as Administrator" and follow the prompts to install the program.
  • At the end, Uncheck Enable the free trial Malwarebytes' Anti-Malware PRO
     (You can activate this when we've finished, if you wish)
  • Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Select the Settings tab, then the Scanner Settings tab
  • For Action for Potentially Unwanted Programs (PUP), choose Show in results list and check for removal
  • Select to the Scanner tab, select Perform Quick scan, then click on Scan
  • When done, you will be prompted. Click OK. If Items are found, then click on Show Results
  • Check all items then click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply.

The log can also be found here:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Or via the Logs tab when the application is started.
.
Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.






Logged

Ashleshy
Jr. Member
**
Offline Offline

Gender: Female
Date Registered:May 16, 2007, 07:29:21 AM
Posts: 90


« Reply #9 on: October 09, 2013, 06:19:34 AM »

I have installed MS security essentials on this system

Thanks for the help...How do i disinfect my USB? MS Security essentials on the other system did detect and delete the virus but i am still not able to view the contents of the USB device on any system...haven't connected back the USB to this system yet after the system is cleaned ....is it safe to connect now?

Here is the log for MBAM


Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.09.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16686
hp :: HP-PC [administrator]

10/9/2013 4:11:55 PM
mbam-log-2013-10-09 (16-11-55).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 185381
Time elapsed: 3 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
Logged
melboy
Moderator
Hero Member
*****
Offline Offline

Date Registered:April 02, 2009, 02:56:03 AM
Posts: 756



« Reply #10 on: October 10, 2013, 02:08:12 PM »

Hi

Can you view the contents of the USB now?
Logged

Ashleshy
Jr. Member
**
Offline Offline

Gender: Female
Date Registered:May 16, 2007, 07:29:21 AM
Posts: 90


« Reply #11 on: October 10, 2013, 08:29:27 PM »

Unfortunately not Sad....Other clean USB's are working fine on this system except this one...This USB isn't showing content on any other system either...
Logged
melboy
Moderator
Hero Member
*****
Offline Offline

Date Registered:April 02, 2009, 02:56:03 AM
Posts: 756



« Reply #12 on: October 11, 2013, 07:18:52 AM »

Hi

Does the system recognise the USB? Is it just the files on the USB you can't see?
Logged

Ashleshy
Jr. Member
**
Offline Offline

Gender: Female
Date Registered:May 16, 2007, 07:29:21 AM
Posts: 90


« Reply #13 on: October 11, 2013, 08:55:24 AM »

Yes the system does recognise the USB...I can enter the USB drive but no folders are visible....it also shows free/occupied space and when I scan the USB with MS essentials I do see all the files being scanned....when plugged into my cars music system,it does play songs on the USB...
Logged
melboy
Moderator
Hero Member
*****
Offline Offline

Date Registered:April 02, 2009, 02:56:03 AM
Posts: 756



« Reply #14 on: October 12, 2013, 03:38:29 AM »

Hi

Plug in your USB drive.

  • Click the start orb
  • In the search box type CMD
  • Right Click cmd.exe, and choose "Run as administrator"
  • A command window will open. At the prompt type*:

    dir X: /a

  • Right click command window and choose select all
  • Press CTRL + C on your keyboard to copy the text
  • Right click in a reply here and choose paste
  • Post the output of the command

*NOTE: Replace X: with the drive letter asigned to your USB drive.
Logged

Pages: [1] 2   Go Up
  Print  
 
Jump to:  


Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Valid XHTML 1.0! Valid CSS!