Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

metropolitan police ukash trojan [Solved]


  • This topic is locked This topic is locked

#31
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That was good - a combination hit worked

What I would like you to do now is use the computer as usual
Go online check out that searches are not redirecting
Try some different programmes out

Let me know then of any unusual behaviour at all

As it stands I think we have killed it all

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

Advertisements


#32
th0mh

th0mh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.18.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Thom :: THOM-PC [administrator]

Protection: Enabled

4/18/2012 9:00:47 PM
mbam-log-2012-04-18 (21-00-47).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 207724
Time elapsed: 4 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D1EC4CA-4B92-4324-B8F8-C9A6ED06A8AE} (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\ProgramData\jI82l (Backdoor.Fynloski) -> Quarantined and deleted successfully.

Files Detected: 2
C:\Users\Thom\Downloads\SoftonicDownloader_for_pc-wizard.exe (PUP.OfferBundler.ST) -> Quarantined and deleted successfully.
C:\ProgramData\jI82l\PCGWIN32.LI5 (Backdoor.Fynloski) -> Quarantined and deleted successfully.

(end)
  • 0

#33
th0mh

th0mh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
This is strange after i restarted my pc my desktop is empty again. Should i run roguekiller again?
  • 0

#34
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes run RogueKiller again and then follow up with this programme

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#35
th0mh

th0mh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
The scan completed correctly but my desktop worked for one day and now they are gone again.



ComboFix 12-04-18.02 - Thom 04/19/2012 0:20.1.4 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3071.1299 [GMT 2:00]
Running from: c:\users\Thom\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
.
ADS - system32: deleted 24 bytes in 2 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Freeze.com\NetAssistant\NeTAssistant.dll
c:\program files\HyperCam Toolbar\tbHElper.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-03-18 to 2012-04-18 )))))))))))))))))))))))))))))))
.
.
2012-04-18 22:26 . 2012-04-18 22:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-18 22:14 . 2012-04-18 22:14 13824 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2012-04-18 18:58 . 2012-04-18 18:58 -------- d-----w- c:\users\Thom\AppData\Roaming\Malwarebytes
2012-04-18 18:58 . 2012-04-18 18:58 -------- d-----w- c:\programdata\Malwarebytes
2012-04-18 18:58 . 2012-04-18 18:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-18 18:58 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-18 17:11 . 2008-05-08 05:03 303616 ----a-w- C:\SetACL.exe
2012-04-18 16:58 . 2004-06-11 23:33 290304 ----a-w- C:\subinacl.exe
2012-04-18 16:57 . 2012-04-18 16:57 -------- d-----w- C:\Reg_Backup
2012-04-18 16:35 . 2012-04-18 17:14 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-04-18 16:34 . 2012-04-18 17:14 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-04-18 16:34 . 2012-04-18 16:34 -------- d-----w- c:\program files\Tweaking.com
2012-04-18 02:46 . 2012-04-18 02:48 -------- d-----w- C:\FRST
2012-04-13 13:13 . 2012-04-13 13:13 -------- d-----w- c:\program files\Common Files\Skype
2012-04-12 22:41 . 2012-04-12 22:43 -------- d-----w- C:\dd948e71af1aa86fab95b1d57304
2012-04-12 22:41 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 22:41 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 22:41 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 22:41 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 20:45 . 2012-04-12 20:47 -------- d-----w- c:\users\Thom\.Dharoks_v4
2012-04-07 19:58 . 2012-04-07 19:58 -------- d-----w- C:\.soulsplit
2012-04-06 14:31 . 2012-04-17 16:51 -------- d-----w- c:\users\Thom\AppData\Roaming\SystemSecurityGuard
2012-04-06 14:31 . 2012-04-06 14:31 -------- d-----w- c:\program files\System Security Guard
2012-04-06 14:30 . 2012-04-06 14:30 -------- d-----w- c:\programdata\SystemSecurityGuard
2012-04-05 08:15 . 2012-04-18 17:06 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-30 15:00 . 2012-03-30 15:00 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\tmpidcrl.dll
2012-03-30 14:47 . 2012-03-30 14:47 -------- d-----w- c:\windows\system32\xlive
2012-03-30 14:47 . 2012-03-30 14:47 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2012-03-29 19:02 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-29 19:02 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-29 18:44 . 2012-03-29 18:44 -------- d-----w- c:\windows\system32\SPReview
2012-03-29 18:43 . 2012-03-29 18:43 -------- d-----w- c:\windows\system32\EventProviders
2012-03-29 18:39 . 2012-04-18 02:46 -------- d-----w- c:\users\UpdatusUser
2012-03-29 18:39 . 2012-03-29 18:40 -------- d-----w- c:\programdata\NVIDIA
2012-03-29 18:39 . 2011-05-21 04:01 66664 ----a-w- c:\windows\system32\nvshext.dll
2012-03-29 18:39 . 2011-05-21 04:01 615528 ----a-w- c:\windows\system32\nvvsvc.exe
2012-03-29 18:39 . 2011-05-21 04:01 3693672 ----a-w- c:\windows\system32\nvcpl.dll
2012-03-29 18:39 . 2011-05-21 04:01 2560616 ----a-w- c:\windows\system32\nvsvcr.dll
2012-03-29 18:39 . 2011-05-21 04:01 2557544 ----a-w- c:\windows\system32\nvsvc.dll
2012-03-29 18:39 . 2011-05-21 04:01 111208 ----a-w- c:\windows\system32\nvmctray.dll
2012-03-29 18:39 . 2011-05-21 04:01 543336 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2012-03-29 18:37 . 2012-03-29 18:37 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-03-29 18:37 . 2012-03-29 18:39 -------- d-----w- c:\program files\NVIDIA Corporation
2012-03-29 12:43 . 2012-03-29 12:43 -------- d-----w- c:\users\Thom\AppData\Local\WB Games
2012-03-29 12:26 . 2012-03-29 12:26 -------- d-----w- c:\program files\Snowblind Studios
2012-03-29 11:32 . 2012-03-29 11:32 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-03-29 11:32 . 2012-03-29 11:32 -------- d-----w- c:\program files\DAEMON Tools Lite
2012-03-29 11:32 . 2012-03-29 11:35 -------- d-----w- c:\users\Thom\AppData\Roaming\DAEMON Tools Lite
2012-03-29 11:32 . 2012-03-29 11:32 -------- d-----w- c:\programdata\DAEMON Tools Lite
2012-03-27 16:15 . 2012-03-27 17:41 -------- d-----w- c:\users\Thom\AppData\Roaming\wargaming.net
2012-03-27 16:15 . 2012-03-29 18:46 -------- d-----w- c:\windows\msdownld.tmp
2012-03-27 16:15 . 2012-03-27 16:15 -------- d-----w- C:\Games
2012-03-25 13:01 . 2012-03-25 13:01 -------- d-----w- c:\program files\7-Zip
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-18 17:06 . 2011-05-18 05:05 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-30 15:00 . 2009-08-18 09:30 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-03-30 15:00 . 2009-08-18 09:24 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-03-29 18:50 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-02-25 12:18 . 2012-02-25 12:14 9906 ----a-w- c:\windows\system32\drivers\cv2k1.sys
2012-02-17 05:34 . 2012-03-14 06:29 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-02-17 05:34 . 2012-03-14 06:29 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14 . 2012-03-14 06:29 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13 . 2012-03-14 06:29 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-14 23:02 . 2012-02-14 23:02 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-02-14 23:02 . 2012-02-14 23:02 161792 ----a-w- c:\windows\system32\msls31.dll
2012-02-14 23:02 . 2012-02-14 23:02 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-14 23:02 . 2012-02-14 23:02 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-02-14 23:02 . 2012-02-14 23:02 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-02-14 23:02 . 2012-02-14 23:02 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-02-14 23:02 . 2012-02-14 23:02 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-02-14 23:02 . 2012-02-14 23:02 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-02-14 23:02 . 2012-02-14 23:02 367104 ----a-w- c:\windows\system32\html.iec
2012-02-14 23:02 . 2012-02-14 23:02 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-14 23:02 . 2012-02-14 23:02 152064 ----a-w- c:\windows\system32\wextract.exe
2012-02-14 23:02 . 2012-02-14 23:02 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-02-14 23:02 . 2012-02-14 23:02 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-14 23:02 . 2012-02-14 23:02 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-14 23:02 . 2012-02-14 23:02 11776 ----a-w- c:\windows\system32\mshta.exe
2012-02-14 23:02 . 2012-02-14 23:02 101888 ----a-w- c:\windows\system32\admparse.dll
2012-02-14 23:02 . 2012-02-14 23:02 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-02-10 05:38 . 2012-03-14 06:30 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-02-03 03:54 . 2012-03-14 06:30 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 05:27 . 2012-03-14 17:25 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-18 09:11 . 2011-10-27 16:15 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{a8864317-e18b-4292-99d9-e6e65ab905d3}"= "c:\program files\RuneScape\prxtbRune.dll" [2011-03-28 176936]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{a8864317-e18b-4292-99d9-e6e65ab905d3}]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 11:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a8864317-e18b-4292-99d9-e6e65ab905d3}]
2011-03-28 16:22 176936 ----a-w- c:\program files\Runescape\prxtbRune.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-12-09 11:51 3911776 ----a-w- c:\program files\Vuze_Remote\tbVuze.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-12-20 09:55 1244040 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a8864317-e18b-4292-99d9-e6e65ab905d3}"= "c:\program files\RuneScape\prxtbRune.dll" [2011-03-28 176936]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-12-20 1244040]
.
[HKEY_CLASSES_ROOT\clsid\{a8864317-e18b-4292-99d9-e6e65ab905d3}]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A8864317-E18B-4292-99D9-E6E65AB905D3}"= "c:\program files\RuneScape\prxtbRune.dll" [2011-03-28 176936]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-12-20 1244040]
.
[HKEY_CLASSES_ROOT\clsid\{a8864317-e18b-4292-99d9-e6e65ab905d3}]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2011-08-02 1242448]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-03-04 2741616]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
"SystemSecurityGuardAutoStart"="c:\program files\System Security Guard\SystemSecurityGuardTray.exe" [2012-03-28 1102336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2012-01-26 2077536]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Logitech G35"="c:\program files\Logitech\G35\G35.exe" [2010-10-05 1811800]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 253088]
R3 cpuz134;cpuz134;c:\program files\CPUID\PC Wizard 2010\pcwiz_x32.sys [2010-07-09 20328]
R3 CV2K1;CommView Network Monitor;c:\windows\system32\DRIVERS\cv2k1.sys [2012-02-25 9906]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 LADF_DHP2;G35 DHP2 Filter Driver;c:\windows\system32\DRIVERS\ladfDHP2i386.sys [2010-09-29 53976]
R3 LADF_SBVM;G35 SBVM Filter Driver;c:\windows\system32\DRIVERS\ladfSBVMi386.sys [2010-09-29 335064]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-02 1343400]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-07-16 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2011-05-06 243152]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-03-29 242240]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-07-21 921952]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-16 308136]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2011-03-04 584488]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-11-03 2358656]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S3 SSGHelpService;System Security Guard Service;c:\program files\System Security Guard\SSGService.exe [2012-03-09 558728]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 10:29 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 17:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sharewareisland.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.sharewareisland.com/quicksearch.aspx
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Thom\AppData\Roaming\Mozilla\Firefox\Profiles\vjliljmk.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2243041973-16635593-2241794628-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3976ADCB-CD31-82DA-EE6B-011F0FC8A189}*]
@Allowed: (Read) (RestrictedCode)
"nafcbdkdjnibjnmdjhchfefbbnbo"=hex:6a,61,6d,70,6f,6f,6f,61,6d,64,6b,65,6e,6e,
61,68,64,61,64,6a,00,00
"mapblickglcnibpfbljdcojmie"=hex:6a,61,6d,70,6f,6f,6f,61,6d,64,6b,65,6e,6e,61,
68,64,61,64,6a,00,00
.
Completion time: 2012-04-19 00:27:26
ComboFix-quarantined-files.txt 2012-04-18 22:27
.
Pre-Run: 108,681,129,984 bytes free
Post-Run: 109,116,620,800 bytes free
.
- - End Of File - - 1EEEC7C14E41D64E0FBE2BAA2B781F82
  • 0

#36
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
So you have now lost your icons again !

Did you install this programme :

SystemSecurityGuard

Did not RogueKiller recover them ?
  • 0

#37
th0mh

th0mh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Yes initialy they all got recovered vut after a reboot they were gone again. Makes me a sad person:(
  • 0

#38
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets do a really deep search for the miscreant, which is currently trying to hide

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threats report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image
  • 0

#39
th0mh

th0mh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Status: Disinfected (events: 2)
4/19/2012 6:55:05 PM Disinfected malware HackTool.MSIL.Loic.de C:\Documents and Settings\Thom\Downloads\LOIC-1.0.7.42-binary.zip Medium
4/19/2012 6:55:05 PM Disinfected malware HackTool.MSIL.Loic.de C:\Documents and Settings\Thom\Downloads\LOIC-1.0.7.42-binary.zip/LOIC.exe Medium

Attached Files


  • 0

#40
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I am not overly happy about this programme C:\Program Files\System Security Guard

What do you know about it ?
  • 0

Advertisements


#41
th0mh

th0mh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
I wasnt sure what it was i think it was a vrisuc checker or something i uninstalled it. What are any steps I can do from now im getting kinda annoyed haha:P
  • 0

#42
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Run Rogue killer again, all three stages
Reboot and let me know if the Icons remain
  • 0

#43
th0mh

th0mh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Its funny cause when i clicked scan all the icons appeared ill let you know what happend after the restart.
  • 0

#44
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
A quick thought when you reboot could you change your desktop picture
  • 0

#45
th0mh

th0mh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Should i be worried about this?
Posted Image
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP