Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Slow Computer infected by ?Trojan [Solved]


  • This topic is locked This topic is locked

#1
kevinkoh

kevinkoh

    Member

  • Member
  • PipPip
  • 13 posts
Hi,

I ran a malicious file after I scanned it with MSE, which returned as the file was clean.

However after I ran the file through virus total, the results showed that it was actually infected.
This is the scan results.
https://www.virustot...1d646/analysis/


After my next restart, the laptop became incredibly sluggish, vbc.exe was taking up all the CPU, there was random ****.exe and conhost.exe.

In the startup in MSCONFIG, as shown weird entires of WINRAR and AUTOPCSHUTDOWN, disabling them did not help.

Would really appreciate assistance in getting rid of the virus.

Attached File  OTL.Txt   153.43KB   102 downloads
Attached File  Extras.Txt   63.96KB   105 downloads
  • 0

Advertisements


#2
kevinkoh

kevinkoh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I have Ran several antivirus and combofix, which seemed to have fixed the problem of the high cpu usage.
  • 0

#3
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello kevinkoh,

Sorry for the delay in getting to you.

I have Ran several antivirus and combofix, which seemed to have fixed the problem of the high cpu usage.


Please post a copy of the Combofix log back here.

The OTL one will be old information now. ;)

Note: Unless otherwise instructed always post the logs in the forum. If reports don't fit on one post. It might be necessary to break the logs up to get them on the forum. Just use as many posts as you need, that's fine. :)
  • 0

#4
kevinkoh

kevinkoh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi emeraldnzl,

Thank you for helping out

This was the combofix log

Attached Files


Edited by kevinkoh, 24 August 2013 - 08:06 PM.

  • 0

#5
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
I have taken the liberty of posting this in the thread as requested at my last post.

ComboFix 13-08-22.01 - Kev 24/08/2013 14:02:50.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.65.1033.18.4061.2453 [GMT 8:00]
Running from: c:\users\Kev\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\Local Settings\Temp
c:\users\Kev\AppData\Local\Microsoft\Windows\Temporary Internet Files\{985A4AF8-C323-4B03-9AE2-C0D1D711DBBC}.xps
c:\users\Kev\AppData\Roaming\433
c:\users\Kev\AppData\Roaming\Microsoft\Installer\Update.exe
c:\users\Kev\AppData\Roaming\update.exe
c:\users\Kev\AppData\Roaming\windows
c:\users\Kev\AppData\Roaming\windows\pcEamB.exe
c:\windows\Install
c:\windows\Install\Officeupdate
c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
c:\windows\SysWow64\404Fix.exe
c:\windows\SysWow64\dumphive.exe
c:\windows\SysWow64\funshion.ini
c:\windows\SysWow64\IEDFix.C.exe
c:\windows\SysWow64\IEDFix.exe
c:\windows\SysWow64\o4Patch.exe
c:\windows\SysWow64\Process.exe
c:\windows\SysWow64\SrchSTS.exe
c:\windows\SysWow64\tmp.reg
c:\windows\SysWow64\VACFix.exe
c:\windows\SysWow64\VCCLSID.exe
c:\windows\SysWow64\WS2Fix.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-07-24 to 2013-08-24 )))))))))))))))))))))))))))))))
.
.
2013-08-24 19:59 . 2013-08-24 13:28 -------- d-----w- C:\bd_logs
2013-08-24 19:25 . 2013-08-24 19:34 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2013-08-24 09:38 . 2010-04-29 07:39 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2013-08-24 09:38 . 2010-04-29 07:39 20952 ----a-w- c:\windows\SysWow64\drivers\mbam.sys
2013-08-24 06:15 . 2013-08-24 06:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-24 01:37 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F2F355B6-4CA9-402C-BD83-D2853C6A26FC}\mpengine.dll
2013-08-23 18:59 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-08-23 02:15 . 2013-08-23 02:29 -------- d-----w- c:\programdata\SpeedBit
2013-08-23 02:13 . 2013-08-23 02:13 -------- d-----w- c:\program files (x86)\Common Files\SpeedBit
2013-08-22 15:45 . 2013-08-11 00:59 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-08-22 15:45 . 2013-08-22 15:44 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2CB6592B-93D6-4411-99EE-D98395A6DFAA}\gapaengine.dll
2013-08-21 10:06 . 2013-08-21 10:06 -------- d-----w- c:\programdata\Malwarebytes
2013-08-21 00:26 . 2013-08-21 00:26 -------- d-----w- c:\windows\PCHEALTH
2013-08-21 00:14 . 2013-08-21 00:14 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2013-08-20 11:19 . 2013-08-20 11:24 -------- d-----w- c:\program files\KMSpico
2013-08-20 11:19 . 2013-08-24 06:11 -------- d-----w- c:\programdata\Local Settings
2013-08-20 11:17 . 2013-08-20 11:17 268896 ----a-w- c:\windows\system32\drivers\BazisPortableCDBus.sys
2013-08-20 10:29 . 2013-08-20 11:33 -------- d-----w- c:\program files (x86)\Microsoft Office 2013
2013-08-20 10:04 . 2013-08-20 10:04 -------- d-----w- C:\downloads
2013-08-17 10:04 . 2013-08-22 13:06 -------- d-----w- c:\users\Public\Fundata
2013-08-17 01:17 . 2007-05-16 08:45 506728 ----a-w- c:\windows\system32\d3dx10_34.dll
2013-08-17 01:12 . 2013-08-17 01:16 -------- d--h--w- c:\windows\msdownld.tmp
2013-08-14 08:09 . 2013-07-26 05:12 53760 ----a-w- c:\windows\system32\jsproxy.dll
2013-08-14 08:09 . 2013-07-26 03:13 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-08-14 08:09 . 2013-07-26 05:13 2241024 ----a-w- c:\windows\system32\wininet.dll
2013-08-14 08:09 . 2013-07-26 05:12 15405056 ----a-w- c:\windows\system32\ieframe.dll
2013-08-14 08:09 . 2013-07-26 05:12 19239424 ----a-w- c:\windows\system32\mshtml.dll
2013-08-11 10:07 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-08-11 10:07 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-08-11 10:02 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-08-11 10:02 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-08-11 05:39 . 2012-08-23 15:09 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2013-08-11 05:22 . 2013-01-04 06:11 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-08-11 05:18 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-08-11 05:17 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-08-11 05:16 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-08-11 05:15 . 2013-05-13 05:50 52224 ----a-w- c:\windows\system32\certenc.dll
2013-08-11 05:15 . 2013-05-13 03:08 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-08-11 05:05 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-08-11 05:05 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-08-11 03:01 . 2013-08-20 08:55 -------- d-----w- C:\_acestream_cache_
2013-08-11 02:00 . 2013-08-11 02:00 -------- d-----w- c:\windows\system32\SPReview
2013-08-11 01:26 . 2013-08-11 01:26 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2013-08-11 01:16 . 2013-08-11 04:34 -------- d-----w- c:\program files\Microsoft Silverlight
2013-08-11 01:16 . 2013-08-11 04:34 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-08-11 00:51 . 2013-08-11 00:51 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2013-08-10 14:07 . 2013-08-10 14:07 -------- d-----w- c:\windows\system32\EventProviders
2013-08-10 13:36 . 2013-08-10 13:36 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-08-10 13:36 . 2013-08-10 13:36 -------- d-----w- c:\program files\Microsoft Security Client
2013-08-10 12:57 . 2010-11-20 13:27 750080 ----a-w- c:\windows\system32\TSWorkspace.dll
2013-08-10 12:56 . 2010-11-20 13:14 7680 ----a-w- c:\windows\system32\spwizres.dll
2013-08-10 12:55 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2013-08-10 12:55 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2013-08-10 12:55 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll
2013-08-10 11:38 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2013-08-10 11:38 . 2011-04-28 03:54 80384 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2013-08-10 11:38 . 2010-11-20 13:24 229376 ----a-w- c:\windows\system32\fsquirt.exe
2013-08-10 11:37 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-08-10 11:37 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-08-10 11:37 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-08-10 11:37 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-08-10 11:37 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-08-10 11:37 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-08-10 11:37 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-08-10 10:24 . 2013-08-21 00:19 -------- d-----w- c:\program files (x86)\Microsoft.NET
2013-08-10 10:22 . 2013-08-21 00:14 -------- d-----w- c:\program files\Microsoft Office
2013-08-10 10:21 . 2013-08-10 10:21 -------- d-----r- C:\MSOCache
2013-08-10 10:02 . 2013-08-10 10:02 -------- d-----w- c:\windows\SysWow64\Wat
2013-08-10 10:02 . 2013-08-10 10:02 -------- d-----w- c:\windows\system32\Wat
2013-08-10 09:08 . 2013-08-10 09:08 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-08-10 09:08 . 2013-08-10 09:08 -------- d-----r- c:\program files (x86)\Skype
2013-08-10 09:05 . 2013-08-10 09:05 -------- d-----w- c:\programdata\Garena
2013-08-10 08:51 . 2013-08-10 08:51 -------- d-----w- c:\program files\WinRAR
2013-08-10 08:42 . 2013-08-23 12:49 -------- d-----w- c:\program files (x86)\Garena Plus
2013-08-10 08:41 . 2013-08-10 08:41 -------- d-----w- c:\program files (x86)\VideoLAN
2013-08-10 08:36 . 2013-08-10 08:36 -------- d-----w- c:\program files (x86)\TeamViewer
2013-08-10 08:15 . 2013-08-10 08:15 -------- d-----w- c:\program files (x86)\Funshion Online
2013-08-10 08:12 . 2013-08-10 08:12 -------- d-----w- c:\program files (x86)\WinPcap
2013-08-10 08:06 . 2013-08-10 09:08 -------- d-----w- c:\programdata\Skype
2013-08-10 08:02 . 2013-08-23 01:47 -------- d-----w- c:\programdata\Microsoft Help
2013-08-10 07:53 . 2013-08-10 07:53 -------- d-----w- c:\program files (x86)\Notepad++
2013-08-10 07:52 . 2013-08-14 08:03 -------- d-----w- c:\windows\system32\MRT
2013-08-10 07:50 . 2013-08-10 07:50 -------- d-----w- c:\program files\NVIDIA Corporation
2013-08-10 07:47 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2013-08-10 07:47 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2013-08-10 07:47 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2013-08-10 07:47 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2013-08-10 07:46 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-08-10 07:44 . 2013-08-10 07:44 -------- d-----w- c:\windows\Sun
2013-08-10 06:27 . 2009-06-05 10:16 42176 ----a-w- c:\windows\system32\drivers\sncduvc.sys
2013-08-10 06:27 . 2009-06-05 10:16 1806400 ----a-w- c:\windows\system32\drivers\snp2uvc.sys
2013-08-10 06:27 . 2009-06-05 10:16 19008 ----a-w- c:\windows\DrvInst.exe
2013-08-10 06:27 . 2009-05-27 07:41 2266 ----a-w- c:\windows\Uninstvga.bat
2013-08-10 06:27 . 2009-02-02 01:57 2008 ----a-w- c:\windows\Uninstsxga.bat
2013-08-10 06:27 . 2008-06-25 11:00 1682 ----a-w- c:\windows\Uninstuxga.bat
2013-08-10 06:27 . 2008-03-21 13:44 384 ----a-w- c:\windows\Uninstvga.reg
2013-08-10 06:27 . 2008-03-21 13:44 386 ----a-w- c:\windows\Uninstsxga.reg
2013-08-10 06:27 . 2008-03-21 13:38 386 ----a-w- c:\windows\Uninstuxga.reg
2013-08-10 06:25 . 2009-09-19 10:53 1048576 ---h--r- C:\UL80VT.BIN
2013-08-10 06:25 . 2009-07-20 09:29 15416 ----a-w- c:\windows\system32\drivers\kbfiltr.sys
2013-08-10 06:25 . 2009-05-13 01:07 15928 ----a-w- c:\windows\system32\drivers\ATK64AMD.sys
2013-08-10 06:05 . 2012-07-26 05:39 2560 ----a-w- c:\windows\system32\drivers\tr-TR\wdf01000.sys.mui
2013-08-10 06:05 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-08-10 06:05 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-08-10 06:05 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2013-08-10 06:05 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-08-10 05:56 . 2013-08-09 15:03 824 ----a-w- c:\windows\system32\drivers\etc\tmvsthfud.bin
2013-08-10 05:56 . 2013-08-09 15:02 824 ----a-w- c:\windows\system32\drivers\etc\tmvsthfss.bin
2013-08-10 05:53 . 2013-08-10 05:53 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2013-08-10 05:53 . 2013-08-10 08:44 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2013-08-10 05:53 . 2013-08-09 15:23 -------- d-----w- c:\windows\SysWow64\ASUS_UL_Series_Screensaver dir
2013-08-10 05:53 . 2013-08-10 05:53 -------- d-----w- c:\windows\SysWow64\Macromed
2013-08-10 05:53 . 2013-08-10 05:53 3058304 ----a-w- c:\windows\AsScrPro.exe
2013-08-10 05:52 . 2013-08-10 05:52 -------- d-----w- c:\programdata\P4G
2013-08-10 05:52 . 2013-08-10 05:52 -------- d-----w- c:\program files\P4G
2013-08-10 05:51 . 2013-08-09 15:26 -------- d-----w- c:\program files (x86)\Downloaded Installations
2013-08-10 05:50 . 2013-08-10 05:50 -------- d-----w- c:\program files\ATKGFNEX
2013-08-10 05:49 . 2013-08-10 05:49 -------- d-----w- c:\program files\WIDCOMM
2013-08-10 05:49 . 2013-08-10 05:49 -------- d-----w- c:\program files (x86)\Atheros
2013-08-10 05:49 . 2011-05-20 02:48 1582080 ----a-w- c:\windows\system32\athrx.sys
2013-08-10 05:48 . 2013-08-10 05:49 -------- d-----w- c:\programdata\Atheros
2013-08-10 05:48 . 2013-08-09 15:16 -------- d-----w- c:\program files\Elantech
2013-08-10 05:48 . 2013-08-10 05:48 -------- d-----w- c:\programdata\AmUStor
2013-08-10 05:48 . 2013-08-10 05:48 -------- d-----w- c:\program files (x86)\AmIcoSingLun
2013-08-10 05:48 . 2013-08-09 15:36 -------- d-----w- c:\windows\SysWow64\Atheros_L1e
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-11 02:54 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2013-08-11 02:54 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2013-08-10 10:15 . 2013-03-11 03:00 3880960 ----a-w- c:\windows\system32\drivers\athrx.sys
2013-08-10 02:33 . 2012-05-30 05:42 569152 ----a-w- c:\windows\system32\drivers\iaStor.sys
2013-07-09 04:45 . 2013-08-14 07:01 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-07-08 07:18 . 2013-07-08 07:18 91264 ----a-w- c:\windows\SysWow64\EasyHook32.dll
2013-06-18 13:50 . 2013-06-18 13:50 247216 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-06-18 13:50 . 2013-06-18 13:50 139616 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-07-25 20684656]
"GarenaPlus"="c:\program files (x86)\Garena Plus\GarenaMessenger.exe" [2013-08-23 9740080]
"MusicManager"="c:\users\Kev\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2013-06-20 7345664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-08-17 6859392]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-08-20 170624]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-11-30 56128]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2013-08-10 3058304]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-11 253816]
.
c:\users\Kev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CloudStation.lnk - c:\users\Kev\AppData\Local\CloudStation\bin\cloud.exe [2013-4-12 2998144]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-1-8 228448]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 FunshionSvr;FSServicePlatform;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys;c:\program files\ATKGFNEX\ASMMAP64.sys [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
FunshionServiceTools REG_MULTI_SZ FunshionSvr
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-23 01:45 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-09 16:25]
.
2013-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-09 16:25]
.
2013-08-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-879918844-1026431189-592061858-1000Core.job
- c:\users\Kev\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-10 08:06]
.
2013-08-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-879918844-1026431189-592061858-1000UA.job
- c:\users\Kev\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-10 08:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01UnsuppModule]
@="{AEB16659-2125-4ADA-A4AB-45EE21E86469}"
[HKEY_CLASSES_ROOT\CLSID\{AEB16659-2125-4ADA-A4AB-45EE21E86469}]
2013-04-12 11:40 2327552 ----a-w- c:\users\Kev\AppData\Local\CloudStation\iconoverlay_v2\IconOverlayDLLs_x64\iconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02SyncingModule]
@="{48AB5ADA-36B1-4137-99C9-2BD97F8788AB}"
[HKEY_CLASSES_ROOT\CLSID\{48AB5ADA-36B1-4137-99C9-2BD97F8788AB}]
2013-04-12 11:40 2327552 ----a-w- c:\users\Kev\AppData\Local\CloudStation\iconoverlay_v2\IconOverlayDLLs_x64\iconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03SyncedModule]
@="{472CE1AD-5D53-4BCF-A1FB-3982A5F55138}"
[HKEY_CLASSES_ROOT\CLSID\{472CE1AD-5D53-4BCF-A1FB-3982A5F55138}]
2013-04-12 11:40 2327552 ----a-w- c:\users\Kev\AppData\Local\CloudStation\iconoverlay_v2\IconOverlayDLLs_x64\iconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\FunOverlay]
@="{A5662DF9-0C2E-4A56-9FE1-BACFF6966D88}"
[HKEY_CLASSES_ROOT\CLSID\{A5662DF9-0C2E-4A56-9FE1-BACFF6966D88}]
2013-08-16 07:41 233096 ----a-w- c:\users\Public\Fundata\FunSeed64V237.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-07-30 617856]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-05 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-05 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-05 365592]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 1356240]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2000-01-01 13425224]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 202.65.242.50 202.65.242.46
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-NERcLK - c:\users\Kev\AppData\Roaming\windows\pcEamB.exe
Wow6432Node-HKCU-Run-Win Update Service - c:\users\Kev\AppData\Roaming\Microsoft\Installer\Install.exe
Wow6432Node-HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
Wow6432Node-HKLM-Explorer_Run-60699 - c:\progra~3\LOCALS~1\Temp\mswwoyk.com
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe /f=srs_premium_sound_nopreset.zip /h
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-08-24 14:30:28
ComboFix-quarantined-files.txt 2013-08-24 06:30
.
Pre-Run: 197,618,298,880 bytes free
Post-Run: 198,140,076,032 bytes free
.
- - End Of File - - 3E9B46CC1322A6DEF911282B9CC45315
A36C5E4F47E84449FF07ED3517B43A31
  • 0

#6
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello kevinkoh,

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

Driver::
FunshionSvr

Reboot::


Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt. Please post that here for further review.
  • 0

#7
kevinkoh

kevinkoh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
hi,
this is the logs:

ComboFix 13-08-22.01 - Kev 25/08/2013 10:27:23.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.65.1033.18.4061.2511 [GMT 8:00]
Running from: c:\users\Kev\Downloads\ComboFix.exe
Command switches used :: c:\users\Kev\Downloads\CFScript.txt.txt
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_FunshionSvr
.
.
((((((((((((((((((((((((( Files Created from 2013-07-25 to 2013-08-25 )))))))))))))))))))))))))))))))
.
.
2013-08-25 02:33 . 2013-08-25 02:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-25 02:24 . 2013-08-25 02:24 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-08-25 02:24 . 2013-08-25 02:24 -------- d-----r- c:\program files (x86)\Skype
2013-08-24 19:59 . 2013-08-24 13:28 -------- d-----w- C:\bd_logs
2013-08-24 09:38 . 2010-04-29 07:39 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2013-08-24 09:38 . 2010-04-29 07:39 20952 ----a-w- c:\windows\SysWow64\drivers\mbam.sys
2013-08-24 06:53 . 2013-08-24 15:44 -------- d-----w- c:\programdata\AVG2013
2013-08-24 06:53 . 2013-08-24 06:53 -------- d-----w- C:\$AVG
2013-08-24 06:52 . 2013-08-24 06:52 -------- d-----w- c:\program files (x86)\AVG
2013-08-24 06:50 . 2013-08-24 06:50 -------- d--h--w- c:\programdata\Common Files
2013-08-24 06:50 . 2013-08-25 01:33 -------- d-----w- c:\programdata\MFAData
2013-08-23 02:15 . 2013-08-23 02:29 -------- d-----w- c:\programdata\SpeedBit
2013-08-23 02:13 . 2013-08-23 02:13 -------- d-----w- c:\program files (x86)\Common Files\SpeedBit
2013-08-21 10:06 . 2013-08-21 10:06 -------- d-----w- c:\programdata\Malwarebytes
2013-08-21 00:26 . 2013-08-21 00:26 -------- d-----w- c:\windows\PCHEALTH
2013-08-21 00:14 . 2013-08-21 00:14 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2013-08-20 11:19 . 2013-08-20 11:24 -------- d-----w- c:\program files\KMSpico
2013-08-20 11:19 . 2013-08-24 06:11 -------- d-----w- c:\programdata\Local Settings
2013-08-20 11:17 . 2013-08-20 11:17 268896 ----a-w- c:\windows\system32\drivers\BazisPortableCDBus.sys
2013-08-20 10:29 . 2013-08-20 11:33 -------- d-----w- c:\program files (x86)\Microsoft Office 2013
2013-08-17 10:04 . 2013-08-22 13:06 -------- d-----w- c:\users\Public\Fundata
2013-08-17 01:17 . 2007-05-16 08:45 506728 ----a-w- c:\windows\system32\d3dx10_34.dll
2013-08-17 01:12 . 2013-08-17 01:16 -------- d--h--w- c:\windows\msdownld.tmp
2013-08-14 08:09 . 2013-07-26 05:12 53760 ----a-w- c:\windows\system32\jsproxy.dll
2013-08-14 08:09 . 2013-07-26 03:13 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-08-14 08:09 . 2013-07-26 05:13 2241024 ----a-w- c:\windows\system32\wininet.dll
2013-08-14 08:09 . 2013-07-26 05:12 15405056 ----a-w- c:\windows\system32\ieframe.dll
2013-08-14 08:09 . 2013-07-26 05:12 19239424 ----a-w- c:\windows\system32\mshtml.dll
2013-08-11 10:07 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-08-11 10:07 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-08-11 10:02 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-08-11 10:02 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-08-11 05:39 . 2012-08-23 15:09 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2013-08-11 05:22 . 2013-01-04 06:11 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-08-11 05:18 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-08-11 05:17 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-08-11 05:16 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-08-11 05:15 . 2013-05-13 05:50 52224 ----a-w- c:\windows\system32\certenc.dll
2013-08-11 05:15 . 2013-05-13 03:08 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-08-11 05:05 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-08-11 05:05 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-08-11 03:01 . 2013-08-20 08:55 -------- d-----w- C:\_acestream_cache_
2013-08-11 02:00 . 2013-08-11 02:00 -------- d-----w- c:\windows\system32\SPReview
2013-08-11 01:26 . 2013-08-11 01:26 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2013-08-11 01:16 . 2013-08-11 04:34 -------- d-----w- c:\program files\Microsoft Silverlight
2013-08-11 01:16 . 2013-08-11 04:34 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-08-11 00:51 . 2013-08-11 00:51 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2013-08-10 14:07 . 2013-08-10 14:07 -------- d-----w- c:\windows\system32\EventProviders
2013-08-10 12:57 . 2010-11-20 13:27 750080 ----a-w- c:\windows\system32\TSWorkspace.dll
2013-08-10 12:56 . 2010-11-20 13:14 7680 ----a-w- c:\windows\system32\spwizres.dll
2013-08-10 12:55 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2013-08-10 12:55 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2013-08-10 12:55 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll
2013-08-10 11:38 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2013-08-10 11:38 . 2011-04-28 03:54 80384 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2013-08-10 11:38 . 2010-11-20 13:24 229376 ----a-w- c:\windows\system32\fsquirt.exe
2013-08-10 11:37 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-08-10 11:37 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-08-10 11:37 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-08-10 11:37 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-08-10 11:37 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-08-10 11:37 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-08-10 11:37 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-08-10 10:24 . 2013-08-21 00:19 -------- d-----w- c:\program files (x86)\Microsoft.NET
2013-08-10 10:22 . 2013-08-21 00:14 -------- d-----w- c:\program files\Microsoft Office
2013-08-10 10:21 . 2013-08-10 10:21 -------- d-----r- C:\MSOCache
2013-08-10 10:02 . 2013-08-10 10:02 -------- d-----w- c:\windows\SysWow64\Wat
2013-08-10 10:02 . 2013-08-10 10:02 -------- d-----w- c:\windows\system32\Wat
2013-08-10 09:05 . 2013-08-10 09:05 -------- d-----w- c:\programdata\Garena
2013-08-10 08:51 . 2013-08-10 08:51 -------- d-----w- c:\program files\WinRAR
2013-08-10 08:42 . 2013-08-23 12:49 -------- d-----w- c:\program files (x86)\Garena Plus
2013-08-10 08:41 . 2013-08-10 08:41 -------- d-----w- c:\program files (x86)\VideoLAN
2013-08-10 08:36 . 2013-08-10 08:36 -------- d-----w- c:\program files (x86)\TeamViewer
2013-08-10 08:15 . 2013-08-10 08:15 -------- d-----w- c:\program files (x86)\Funshion Online
2013-08-10 08:06 . 2013-08-25 02:24 -------- d-----w- c:\programdata\Skype
2013-08-10 08:02 . 2013-08-25 02:09 -------- d-----w- c:\programdata\Microsoft Help
2013-08-10 07:53 . 2013-08-10 07:53 -------- d-----w- c:\program files (x86)\Notepad++
2013-08-10 07:52 . 2013-08-14 08:03 -------- d-----w- c:\windows\system32\MRT
2013-08-10 07:50 . 2013-08-10 07:50 -------- d-----w- c:\program files\NVIDIA Corporation
2013-08-10 07:47 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2013-08-10 07:47 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2013-08-10 07:47 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2013-08-10 07:47 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2013-08-10 07:46 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-08-10 07:44 . 2013-08-10 07:44 -------- d-----w- c:\windows\Sun
2013-08-10 06:27 . 2009-06-05 10:16 42176 ----a-w- c:\windows\system32\drivers\sncduvc.sys
2013-08-10 06:27 . 2009-06-05 10:16 1806400 ----a-w- c:\windows\system32\drivers\snp2uvc.sys
2013-08-10 06:27 . 2009-06-05 10:16 19008 ----a-w- c:\windows\DrvInst.exe
2013-08-10 06:27 . 2009-05-27 07:41 2266 ----a-w- c:\windows\Uninstvga.bat
2013-08-10 06:27 . 2009-02-02 01:57 2008 ----a-w- c:\windows\Uninstsxga.bat
2013-08-10 06:27 . 2008-06-25 11:00 1682 ----a-w- c:\windows\Uninstuxga.bat
2013-08-10 06:27 . 2008-03-21 13:44 384 ----a-w- c:\windows\Uninstvga.reg
2013-08-10 06:27 . 2008-03-21 13:44 386 ----a-w- c:\windows\Uninstsxga.reg
2013-08-10 06:27 . 2008-03-21 13:38 386 ----a-w- c:\windows\Uninstuxga.reg
2013-08-10 06:25 . 2009-09-19 10:53 1048576 ---h--r- C:\UL80VT.BIN
2013-08-10 06:25 . 2009-07-20 09:29 15416 ----a-w- c:\windows\system32\drivers\kbfiltr.sys
2013-08-10 06:25 . 2009-05-13 01:07 15928 ----a-w- c:\windows\system32\drivers\ATK64AMD.sys
2013-08-10 06:05 . 2012-07-26 05:39 2560 ----a-w- c:\windows\system32\drivers\tr-TR\wdf01000.sys.mui
2013-08-10 06:05 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-08-10 06:05 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-08-10 06:05 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2013-08-10 06:05 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-08-10 05:56 . 2013-08-09 15:03 824 ----a-w- c:\windows\system32\drivers\etc\tmvsthfud.bin
2013-08-10 05:56 . 2013-08-09 15:02 824 ----a-w- c:\windows\system32\drivers\etc\tmvsthfss.bin
2013-08-10 05:53 . 2013-08-10 05:53 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2013-08-10 05:53 . 2013-08-10 08:44 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2013-08-10 05:53 . 2013-08-09 15:23 -------- d-----w- c:\windows\SysWow64\ASUS_UL_Series_Screensaver dir
2013-08-10 05:53 . 2013-08-10 05:53 -------- d-----w- c:\windows\SysWow64\Macromed
2013-08-10 05:53 . 2013-08-10 05:53 3058304 ----a-w- c:\windows\AsScrPro.exe
2013-08-10 05:52 . 2013-08-10 05:52 -------- d-----w- c:\programdata\P4G
2013-08-10 05:52 . 2013-08-10 05:52 -------- d-----w- c:\program files\P4G
2013-08-10 05:51 . 2013-08-09 15:26 -------- d-----w- c:\program files (x86)\Downloaded Installations
2013-08-10 05:50 . 2013-08-10 05:50 -------- d-----w- c:\program files\ATKGFNEX
2013-08-10 05:49 . 2013-08-10 05:49 -------- d-----w- c:\program files\WIDCOMM
2013-08-10 05:49 . 2013-08-10 05:49 -------- d-----w- c:\program files (x86)\Atheros
2013-08-10 05:49 . 2011-05-20 02:48 1582080 ----a-w- c:\windows\system32\athrx.sys
2013-08-10 05:48 . 2013-08-10 05:49 -------- d-----w- c:\programdata\Atheros
2013-08-10 05:48 . 2013-08-09 15:16 -------- d-----w- c:\program files\Elantech
2013-08-10 05:48 . 2013-08-10 05:48 -------- d-----w- c:\programdata\AmUStor
2013-08-10 05:48 . 2013-08-10 05:48 -------- d-----w- c:\program files (x86)\AmIcoSingLun
2013-08-10 05:48 . 2013-08-09 15:36 -------- d-----w- c:\windows\SysWow64\Atheros_L1e
2013-08-10 05:47 . 2013-08-10 05:47 -------- d-----w- c:\program files\SRS Labs
2013-08-10 05:47 . 2013-08-10 05:47 -------- d-----w- c:\windows\system32\SRSLabs
2013-08-10 05:47 . 2013-08-10 05:47 -------- d-----w- c:\program files (x86)\Realtek
2013-08-10 05:47 . 2013-08-09 16:47 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-11 02:54 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2013-08-11 02:54 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2013-08-10 10:15 . 2013-03-11 03:00 3880960 ----a-w- c:\windows\system32\drivers\athrx.sys
2013-08-10 02:33 . 2012-05-30 05:42 569152 ----a-w- c:\windows\system32\drivers\iaStor.sys
2013-07-19 17:51 . 2013-07-19 17:51 311608 ----a-w- c:\windows\system32\drivers\avgloga.sys
2013-07-19 17:50 . 2013-07-19 17:50 71480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2013-07-19 17:50 . 2013-07-19 17:50 246072 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2013-07-19 17:50 . 2013-07-19 17:50 206648 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2013-07-09 17:32 . 2013-07-09 17:32 45880 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2013-07-09 04:45 . 2013-08-14 07:01 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-07-08 07:18 . 2013-07-08 07:18 91264 ----a-w- c:\windows\SysWow64\EasyHook32.dll
2013-06-30 17:45 . 2013-06-30 17:45 116536 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GarenaPlus"="c:\program files (x86)\Garena Plus\GarenaMessenger.exe" [2013-08-23 9740080]
"MusicManager"="c:\users\Kev\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2013-06-20 7345664]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-07-25 20686704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-08-17 6859392]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-08-20 170624]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-11-30 56128]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2013-08-10 3058304]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-11 253816]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-06-30 4411440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"60699"="c:\progra~3\LOCALS~1\Temp\mswwoyk.com" [BU]
.
c:\users\Kev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CloudStation.lnk - c:\users\Kev\AppData\Local\CloudStation\bin\cloud.exe [2013-4-12 2998144]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys;c:\program files\ATKGFNEX\ASMMAP64.sys [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
S2 BcmBtRSupport;Bluetooth Driver Management Service;c:\windows\system32\BtwRSupportService.exe;c:\windows\SYSNATIVE\BtwRSupportService.exe [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S3 bcbtums;Bluetooth USB LD Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
S3 btwampfl;btwampfl;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
FunshionServiceTools REG_MULTI_SZ FunshionSvr
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-23 01:45 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-09 16:25]
.
2013-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-09 16:25]
.
2013-08-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-879918844-1026431189-592061858-1000Core.job
- c:\users\Kev\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-10 08:06]
.
2013-08-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-879918844-1026431189-592061858-1000UA.job
- c:\users\Kev\AppData\Local\Google\Update\GoogleUpdate.exe [2013-08-10 08:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01UnsuppModule]
@="{AEB16659-2125-4ADA-A4AB-45EE21E86469}"
[HKEY_CLASSES_ROOT\CLSID\{AEB16659-2125-4ADA-A4AB-45EE21E86469}]
2013-04-12 11:40 2327552 ----a-w- c:\users\Kev\AppData\Local\CloudStation\iconoverlay_v2\IconOverlayDLLs_x64\iconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02SyncingModule]
@="{48AB5ADA-36B1-4137-99C9-2BD97F8788AB}"
[HKEY_CLASSES_ROOT\CLSID\{48AB5ADA-36B1-4137-99C9-2BD97F8788AB}]
2013-04-12 11:40 2327552 ----a-w- c:\users\Kev\AppData\Local\CloudStation\iconoverlay_v2\IconOverlayDLLs_x64\iconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03SyncedModule]
@="{472CE1AD-5D53-4BCF-A1FB-3982A5F55138}"
[HKEY_CLASSES_ROOT\CLSID\{472CE1AD-5D53-4BCF-A1FB-3982A5F55138}]
2013-04-12 11:40 2327552 ----a-w- c:\users\Kev\AppData\Local\CloudStation\iconoverlay_v2\IconOverlayDLLs_x64\iconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\FunOverlay]
@="{A5662DF9-0C2E-4A56-9FE1-BACFF6966D88}"
[HKEY_CLASSES_ROOT\CLSID\{A5662DF9-0C2E-4A56-9FE1-BACFF6966D88}]
2013-08-16 07:41 233096 ----a-w- c:\users\Public\Fundata\FunSeed64V237.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-07-30 617856]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-05 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-05 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-05 365592]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2000-01-01 13425224]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 202.65.242.50 202.65.242.46
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\TeamViewer\Version8\TeamViewer.exe
c:\program files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
c:\program files (x86)\Garena Plus\ggdllhost.exe
c:\program files (x86)\TeamViewer\Version8\tv_w32.exe
c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\users\Kev\AppData\Local\CloudStation\bin\client-win.exe
.
**************************************************************************
.
Completion time: 2013-08-25 10:42:25 - machine was rebooted
ComboFix-quarantined-files.txt 2013-08-25 02:42
ComboFix2.txt 2013-08-24 06:30
.
Pre-Run: 204,973,281,280 bytes free
Post-Run: 204,394,291,200 bytes free
.
- - End Of File - - FDE46EE824AC346841B2EC3BE2480046
A36C5E4F47E84449FF07ED3517B43A31
  • 0

#8
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hi kevinkoh,

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right click JRT.exe and "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

  • 0

#9
kevinkoh

kevinkoh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
hi, the tool has removed funshion.

is funshion harmful? i use it to watch anime

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.4 (08.22.2013:1)
OS: Windows 7 Home Premium x64
Ran by Kev on Sun 25/08/2013 at 11:49:51.36
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\Users\Kev\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\funshion.lnk"



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\funshion online"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\funshion"
Successfully deleted: [Folder] "C:\Users\Kev\funshion"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 25/08/2013 at 11:56:58.87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#10
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

is funshion harmful?


See here.

We actually removed part of it with ComboFix.

Now

Please run OTL.exe

  • Under the Custom Scans/Fixes box at the bottom, copy and paste the content of the quote box below:


    :Commands
    [emptytemp]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.The log is saved in the same location as OTL.

  • 0

#11
kevinkoh

kevinkoh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Okay, i did as instructed,

Actaully , the log is located in C:\_OTL\MovedFiles

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Kev
->Temp folder emptied: 1702461 bytes
->Temporary Internet Files folder emptied: 44095232 bytes
->Java cache emptied: 210775 bytes
->Google Chrome cache emptied: 397389077 bytes
->Flash cache emptied: 2221 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 4662 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 952 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 34116 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 423.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 08252013_124108

Files\Folders moved on Reboot...
C:\Users\Kev\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Kev
->Temp folder emptied: 1702461 bytes
->Temporary Internet Files folder emptied: 44095232 bytes
->Java cache emptied: 210775 bytes
->Google Chrome cache emptied: 397389077 bytes
->Flash cache emptied: 2221 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 4662 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 952 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 34116 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 423.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 08252013_124108

Files\Folders moved on Reboot...
C:\Users\Kev\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Edited by kevinkoh, 25 August 2013 - 12:02 AM.

  • 0

#12
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello again kevinkoh,

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic and tell me how your machine is now.

  • 0

#13
kevinkoh

kevinkoh

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi emeraldnzl,

I did the scan, and the computer feel normal now, no longer using 100%cpu.

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ec7701ca9f4f55488baf7c642cd13b6b
# engine=14890
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-08-25 07:54:10
# local_time=2013-08-25 03:54:10 (+0800, Malay Peninsula Standard Time)
# country="Singapore"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1043 16777213 100 87 0 64572834 0 0
# compatibility_mode=5893 16776574 100 94 56846 129047100 0 0
# scanned=150097
# found=3
# cleaned=3
# scan_time=5244
sh=D22BE49E34BA0DEF07D1F5AA7A2A2A96B9DE85DF ft=1 fh=f034284a15d74f6c vn="MSIL/Injector.BRM trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Qoobox\Quarantine\C\Users\Kev\AppData\Roaming\Microsoft\Installer\Update.exe.vir"
sh=890368473ECBC404DCD42FF0C6C38397102F59C0 ft=1 fh=4c7db45bf4256cb3 vn="Win32/PrcView application (cleaned by deleting - quarantined)" ac=C fn="C:\Qoobox\Quarantine\C\Windows\SysWOW64\Process.exe.vir"
sh=6F2474916A4B6614ED9E1D33DA77F9A0C0B4E23D ft=0 fh=0000000000000000 vn="Win32/OpenCandy application (deleted - quarantined)" ac=C fn="D:\KEV-PC\Backup Set 2013-08-10 002633\Backup Files 2013-08-10 165051\Backup files 1.zip"
  • 0

#14
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello kevinkoh,

I did the scan, and the computer feel normal now, no longer using 100%cpu.


I think you are good to go.

We have a couple of last steps to perform and then you're all set.Posted Image

Follow these steps to uninstall Combofix and tools used in the removal of malware. This will also clean out and reset your Restore Points.

  • Go to Start > Programs > Accessories and click on Run
  • Copy and paste the the bolded text below in the box then hit OK

    Combofix /Uninstall

    Posted Image
Step 2
  • Double-click OTL.exe to run it. (Vista users, please right click on OTL.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.
Any other tools remaining may be deleted.

-------------------------------------------------------------------------------------------------------------------

A reminder: Remember to (re-install if uninstalled during cleaning) update and turn back on any anti-malware programs you may have turned off during the cleaning process.
-------------------------------------------------------------------------------------------------------------------

Here are some things that I think are worth having a look at if you don't already know about them:

---------------------------------------------------------------------------------------------------------------------

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article Strong passwords: How to create and use them.

----------------------------------------------------------------------------------------------------------------------

Java warning

Java is a popular point of entry to your computer for malicous programs. The United States Department of Homeland Security recommends that computer users disable Java, see here. Unless you need it to run an important software the safest approach is to completely uninstall Java. Where you do require it, then the next safest option is to disable it in your browsers until you need it, then enable it.

How to disable Java in your web browser and How to unplug Java from the browser

If you do still need Java then regularly check that it is up to date. Older versions are the most vulnerable to malicious attack.

  • Download Java for Windows

    Reboot your computer.
    You also need to unininstall older versions of Java.
  • Click Start > Control Panel > Add or Remove Programs
  • Remove all Java updates except the latest one you have just installed.
--------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future:



If you do not already have automatic updates set then it is recommended that you do set Windows to check, download and install your updates automatically.

* Click Start > Control Panel > System and Security > Windows Update
* Under Windows Update click on Turn automatic updating on or off
* Check items shown to ensure you receive updates automatically. Click OK.

Be aware of what emails you open and websites you visit.

Go here for some good advice about how to prevent infection.

A fun way to check your online safety literacy.

Quiz - getsafeonline

Have a safe and happy computing day!
  • 0

#15
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP