Results 1 to 7 of 7

Thread: bifrost keeps popping up

  1. #1
    Junior Member
    Join Date
    Nov 2011
    Posts
    2

    Default bifrost keeps popping up

    hey new to the forums got a virus the other day and ran spybot and MBAM both giving me 3-4 trojans even after deleting them they keeping coming back up after reboot, i dont have much knowledge on the subject so your help is very much appreciated.

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_29
    Run by Kratos at 19:43:39 on 2011-11-20
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2626 [GMT -5:00]
    .
    AV: Trend Micro Internet Security *Disabled/Updated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
    SP: Trend Micro Internet Security *Disabled/Updated* {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\FBAgent.exe
    C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
    C:\Program Files\ATKGFNEX\GFNEXSrv.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
    C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe
    C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
    C:\Program Files\P4G\BatteryLife.exe
    C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe
    C:\Windows\SysWOW64\ACEngSvr.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
    C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
    C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
    C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
    C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CNRpc.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
    C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
    C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
    C:\Program Files (x86)\Winamp\winampa.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
    C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Users\Kratos\AppData\Roaming\debug\explorer.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\system32\sppsvc.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.ask.com?o=15153&l=dis
    uDefault_Page_URL = hxxp://asus.msn.com
    uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
    mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    uRun: [DS3 Tool] C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe -mini
    uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    uRun: [Java(TM) Platform] C:\Users\Kratos\AppData\Roaming\debug\explorer.exe
    uRun: [Google Update] C:\Users\Kratos\AppData\Roaming\debug\cscrss.exe
    mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    mRun: [CinemaNowMediaManagerApp] C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe -start
    mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
    mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
    mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
    mRun: [Setwallpaper] c:\programdata\SetWallpaper.cmd
    mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    StartupFolder: C:\Users\Kratos\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
    StartupFolder: C:\Users\Kratos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~2\AIM\aim.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    Trusted Zone: cinemanow.com
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    TCP: DhcpNameServer = 68.87.64.150 68.87.75.198
    TCP: Interfaces\{25320DF8-3C04-43D0-9D16-3E42A4103CE4} : DhcpNameServer = 68.87.64.150 68.87.75.198
    TCP: Interfaces\{2F2FAF95-CF34-4FCA-9859-D11D85DF5445} : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{6BD55AF8-BDB8-490D-9F54-A54EE03625D8}\4656661657C647 : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{AC20BEEC-5F7C-4C04-952E-6B47BD5773B3}\4656661657C647 : DhcpNameServer = 192.168.0.1
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
    BHO-X64: AIM Toolbar Loader - No File
    BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
    TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    mRun-x64: [CinemaNowMediaManagerApp] C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe -start
    mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
    mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
    mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
    mRun-x64: [Setwallpaper] c:\programdata\SetWallpaper.cmd
    mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    IE-X64: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~2\AIM\aim.exe
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Kratos\AppData\Roaming\Mozilla\Firefox\Profiles\xwmcvf90.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
    FF - prefs.js: browser.search.selectedEngine - Ask.com
    FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
    FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
    FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
    FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
    ============= SERVICES / DRIVERS ===============
    .
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]
    R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2009-10-4 14904]
    R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648]
    R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2009-6-11 127352]
    R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
    R2 FastBootAgent;FastBootAgent;C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe [2009-10-4 306232]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-6-9 366152]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-11-17 1153368]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
    R2 tmpreflt;tmpreflt;C:\Windows\system32\DRIVERS\tmpreflt.sys --> C:\Windows\system32\DRIVERS\tmpreflt.sys [?]
    R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 AE1000;Linksys AE1000 Driver;C:\Windows\system32\DRIVERS\ae1000w7.sys --> C:\Windows\system32\DRIVERS\ae1000w7.sys [?]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336]
    S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
    S3 fsssvc;Windows Live Family Safety;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-8 533344]
    S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
    S3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;C:\Windows\system32\DRIVERS\wg111v3.sys --> C:\Windows\system32\DRIVERS\wg111v3.sys [?]
    S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
    S3 TmProxy;Trend Micro Proxy Service;C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2009-10-4 917768]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2011-11-21 00:21:03 -------- d-----w- C:\Program Files\CCleaner
    2011-11-17 23:30:39 -------- d-sh--r- C:\Users\Kratos\AppData\Roaming\debug
    2011-11-17 22:19:17 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2011-11-17 22:19:17 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
    2011-11-15 22:39:06 -------- d-----w- C:\Users\Kratos\AppData\Roaming\system
    2011-11-15 22:22:09 -------- d-----w- C:\Users\Kratos\AppData\Roaming\Boot
    2011-11-09 23:43:02 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
    2011-11-09 23:43:02 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
    2011-11-09 23:43:01 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2011-11-09 23:43:00 3144704 ----a-w- C:\Windows\System32\win32k.sys
    2011-10-28 05:12:37 -------- d-----w- C:\Program Files\Media Player Classic - Home Cinema
    2011-10-26 10:35:49 6144 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
    2011-10-26 10:35:49 6144 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
    .
    ==================== Find3M ====================
    .
    2011-11-21 00:41:05 45056 ----a-w- C:\Windows\System32\acovcnt.exe
    2011-11-10 22:50:24 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-10-03 10:06:03 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2011-10-01 03:25:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-10-01 02:42:56 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-08-31 22:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-08-27 05:37:49 861696 ----a-w- C:\Windows\System32\oleaut32.dll
    2011-08-27 05:37:48 331776 ----a-w- C:\Windows\System32\oleacc.dll
    2011-08-27 04:26:27 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
    2011-08-27 04:26:27 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
    .
    ============= FINISH: 19:45:07.31 ===============

    Win32.Bifrost: [SBI $87399108] Settings (Registry key, nothing done)
    HKEY_USERS\S-1-5-21-2907813260-1644593039-2468779859-1000\Software\Cerberus


    --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

    2009-01-26 blindman.exe (1.0.0.8)
    2009-01-26 SDFiles.exe (1.6.1.7)
    2009-01-26 SDMain.exe (1.0.0.6)
    2009-01-26 SDShred.exe (1.0.2.5)
    2009-01-26 SDUpdate.exe (1.6.0.12)
    2009-01-26 SDWinSec.exe (1.0.0.12)
    2009-01-26 SpybotSD.exe (1.6.2.46)
    2009-03-05 TeaTimer.exe (1.6.6.32)
    2011-11-17 unins000.exe (51.49.0.0)
    2009-01-26 Update.exe (1.6.0.7)
    2009-11-04 advcheck.dll (1.6.5.20)
    2007-04-02 aports.dll (2.1.0.0)
    2008-06-14 DelZip179.dll (1.79.11.1)
    2009-01-26 SDHelper.dll (1.6.2.14)
    2008-06-19 sqlite3.dll
    2009-01-26 Tools.dll (2.1.6.10)
    2009-01-16 UninsSrv.dll (1.0.0.0)
    2011-03-18 Includes\Adware.sbi (*)
    2011-11-15 Includes\AdwareC.sbi (*)
    2010-08-13 Includes\Cookies.sbi (*)
    2010-12-14 Includes\Dialer.sbi (*)
    2011-03-08 Includes\DialerC.sbi (*)
    2011-02-24 Includes\HeavyDuty.sbi (*)
    2011-03-29 Includes\Hijackers.sbi (*)
    2011-10-04 Includes\HijackersC.sbi (*)
    2010-09-15 Includes\iPhone.sbi (*)
    2010-12-14 Includes\Keyloggers.sbi (*)
    2011-09-27 Includes\KeyloggersC.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2011-11-15 Includes\Malware.sbi (*)
    2011-11-15 Includes\MalwareC.sbi (*)
    2011-02-24 Includes\PUPS.sbi (*)
    2011-10-11 Includes\PUPSC.sbi (*)
    2010-01-25 Includes\Revision.sbi (*)
    2011-02-24 Includes\Security.sbi (*)
    2011-05-03 Includes\SecurityC.sbi (*)
    2008-06-03 Includes\Spybots.sbi (*)
    2008-06-03 Includes\SpybotsC.sbi (*)
    2011-10-18 Includes\Spyware.sbi (*)
    2011-10-18 Includes\SpywareC.sbi (*)
    2010-03-08 Includes\Tracks.uti
    2011-09-28 Includes\Trojans.sbi (*)
    2011-11-09 Includes\TrojansC-02.sbi (*)
    2011-11-15 Includes\TrojansC-03.sbi (*)
    2011-11-14 Includes\TrojansC-04.sbi (*)
    2011-11-15 Includes\TrojansC-05.sbi (*)
    2011-11-09 Includes\TrojansC.sbi (*)
    2008-03-04 Plugins\Chai.dll
    2008-03-05 Plugins\Fennel.dll
    2008-02-26 Plugins\Mate.dll
    2007-12-24 Plugins\TCPIPAddress.dll

  2. #2
    Emeritus- Malware Team
    Join Date
    Aug 2011
    Posts
    148

    Default

    Hi gwilson25,

    Firstly, welcome to the Safer-Networking Malware Removal Forum.
    My name is Scolabar, and I'll be helping you with your malware problems.
    Logs can take a while to research, so please be patient.

    I am currently working under the guidance of teachers, everything I post to you, will need to be reviewed by them.
    This additional review process can add some extra time to my responses, but hopefully not too much.


    Please note the following important guidelines before proceeding:
    1. The instructions that will be provided are for YOUR computer and system only!
      Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable
      !
    2. If you have any questions or do not understand something, please do not hesitate to ask, don't guess or assume.
    3. Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
    4. Only reply to this thread, do not start another. Please, continue responding, until I give you the All Clean.
      Absence of symptoms does not necessarily mean that everything is clear.
    5. DO NOT run any other fix or removal tools unless instructed to do so!
    6. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
    7. Print each set of instructions, if possible. Your Internet connection will not be available during some fix processes.
    8. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    9. Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

    Please Note: If you haven't done so already, please read this topic "BEFORE You POST"(Please read this Procedure Before Requesting Assistance) where the conditions for receiving help here are explained.

    Windows 7 Advice:
    Please Note: The programs I ask you to use will need to be run in Administrator Mode.
    In order to do this Right-click on the program file and select the Run as Administrator option.
    Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program.
    If prompted, please click on the Allow button.
    Reference: User Account Control (UAC) and Running as Administrator

    Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
    In light of this, it would be advisable for you to back up any important files and folders that you don't want to lose before we start.



    If you follow these guidelines, things should proceed smoothly.
    I am currently reviewing your log and will return, as soon as possible, with additional instructions.

    Thank you for your patience.

    Scolabar
    Malware Removal University - You too could train to help others

  3. #3
    Emeritus- Malware Team
    Join Date
    Aug 2011
    Posts
    148

    Default

    Hi gwilson25,

    Thank you again for your patience.

    Please read these instructions carefully before executing and perform the steps, in the order given.
    lf you have any questions about or problems with, executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

    Before we proceed please make sure any open programs are closed.

    Step 1:
    Business Use Computer?

    Entries in the log you have provided lead me to believe that this computer may be being used for business purposes.
    Please could you confirm whether or not this is the case? If not, please proceed with Step 2 and clarify for what purposes this computer is used in your next post.

    Step 2:
    MBAM Log

    Please Copy and Paste the entire contents of mbam-log-date (time).txt (Malwarebytes' Anti-Malware scan log) that you mentioned in your next reply.

    The log can be found here:
    C:\Documents and Settings\Account Name\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

    Step 3:
    Online Multi Anti-Virus File Scan

    I need to ask you to upload a couple of files for further inspection.

    1. Please go to either:
      VirusTotal or Jotti in order to upload the following file(s) for scanning:
      C:\Users\Kratos\AppData\Roaming\debug\explorer.exe
      C:\Users\Kratos\AppData\Roaming\debug\cscrss.exe
    2. Navigate to and select the file(s) to be uploaded - select only one file per scan.
    3. Click on the Send/Submit button as appropriate. The file will upload to VirusTotal/Jotti, where it will be scanned by several Anti-Virus programmes.
    4. Please wait for all the scanners to finish.
    5. Then Copy and Paste the results in your next reply.

    Step 4:
    Include in Next Post

    1. Did you have any problems carrying out the instructions?
    2. Is this computer used for business purposes? If not, please clarify for what purposes the computer is used.
    3. Malwarebytes' Anti-Malware scan log.
    4. All the Jotti scan results or Virus Total scan results.
    5. Do you have the original Windows installation media for your PC?


    Scolabar
    --------------------------------------------------------------------------
    No Reply Within 3 Days Will Result In Your Topic Being Closed
    Malware Removal University - You too could train to help others

  4. #4
    Junior Member
    Join Date
    Nov 2011
    Posts
    2

    Default

    1. No this computer is for personal use mostly just for music and web browsing

    2.Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8184

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 8.0.7601.17514

    11/17/2011 6:28:27 PM
    mbam-log-2011-11-17 (18-28-27).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 373842
    Time elapsed: 37 minute(s), 55 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 2

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\GoogleUpdate (Trojan.Agent.IGen) -> Value: GoogleUpdate -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\Users\Kratos\Desktop\gmz\dfx.audio.enhancer.plus.9.301.by.tano1221\dfx audio enhancer plus 9.301\keygen\Keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
    c:\Users\Kratos\AppData\Roaming\Boot\ctfmon.exe (Trojan.Agent.IGen) -> Quarantined and deleted successfully.

    3. File name:
    explorer.exe
    Submission date:
    2011-11-25 16:28:33 (UTC)
    Current status:
    queued (#3) queued (#3) analysing finished
    Result:
    27/ 42 (64.3%)

    Antivirus Version Last Update Result
    AhnLab-V3 2011.11.25.00 2011.11.25 Trojan/Win32.VBKrypt
    AntiVir 7.11.18.78 2011.11.25 TR/Dropper.Gen
    Antiy-AVL 2.0.3.7 2011.11.25 -
    Avast 6.0.1289.0 2011.11.25 Win32:Malware-gen
    AVG 10.0.0.1190 2011.11.25 Dropper.Generic4.CDJM
    BitDefender 7.2 2011.11.25 Gen:Trojan.Heur2.BDT.5mW@ay0Ab8ciFd
    ByteHero 1.0.0.1 2011.11.14 Virus.Win32.Heur.c
    CAT-QuickHeal 12.00 2011.11.25 (Suspicious) - DNAScan
    ClamAV 0.97.3.0 2011.11.25 -
    Commtouch 5.3.2.6 2011.11.25 -
    Comodo 10788 2011.11.25 -
    Emsisoft 5.1.0.11 2011.11.25 Trojan.Win32.VBKrypt!IK
    eSafe 7.0.17.0 2011.11.24 -
    eTrust-Vet 37.0.9587 2011.11.25 Win32/VBNA.A!generic
    F-Prot 4.6.5.141 2011.11.25 -
    F-Secure 9.0.16440.0 2011.11.25 Gen:Trojan.Heur2.BDT.5mW@ay0Ab8ciFd
    Fortinet 4.3.370.0 2011.11.25 W32/Refroso.AGEA!tr
    GData 22 2011.11.25 Gen:Trojan.Heur2.BDT.5mW@ay0Ab8ciFd
    Ikarus T3.1.1.109.0 2011.11.25 Trojan.Win32.VBKrypt
    Jiangmin 13.0.900 2011.11.25 TrojanDropper.Injector.aap
    K7AntiVirus 9.119.5542 2011.11.25 -
    Kaspersky 9.0.0.837 2011.11.25 Trojan-Dropper.Win32.Injector.yeq
    McAfee 5.400.0.1158 2011.11.25 -
    McAfee-GW-Edition 2010.1D 2011.11.25 -
    Microsoft 1.7801 2011.11.25 VirTool:Win32/DelfInject
    NOD32 6659 2011.11.25 a variant of Win32/Injector.DTC
    Norman 6.07.13 2011.11.25 -
    nProtect 2011-11-25.01 2011.11.25 Trojan/W32.Agent.936128.B
    Panda 10.0.3.5 2011.11.25 Trj/CI.A
    PCTools 8.0.0.5 2011.11.25 Trojan.Gen
    Prevx 3.0 2011.11.25 -
    Rising 23.85.04.01 2011.11.25 -
    Sophos 4.71.0 2011.11.25 Mal/Generic-L
    SUPERAntiSpyware 4.40.0.1006 2011.11.24 -
    Symantec 20111.2.0.82 2011.11.25 Trojan.Gen.2
    TheHacker 6.7.0.1.347 2011.11.24 -
    TrendMicro 9.500.0.1008 2011.11.25 TROJ_GEN.RC1C8KI
    TrendMicro-HouseCall 9.500.0.1008 2011.11.25 TROJ_GEN.RC1C8KI
    VBA32 3.12.16.4 2011.11.25 Malware-Cryptor.VB.gen
    VIPRE 11145 2011.11.25 Trojan.Win32.Generic!BT
    ViRobot 2011.11.25.4793 2011.11.25 -
    VirusBuster 14.1.85.0 2011.11.25 Trojan.Injector!D+JwPvND268
    Additional information
    Show all
    MD5 : 31e2a55e0906b0cced9709d2cd1a20a2
    SHA1 : 59ba73d42b4fe47e729a4c2253821c552c20f052
    SHA256: 9f21094a49551e3f820ba2d07a701b455f939628ff7a99e7024b48456ae306e2

    File name:
    cscrss.exe
    Submission date:
    2011-11-25 16:32:19 (UTC)
    Current status:
    queued (#2) queued (#2) analysing finished
    Result:
    27/ 42 (64.3%)

    Antivirus Version Last Update Result
    AhnLab-V3 2011.11.25.00 2011.11.25 Trojan/Win32.VBKrypt
    AntiVir 7.11.18.78 2011.11.25 TR/Dropper.Gen
    Antiy-AVL 2.0.3.7 2011.11.25 -
    Avast 6.0.1289.0 2011.11.25 Win32:Malware-gen
    AVG 10.0.0.1190 2011.11.25 Dropper.Generic4.CDJM
    BitDefender 7.2 2011.11.25 Gen:Trojan.Heur2.BDT.5mW@ay0Ab8ciFd
    ByteHero 1.0.0.1 2011.11.14 Virus.Win32.Heur.c
    CAT-QuickHeal 12.00 2011.11.25 (Suspicious) - DNAScan
    ClamAV 0.97.3.0 2011.11.25 -
    Commtouch 5.3.2.6 2011.11.25 -
    Comodo 10788 2011.11.25 -
    DrWeb 5.0.2.03300 2011.11.25 Trojan.VbCrypt.66
    Emsisoft 5.1.0.11 2011.11.25 Trojan.Win32.VBKrypt!IK
    eSafe 7.0.17.0 2011.11.24 -
    eTrust-Vet 37.0.9587 2011.11.25 Win32/VBNA.A!generic
    F-Prot 4.6.5.141 2011.11.25 -
    F-Secure 9.0.16440.0 2011.11.25 Gen:Trojan.Heur2.BDT.5mW@ay0Ab8ciFd
    Fortinet 4.3.370.0 2011.11.25 W32/Refroso.AGEA!tr
    GData 22.286/22.529 2011.11.25 Gen:Trojan.Heur2.BDT.5mW@ay0Ab8ciFd
    Ikarus T3.1.1.109.0 2011.11.25 Trojan.Win32.VBKrypt
    Jiangmin 13.0.900 2011.11.25 TrojanDropper.Injector.aap
    K7AntiVirus 9.119.5542 2011.11.25 -
    Kaspersky 9.0.0.837 2011.11.25 Trojan-Dropper.Win32.Injector.yeq
    McAfee 5.400.0.1158 2011.11.25 -
    McAfee-GW-Edition 2010.1D 2011.11.25 -
    Microsoft 1.7801 2011.11.25 VirTool:Win32/DelfInject
    NOD32 6659 2011.11.25 a variant of Win32/Injector.DTC
    Norman 6.07.13 2011.11.25 -
    nProtect 2011-11-25.01 2011.11.25 Trojan/W32.Agent.936128.B
    Panda 10.0.3.5 2011.11.25 Trj/CI.A
    PCTools 8.0.0.5 2011.11.25 Trojan.Gen
    Prevx 3.0 2011.11.25 -
    Rising 23.85.04.01 2011.11.25 -
    Sophos 4.71.0 2011.11.25 Mal/Generic-L
    SUPERAntiSpyware 4.40.0.1006 2011.11.24 -
    Symantec 20111.2.0.82 2011.11.25 Trojan.Gen.2
    TheHacker 6.7.0.1.347 2011.11.24 -
    TrendMicro 9.500.0.1008 2011.11.25 TROJ_GEN.RC1C8KI
    TrendMicro-HouseCall 9.500.0.1008 2011.11.25 TROJ_GEN.RC1C8KI
    VIPRE 11145 2011.11.25 Trojan.Win32.Generic!BT
    ViRobot 2011.11.25.4793 2011.11.25 -
    VirusBuster 14.1.85.0 2011.11.25 Trojan.Injector!D+JwPvND268
    Additional information
    Show all
    MD5 : 31e2a55e0906b0cced9709d2cd1a20a2
    SHA1 : 59ba73d42b4fe47e729a4c2253821c552c20f052
    SHA256: 9f21094a49551e3f820ba2d07a701b455f939628ff7a99e7024b48456ae306e2

    5. i do not have the original cds that came with my computer anymore i lost/misplaced them when moving

    i am also not sure if i posted the virustotal logs correctly as it said i was uploading the same file twice

  5. #5
    Emeritus- Malware Team
    Join Date
    Aug 2011
    Posts
    148

    Default

    Hi gwilson25,

    Thank you for the MBAM log, online scan results and feedback.

    Again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
    If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

    Before we proceed please make sure any open programs are closed.

    Step 1:
    Security Check

    1. Please download Security Check by screen317 and Save it to your Desktop.
      Alternate download site: Link 2
    2. Right-click on SecurityCheck.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.[/b][/color]
    3. Press the Space Bar when you see the Press any key to continue... message.
      Please Note: This scan will take a short while to complete, so please be patient.
    4. When the scan has completed, a Notepad file will automatically open called checkup.txt.
    5. Save the file checkup.txt to your Desktop.
      Please Note: This output file is NOT automatically saved!
    6. Then Copy and Paste the entire contents of the checkup.txt file into your next reply.

    Step 2:
    CKScanner

    1. Please download CKScanner and Save it to your Desktop.
      Make sure that CKScanner.exe is on your Desktop before running the application!
    2. Right-click on CKScanner.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.[/b][/color]
    3. Then click on the Search For Files button.
    4. When the scan has finished (- the hourglass cursor will disappear when the scan has completed) click on the Save List To File button.
      A text file will be created on your desktop named ckfiles.txt.
    5. Click on the Exit button to close the program.
    6. Double-click on the ckfiles.txt file to open it.
    7. Then Copy and Paste the entire contents of the file into your next reply.

    Step 3:
    Include in Next Post

    1. Did you have any problems carrying out the instructions?
    2. checkup.txt.
    3. ckfiles.txt.


    Scolabar
    --------------------------------------------------------------------------
    No Reply Within 3 Days Will Result In Your Topic Being Closed
    Malware Removal University - You too could train to help others

  6. #6
    Emeritus- Malware Team
    Join Date
    Aug 2011
    Posts
    148

    Default

    Hi gwilson25,

    It has been over 48 hours since my last post.

    • Do you still need help?
    • Do you need more time?
    • Are you having problems following my instructions?


    Scolabar
    Malware Removal University - You too could train to help others

  7. #7
    Visiting Fellow
    Join Date
    Nov 2009
    Location
    Land Of The Leprechauns
    Posts
    461

    Default

    This topic has been archived due to inactivity.

    If it has been three days or more since your last post, and the helper assisting you posted a response to which you did not reply, your thread will not be re-opened. At that point, if you still require help, please start a new topic and include a new DDS log with a link to your previous thread. Please do not add any logs that might have been requested previously, you would be starting fresh.

    If it has been less than three days since your last response and you need the thread re-opened, please send your helper a private message (pm). A valid, working link to the closed topic is required.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •