-
Senior Member
application whitesmoke, Adware.domaiq, adware.goonsquad!rem problems
hi, im having problems with infections listed above in the thread title. please help, thanks.
logs posted below.
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.16518 BrowserJavaVersion: 10.51.2
Run by Michelle at 22:10:29 on 2014-02-26
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.3318.1403 [GMT 0:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Enabled/Outdated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Users\Michelle\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Users\Michelle\AppData\Roaming\Spotify\spotify.exe
C:\Windows\system32\taskeng.exe
C:\Users\Michelle\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Michelle\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Michelle\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Users\Michelle\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Michelle\AppData\Roaming\VOPackage\VOPackage.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.mysearchdial.com/?f=1&a=dnldmsd&cd=2XzuyEtN2Y1L1QzuyB0C0D0DzytDtD0A0DzytCtCtC0ByByDtN0D0Tzu0CyDzytDtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=1711191720&ir=
mStart Page = hxxp://start.mysearchdial.com/?f=1&a=dnldmsd&cd=2XzuyEtN2Y1L1QzuyB0C0D0DzytDtD0A0DzytCtCtC0ByByDtN0D0Tzu0CyDzytDtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=1711191720&ir=
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: mysearchdial Helper Object: {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} - c:\program files\mysearchdial\bh\mysearchdial.dll
uRun: [Radio Downloader] "c:\program files\radio downloader\Radio Downloader.exe" /hidemainwindow
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Spotify Web Helper] "c:\users\michelle\appdata\roaming\spotify\data\SpotifyWebHelper.exe"
uRun: [Spotify] "c:\users\michelle\appdata\roaming\spotify\spotify.exe" /uri spotify:autostart
uRun: [NextLive] c:\windows\system32\rundll32.exe "c:\users\michelle\appdata\roaming\newnext.me\nengine.dll",EntryPoint -m l
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [Wondershare Helper Compact.exe] c:\program files\common files\wondershare\wondershare helper compact\WSHelper.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [mobilegeni daemon] c:\program files\mobogenie\DaemonProcess.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
TCP: NameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{13A6FD88-A1C4-4643-A73D-BF07CFEBFF02} : DHCPNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{2B1052C8-2D0E-4016-85BD-AB8255C1E5E9} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{3F9337E3-A2CF-4DC1-B086-2FB6F0948041} : DHCPNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{BEDB91DE-C4F3-42C0-84A7-CD6B90005B5B} : DHCPNameServer = 192.168.1.254 192.168.1.254
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs=
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\33.0.1750.117\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\michelle\appdata\roaming\mozilla\firefox\profiles\lvyu5r43.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&CUI=UN18795518042419810&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - WhiteSmoke New Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CUI=UN18795518042419810&UM=2&q=
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_168.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-9-27 214696]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-9-16 207280]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2011-9-16 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2011-9-16 59664]
R1 MpKsl8715c565;MpKsl8715c565;c:\programdata\microsoft\microsoft antimalware\definition updates\{1fef43e0-bf5b-4958-a799-69c16ef9d243}\MpKsl8715c565.sys [2014-2-26 39464]
R1 MpKsld5cce6b6;MpKsld5cce6b6;c:\programdata\microsoft\microsoft antimalware\definition updates\{1fef43e0-bf5b-4958-a799-69c16ef9d243}\MpKsld5cce6b6.sys [2014-2-26 39464]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2011-9-16 233136]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 104768]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2011-9-16 365280]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2011-9-16 1141712]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2009-6-10 657408]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-10-23 280288]
R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2011-9-16 70408]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2011-9-16 33552]
R3 ThreatFire;ThreatFire;c:\program files\spyware doctor\tfengine\tfservice.exe service --> c:\program files\spyware doctor\tfengine\TFService.exe service [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 Re-markit;Re-markit;c:\program files\re-markit\re-markit153.exe --> c:\program files\re-markit\Re-markit153.exe [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-6-23 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-2-14 108032]
S3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [2007-8-8 12032]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-17 52224]
S3 TuneConvertAudio;TuneConvertAudio;c:\windows\system32\drivers\TuneConvertAudio.sys [2011-11-26 23608]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-7-12 1343400]
S3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [2013-8-13 16640]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2014-02-26 21:39:23 -------- d-----w- c:\users\michelle\appdata\local\{2D8920E9-1135-4082-9D6A-6E5F3FEBC899}
2014-02-26 21:10:01 39464 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{1fef43e0-bf5b-4958-a799-69c16ef9d243}\MpKsl8715c565.sys
2014-02-26 18:12:46 -------- d-----w- c:\users\michelle\appdata\local\{230A1244-8176-4938-9F89-91BF256269EA}
2014-02-26 12:09:38 62576 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{1fef43e0-bf5b-4958-a799-69c16ef9d243}\offreg.dll
2014-02-26 12:09:38 39464 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{1fef43e0-bf5b-4958-a799-69c16ef9d243}\MpKsld5cce6b6.sys
2014-02-26 12:06:29 7947048 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{1fef43e0-bf5b-4958-a799-69c16ef9d243}\mpengine.dll
2014-02-26 12:03:55 -------- d-----w- c:\users\michelle\appdata\local\{A2DBB05C-E253-402C-9476-95B3D3F23057}
2014-02-26 02:56:31 -------- d-----w- c:\windows\Migration
2014-02-26 01:12:34 -------- d-----w- c:\users\michelle\appdata\local\{6297DE93-F7FA-47B9-92A2-377DC0520B95}
2014-02-25 18:06:21 7947048 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-02-25 13:46:57 -------- d-----w- c:\users\michelle\appdata\local\{B8A5E36F-1E16-43C2-8FCA-6CEADDF715CC}
2014-02-24 13:28:51 -------- d-----w- c:\users\michelle\appdata\local\{6FA077BD-199E-4695-BE18-CAA94EC5892B}
2014-02-24 01:12:36 -------- d-----w- c:\users\michelle\appdata\local\{EBA229A8-DD41-4C31-8EB0-8CAD28C25025}
2014-02-23 13:35:46 -------- d-----w- c:\users\michelle\appdata\local\{01648BC4-1E6C-42BC-85AF-728BB5A10698}
2014-02-22 14:03:35 -------- d-----w- c:\users\michelle\appdata\local\{31B4F8E5-9768-4DC3-A8A2-6340D0B6DD30}
2014-02-21 14:01:07 -------- d-----w- c:\users\michelle\appdata\local\{0BFF5C01-6F06-4255-9855-0EDBAA7EA5F4}
2014-02-21 01:11:47 -------- d-----w- c:\users\michelle\appdata\local\{9DA7A929-C443-4656-8A79-E0D67B1C0FFF}
2014-02-20 12:54:40 -------- d-----w- c:\users\michelle\appdata\local\{C35821F6-540E-460F-99BE-3AB8133584CE}
2014-02-20 01:23:26 765968 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{791353f5-1b8a-4d10-8ebf-0a1e27c320b9}\gapaengine.dll
2014-02-20 01:11:23 -------- d-----w- c:\users\michelle\appdata\local\{4171D1C5-19D5-4EAF-9C24-1E757BED0538}
2014-02-19 13:18:42 -------- d-----w- c:\users\michelle\appdata\local\{C6CFF19F-BBB8-430B-A3B1-D7DCC6AD3E89}
2014-02-19 01:12:21 -------- d-----w- c:\users\michelle\appdata\local\{DA5A6B2C-A8EA-475D-8E12-DBA978EF268B}
2014-02-18 12:03:00 -------- d-----w- c:\users\michelle\appdata\local\{5AA9B327-53C6-4AFA-BE8A-0A11CB0BFFE0}
2014-02-17 16:56:23 -------- d-----w- c:\users\michelle\appdata\local\{AC23F3B4-5C00-41E4-BCF2-CF869E53773F}
2014-02-17 13:11:50 -------- d-----w- c:\users\michelle\appdata\local\{DC48CF2E-BD9F-4DA8-8E56-9D3D12714F0B}
2014-02-15 14:49:40 -------- d-----w- c:\users\michelle\appdata\local\{1EFA1C15-BE6C-4983-941A-E3152FAF0B5D}
2014-02-14 13:32:25 -------- d-----w- c:\users\michelle\appdata\local\{BD5972B2-2BEA-4C3A-A703-A7628E617BF3}
2014-02-14 12:47:02 251392 ----a-w- c:\program files\internet explorer\IEShims.dll
2014-02-14 12:47:02 235224 ----a-w- c:\program files\internet explorer\sqmapi.dll
2014-02-14 12:47:00 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-02-14 12:47:00 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-02-14 12:47:00 271360 ----a-w- c:\program files\internet explorer\ieproxy.dll
2014-02-14 12:05:44 454656 ----a-w- c:\windows\system32\vbscript.dll
2014-02-13 13:54:32 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-02-13 13:54:32 1237504 ----a-w- c:\windows\system32\msxml3.dll
2014-02-13 13:53:51 3419136 ----a-w- c:\windows\system32\d2d1.dll
2014-02-13 13:53:51 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2014-02-13 13:53:41 594944 ----a-w- c:\windows\system32\RMActivate_isv.exe
2014-02-13 13:53:41 572416 ----a-w- c:\windows\system32\RMActivate.exe
2014-02-13 13:53:40 510976 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2014-02-13 13:53:40 508928 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2014-02-13 13:53:40 423936 ----a-w- c:\windows\system32\secproc_isv.dll
2014-02-13 13:53:39 87040 ----a-w- c:\windows\system32\secproc_ssp.dll
2014-02-13 13:53:39 428032 ----a-w- c:\windows\system32\secproc.dll
2014-02-13 13:53:39 390144 ----a-w- c:\windows\system32\msdrm.dll
2014-02-13 13:53:38 87040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2014-02-13 13:43:10 -------- d-----w- c:\users\michelle\appdata\local\{828BBA37-779C-4BB9-B0CE-AF911CA92752}
2014-02-11 21:49:20 -------- d-----w- c:\users\michelle\appdata\local\{A934E3CB-0080-41AD-9871-75C691362C33}
2014-02-10 13:22:22 -------- d-----w- c:\users\michelle\appdata\local\{F1A2D3F0-72E8-4C7E-84CA-4B929600C1F3}
2014-02-10 01:45:49 -------- d-----w- c:\users\michelle\.android
2014-02-10 01:45:37 -------- d-----w- c:\users\michelle\appdata\local\cache
2014-02-10 01:45:31 -------- d-----w- c:\users\michelle\appdata\roaming\newnext.me
2014-02-10 01:45:30 -------- d-----w- c:\users\michelle\appdata\local\genienext
2014-02-10 01:45:29 -------- d-----w- c:\users\michelle\appdata\local\Mobogenie
2014-02-10 01:45:01 -------- d-----w- c:\program files\Nosibay
2014-02-10 01:44:09 -------- d-----w- c:\program files\SerialTrunc
2014-02-10 01:43:55 -------- d-----w- c:\users\michelle\appdata\roaming\Nosibay
2014-02-10 01:43:45 -------- d-----w- c:\users\michelle\appdata\roaming\VOPackage
2014-02-10 01:42:37 -------- d-----w- c:\users\michelle\appdata\local\SwvUpdater
2014-02-10 01:42:11 -------- d-----w- c:\users\michelle\appdata\roaming\GoforFiles
2014-02-10 01:42:11 -------- d-----w- c:\program files\GoforFiles
2014-02-10 01:42:08 -------- d-----w- c:\program files\Re-markit
2014-02-09 15:11:55 -------- d-----w- c:\users\michelle\appdata\local\{AFD1D599-7FB2-403F-93EE-F481F7FB7290}
2014-02-08 14:33:51 -------- d-----w- c:\users\michelle\appdata\local\{0F2B453C-E081-4308-9A69-87A9154BF4A2}
2014-02-07 23:45:07 -------- d-----w- c:\users\michelle\appdata\local\{72F6CA37-8D6D-4FC8-A2F4-C05AA8E8A540}
2014-02-06 23:20:18 -------- d-----w- c:\users\michelle\appdata\local\{0FD80C0F-422A-43A6-88D9-BB271D563B38}
2014-02-04 13:23:03 -------- d-----w- c:\users\michelle\appdata\local\{F0D0FBB1-9090-4437-A70C-71F7BB80952E}
2014-02-03 07:05:41 -------- d-----w- c:\users\michelle\appdata\local\{C4CA2538-E8E0-4A20-9A06-981331D2778A}
2014-02-02 13:27:08 -------- d-----w- c:\users\michelle\appdata\local\{0C683176-9389-47BE-9A18-AAD848BC6044}
2014-02-02 01:12:44 -------- d-----w- c:\users\michelle\appdata\local\{8E9784B3-202E-489E-A255-83AF5A7AF01F}
2014-01-31 15:23:12 -------- d-----w- c:\users\michelle\appdata\local\{94EE2B54-297A-4AA3-BD70-3AA09F0CECA9}
2014-01-31 10:56:02 82432 ----a-w- c:\users\michelle\appdata\roaming\microsoft\msxml2\msxml4r.dll
2014-01-31 10:56:02 44544 ----a-w- c:\users\michelle\appdata\roaming\microsoft\msxml2\msxml4a.dll
2014-01-31 10:56:02 1275392 ----a-w- c:\users\michelle\appdata\roaming\microsoft\msxml2\msxml4.dll
2014-01-31 01:12:00 -------- d-----w- c:\users\michelle\appdata\local\{054CD9E8-ED9D-49D2-A319-FF725F2D2C74}
2014-01-30 23:49:20 -------- d-----w- c:\users\michelle\appdata\local\{107E8DE3-92DB-4B15-A719-B1B43EF67F29}
2014-01-29 01:12:20 -------- d-----w- c:\users\michelle\appdata\local\{359E7D5E-FDF7-41B3-82E0-9F9F2D996214}
2014-01-28 11:18:28 -------- d-----w- c:\users\michelle\appdata\local\{BD9DA23A-8732-4800-BAD9-9F4EF80F0A22}
2014-01-27 22:28:05 -------- d-----w- c:\users\michelle\appdata\local\{8AE13968-2C2C-465C-BE07-E98666A33030}
.
==================== Find3M ====================
.
2014-02-20 20:50:39 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-20 20:50:39 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-06 10:01:36 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-02-06 10:00:46 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-02-06 09:47:22 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-02-06 09:47:18 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-02-06 09:46:27 553472 ----a-w- c:\windows\system32\jscript9diag.dll
2014-02-06 09:25:36 4244480 ----a-w- c:\windows\system32\jscript9.dll
2014-02-06 09:09:30 1964032 ----a-w- c:\windows\system32\inetcpl.cpl
2014-02-06 08:41:35 1820160 ----a-w- c:\windows\system32\wininet.dll
2014-01-19 07:32:23 231584 ------w- c:\windows\system32\MpSigStub.exe
2013-12-18 21:10:01 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
============= FINISH: 22:13:38.76 ===============
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-02-26 22:18:57
-----------------------------
22:18:57.454 OS Version: Windows 6.1.7601 Service Pack 1
22:18:57.454 Number of processors: 2 586 0xF02
22:18:57.455 ComputerName: MICHELLE-PC UserName: Michelle
22:18:58.037 Initialize success
22:22:35.939 AVAST engine defs: 14022600
22:22:43.155 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-4
22:22:43.161 Disk 0 Vendor: SAMSUNG_HD103SJ 1AJ10001 Size: 953869MB BusType: 3
22:22:43.297 Disk 0 MBR read successfully
22:22:43.305 Disk 0 MBR scan
22:22:43.366 Disk 0 Windows 7 default MBR code
22:22:43.385 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:22:43.487 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 253768 MB offset 206848
22:22:43.567 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 699999 MB offset 519923712
22:22:43.641 Disk 0 scanning sectors +1953521664
22:22:43.775 Disk 0 scanning C:\Windows\system32\drivers
22:23:13.685 Service scanning
22:23:57.835 Modules scanning
22:24:02.084 Disk 0 trace - called modules:
22:24:02.116 ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
22:24:02.366 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x865ff6a0]
22:24:02.380 3 CLASSPNP.SYS[8ce7259e] -> nt!IofCallDriver -> [0x865ff020]
22:24:02.394 5 PCTCore.sys[8c85088f] -> nt!IofCallDriver -> [0x861208c0]
22:24:02.408 7 ACPI.sys[8c65f3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-4[0x8616f030]
22:24:02.877 AVAST engine scan C:\Windows
22:24:06.067 AVAST engine scan C:\Windows\system32
22:30:52.521 AVAST engine scan C:\Windows\system32\drivers
22:31:31.946 AVAST engine scan C:\Users\Michelle
22:31:34.080 File: C:\Users\Michelle\AppData\Local\genienext\nengine.dll **INFECTED** Win32:NextLive-A [Adw]
22:32:11.202 Disk 0 MBR has been saved successfully to "C:\Users\Michelle\Desktop\MBR.dat"
22:32:11.321 The log file has been saved successfully to "C:\Users\Michelle\Desktop\aswMBR.txt"
Tags for this Thread
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
