1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[Inactive-A] Computer general inspection - virus - lagging

Discussion in 'Spyware, Adware, Viruses and Malware Removal' started by ramesh help, May 31, 2014.

Thread Status:
Not open for further replies.
  1. ramesh help

    ramesh help Established Techie7 Member

    Hi, this is another pc. could u help me check please. it had alot of virus on it

    Malwarebytes Anti-Malware

    Scan Date: 31/5/2014
    Scan Time: 6:09:11 PM
    Administrator: Yes

    Malware Database: v2014.05.31.02
    Rootkit Database: v2014.05.21.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: User

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 297830
    Time Elapsed: 46 min, 6 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 4
    Trojan.Bot.RV, C:\temp\TrustedInstaller.exe, Quarantined, [030cbc98a8d3ce6811eca76fad53cc34],
    PUP.Optional.Spigot.A, C:\Users\User\AppData\Local\Temp\offercast.exe, Quarantined, [ed22fa5a7cffef474aa8ce5749b8ed13],
    Trojan.Downloader, C:\Users\User\AppData\Local\Temp\trz1554.tmp, Quarantined, [10ff67ed90ebcd690920a34635cb43bd],
    PUP.Optional.FileScout.A, C:\Users\User\AppData\Local\Temp\ibtmpd6d3707\component_600, Quarantined, [51beaaaa8eede2542ee1aa5f6c95b64a],

    Physical Sectors: 0
    (No malicious items detected)


    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.17041
    Run by User at 19:05:39 on 2014-05-31
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.60.1033.18.1859.459 [GMT 8:00]
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    ============== Running Processes ===============
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
    C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
    C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
    C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
    C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
    C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
    c:\program files (x86)\teamviewer\version8\TeamViewer_Desktop.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    ============== Pseudo HJT Report ===============
    uStart Page = hxxp://mysearch.avg.com?cid={7BB5973B-E7FF-4E9F-AC77-12A1F41FC687}&mid=b09a5bb5684e47d39f76359c7b68916e-fea58b94ee148f610bdffb109ed87e37e92cbee2&lang=en&ds=gm011&coid=avgtbdisgm&cmpid=&pr=sa&d=2014-02-06 00:48:42&v=
    uDefault_Page_URL = hxxp://acer.msn.com
    mWinlogon: Userinit = userinit.exe,
    BHO: Wondershare Allmytube: {1373BA72-5012-496e-9F72-7A426DCF78BB} -
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    BHO: Freemake.YoutubeButton: {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} -
    uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
    mRun: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    TCP: NameServer =
    TCP: Interfaces\{C9281C3C-6F6D-48E7-ABA8-586EA0F9BEB3} : DHCPNameServer =
    TCP: Interfaces\{C9281C3C-6F6D-48E7-ABA8-586EA0F9BEB3}\B623 : DHCPNameServer =
    TCP: Interfaces\{F77415A4-3440-4B87-85D7-55550FBC12D6} : DHCPNameServer =
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
    x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
    x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    ================= FIREFOX ===================
    FF - ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\oxt1uyw5.default\
    FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
    FF - plugin: C:\Users\User\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
    FF - plugin: C:\Users\User\AppData\Local\Google\Update\\npGoogleUpdate3.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    ============= SERVICES / DRIVERS ===============
    R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2012-5-15 28992]
    R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2012-5-15 22648]
    R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2012-5-15 20520]
    R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2012-5-15 62776]
    R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2012/05/15 10:05:21];C:\Program Files (x86)\Cyberlink\PowerDVD10\NavFilter\000.fcl [2010-3-13 146928]
    R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-4-11 1390720]
    R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-4-11 1764992]
    R2 GdmWmPrt;Yes Go Protocol Driver;C:\Windows\System32\drivers\gdmwmprt.sys [2012-8-24 32768]
    R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-4-5 3560288]
    R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-10-8 19192]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-5-15 2656280]
    R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-9-17 36000]
    R3 b57xdbd;Broadcom xD Picture Bus Driver Service;C:\Windows\System32\drivers\b57xdbd.sys [2010-12-11 67112]
    R3 b57xdmp;Broadcom xD Picture vstorp client drv;C:\Windows\System32\drivers\b57xdmp.sys [2010-12-11 19496]
    R3 bScsiMSa;bScsiMSa;C:\Windows\System32\drivers\bScsiMSa.sys [2010-12-11 35368]
    R3 bScsiSDa;bScsiSDa;C:\Windows\System32\drivers\bScsiSDa.sys [2010-12-12 85544]
    R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-9-17 330912]
    R3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2011-9-17 110240]
    R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-9-17 30368]
    R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-9-17 167584]
    R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-9-17 68256]
    R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-9-17 280992]
    R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-9-17 517280]
    R3 BthMtpEnum;Bluetooth MTP Device Enumerator;C:\Windows\System32\drivers\BthMtpEnum.sys [2009-7-14 64512]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-5-15 317440]
    R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-11-1 410152]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-12-11 80384]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-12-11 181248]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
    S3 GDMINIT;GCT Initial Device Driver;C:\Windows\System32\drivers\gdminit.sys [2012-8-24 32768]
    S3 GdmUWm;Yes Go;C:\Windows\System32\drivers\gdmuwm.sys [2012-8-24 111104]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-15 111616]
    S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-5-29 25816]
    S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-5-29 63704]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
    S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-10-8 150016]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-5-17 1255736]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
    S4 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-9-17 105120]
    S4 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2012-5-15 352336]
    S4 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-6-22 173424]
    S4 ePowerSvc;ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2012-5-15 872552]
    S4 Freemake Improver;Freemake Improver;C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2012-10-7 101376]
    S4 FreemakeVideoCapture;FreemakeVideoCapture;C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2012-10-7 8704]
    S4 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-13 206072]
    S4 GCTWiMaxServiceD;Connect Service Daemon;C:\Program Files (x86)\Yes\Connect\GCTWiMaxServiceD.exe [2012-8-24 528477]
    S4 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-5-30 36456]
    S4 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-10-19 255376]
    S4 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-5-29 1809720]
    S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-5-29 860472]
    S4 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-4-24 256832]
    =============== Created Last 30 ================
    2014-05-31 10:51:15 -------- d-----w- C:\Windows\System32\MRT
    2014-05-31 10:12:21 -------- d-----w- C:\Program Files (x86)\FileHippo.com
    2014-05-31 09:17:28 10702536 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F55EC78A-697C-420A-85A4-111B3BD45731}\mpengine.dll
    2014-05-29 13:37:34 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    2014-05-29 13:36:40 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
    2014-05-29 13:36:40 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
    2014-05-29 13:36:39 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2014-05-29 13:36:38 -------- d-----w- C:\ProgramData\Malwarebytes
    2014-05-29 13:36:38 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-05-16 05:55:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2014-05-16 05:55:01 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2014-05-15 08:25:59 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2014-05-15 08:25:59 29184 ----a-w- C:\Windows\System32\sspisrv.dll
    2014-05-15 08:25:59 28160 ----a-w- C:\Windows\System32\secur32.dll
    2014-05-15 08:25:59 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2014-05-15 08:25:59 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
    2014-05-07 03:34:09 -------- d-s---w- C:\Windows\System32\CompatTel
    ==================== Find3M ====================
    2014-05-09 06:14:03 477184 ----a-w- C:\Windows\System32\aepdu.dll
    2014-05-09 06:11:23 424448 ----a-w- C:\Windows\System32\aeinv.dll
    2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
    2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
    2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
    2014-03-31 01:35:08 270496 ------w- C:\Windows\System32\MpSigStub.exe
    2014-03-06 09:31:33 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2014-03-06 08:59:04 66048 ----a-w- C:\Windows\System32\iesetup.dll
    2014-03-06 08:57:34 548352 ----a-w- C:\Windows\System32\vbscript.dll
    2014-03-06 08:57:20 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2014-03-06 08:29:40 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
    2014-03-06 08:29:14 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2014-03-06 08:28:15 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
    2014-03-06 08:15:54 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
    2014-03-06 08:11:41 5784064 ----a-w- C:\Windows\System32\jscript9.dll
    2014-03-06 08:02:34 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2014-03-06 08:02:33 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2014-03-06 08:01:01 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
    2014-03-06 07:56:43 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
    2014-03-06 07:46:36 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2014-03-06 07:38:13 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2014-03-06 07:36:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2014-03-06 07:13:43 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
    2014-03-06 07:11:15 2043904 ----a-w- C:\Windows\System32\inetcpl.cpl
    2014-03-06 06:40:39 1967104 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2014-03-06 06:22:40 2260480 ----a-w- C:\Windows\System32\wininet.dll
    2014-03-06 05:41:49 1789440 ----a-w- C:\Windows\SysWow64\wininet.dll
    2014-03-04 09:47:01 5550016 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2014-03-04 09:44:21 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2014-03-04 09:44:21 243712 ----a-w- C:\Windows\System32\wow64.dll
    2014-03-04 09:44:21 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2014-03-04 09:44:20 39936 ----a-w- C:\Windows\System32\wincredprovider.dll
    2014-03-04 09:44:10 210944 ----a-w- C:\Windows\System32\wdigest.dll
    2014-03-04 09:44:08 86528 ----a-w- C:\Windows\System32\TSpkg.dll
    2014-03-04 09:44:06 340992 ----a-w- C:\Windows\System32\schannel.dll
    2014-03-04 09:44:03 722944 ----a-w- C:\Windows\System32\objsel.dll
    2014-03-04 09:44:03 314880 ----a-w- C:\Windows\System32\msv1_0.dll
    2014-03-04 09:44:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2014-03-04 09:44:00 728064 ----a-w- C:\Windows\System32\kerberos.dll
    2014-03-04 09:44:00 424960 ----a-w- C:\Windows\System32\KernelBase.dll
    2014-03-04 09:43:56 57344 ----a-w- C:\Windows\System32\cngprovider.dll
    2014-03-04 09:43:56 52736 ----a-w- C:\Windows\System32\dpapiprovider.dll
    2014-03-04 09:43:56 44544 ----a-w- C:\Windows\System32\dimsroam.dll
    2014-03-04 09:43:56 22016 ----a-w- C:\Windows\System32\credssp.dll
    2014-03-04 09:43:55 56832 ----a-w- C:\Windows\System32\adprovider.dll
    2014-03-04 09:43:55 53760 ----a-w- C:\Windows\System32\capiprovider.dll
    2014-03-04 09:43:50 455168 ----a-w- C:\Windows\System32\winlogon.exe
    2014-03-04 09:20:11 3969984 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2014-03-04 09:20:11 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2014-03-04 09:16:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2014-03-04 09:16:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2014-03-04 09:16:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2014-03-04 08:09:30 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2014-03-04 08:09:29 2048 ----a-w- C:\Windows\SysWow64\user.exe
    ============= FINISH: 19:07:33.54 ===============

    DDS (Ver_2012-11-20.01)
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 14/5/2012 4:15:57 PM
    System Uptime: 31/5/2014 6:59:31 PM (1 hours ago)
    Motherboard: Acer | | Aspire 4752
    Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz | CPU | 1375/100mhz
    ==== Disk Partitions =========================
    C: is FIXED (NTFS) - 449 GiB total, 284.017 GiB free.
    D: is CDROM ()
    ==== Disabled Device Manager Items =============
    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{FBE4BE12-374A-486B-A473-24E39408A24D}_LOCALMFG&0045\8&AE78769&0&980D2EE256AE_C00000000
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{FBE4BE12-374A-486B-A473-24E39408A24D}_LOCALMFG&0045\8&AE78769&0&980D2EE256AE_C00000000
    ==== System Restore Points ===================
    RP87: 30/4/2014 12:23:53 PM - Windows Update
    RP88: 5/5/2014 10:53:20 PM - Windows Update
    RP89: 6/5/2014 12:20:51 AM - Windows Update
    RP90: 7/5/2014 11:32:07 AM - Windows Update
    RP91: 11/5/2014 12:09:17 AM - Windows Update
    RP92: 15/5/2014 4:19:11 PM - Windows Update
    RP93: 16/5/2014 1:40:19 PM - Windows Update
    RP94: 26/5/2014 4:09:17 PM - Windows Update
    RP95: 29/5/2014 9:40:14 PM - Removed newsXpresso
    RP96: 31/5/2014 5:15:40 PM - Windows Update
    RP97: 31/5/2014 6:31:23 PM - Installed Adobe Reader XI.
    RP98: 31/5/2014 6:50:11 PM - Windows Update
    ==== Installed Programs ======================
    Update for Microsoft Office 2007 (KB2508958)
    4G Network Manager
    Acer Backup Manager
    Acer Crystal Eye Webcam
    Acer ePower Management
    Acer eRecovery Management
    Acer Games
    Acer Registration
    Acer ScreenSaver
    Acer Updater
    Adobe AIR
    Adobe Flash Player 10 Plugin
    Adobe Reader XI (11.0.07)
    Adobe Shockwave Player 12.0
    Agatha Christie - Death on the Nile
    Backup Manager V3
    Bejeweled 2 Deluxe
    Bluetooth Win7 Suite (64)
    Broadcom Card Reader Driver Installer
    Broadcom Gigabit NetLink Controller
    Canon E500 series MP Drivers
    Chuzzle Deluxe
    clear.fi Client
    Crazy Chicken Kart 2
    CyberLink PowerDVD 10
    Facebook Video Calling
    FileHippo.com Update Checker
    Final Drive: Nitro
    FormatFactory 2.00
    Freemake Video Downloader
    GOM Player
    Google Chrome
    Google Update Helper
    Identity Card
    Insaniquarium Deluxe
    Intel(R) Control Center
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Intel(R) Rapid Storage Technology
    Intel(R) Turbo Boost Technology Monitor 2.0
    Jewel Match 3
    Jewel Quest Solitaire
    John Deere Drive Green
    Launch Manager
    Malwarebytes Anti-Malware version
    Microsoft .NET Framework 4.5.1
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Mozilla Firefox 29.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    Mystery of Mortlake Mansion
    MyWinLocker 4
    MyWinLocker Suite
    Nero 7 Essentials
    NTI Media Maker 9
    NVIDIA Control Panel 285.64
    NVIDIA Graphics Driver 285.64
    NVIDIA Install Application
    NVIDIA Optimus 1.5.20
    NVIDIA PhysX
    NVIDIA Update Components
    OLYMPUS Digital Camera Updater
    OLYMPUS Viewer 2
    Plants vs. Zombies - Game of the Year
    Polar Bowler
    Realtek High Definition Audio Driver
    Renesas Electronics USB 3.0 Host Controller Driver
    Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
    Skype Click to Call
    Skype™ 6.16
    Slingo Deluxe
    Synaptics Pointing Device Driver
    TeamViewer 8
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update Installer for WildTangent Games App
    Virtual Villagers 4 - The Tree of Life
    Wedding Dash
    Welcome Center
    WildTangent Games App (Acer Games)
    Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009
    WinRAR 5.01 (64-bit)
    Wondershare Data Recovery(Build
    Wondershare Free YouTube Downloader(Build
    Wondershare Player(Build 1.0.0)
    Xvid MPEG-4 Video Codec
    Zuma Deluxe
    ==== Event Viewer Messages From Past Week ========
    31/5/2014 6:58:46 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Windows 7 for x64-based Systems (KB2830477).
    31/5/2014 6:58:46 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Windows 7 for x64-based Systems (KB2709981).
    31/5/2014 6:58:46 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Windows 7 for x64-based Systems (KB2592687).
    31/5/2014 6:58:46 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Windows 7 for x64-based Systems (KB2574819).
    31/5/2014 6:58:46 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: nVidia - Graphics Adapter WDDM1.1, Graphics Adapter WDDM1.2, Graphics Adapter WDDM1.3, Other hardware - NVIDIA GeForce 610M.
    29/5/2014 5:33:39 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EapHost service.
    29/5/2014 10:18:59 PM, Error: NetBT [4300] - The driver could not be created.
    27/5/2014 8:53:35 PM, Error: Service Control Manager [7022] - The NVIDIA Update Service Daemon service hung on starting.
    24/5/2014 10:15:01 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the DsiWMIService service.
    ==== End Of File ===========================
  2. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.


    Step 1 in our preliminaries calls for installing some AV program if you don't have any.
    I see no AV program running.
    What's up with that?
  3. ramesh help

    ramesh help Established Techie7 Member

    i removed the av because there were 3 installed by the user and all 3 are expired long time ago. pls advice
  4. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    [​IMG] Re-read preliminaries.
    There are links to three AV programs we recommend.
    Install one of them.


    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
  5. ramesh help

    ramesh help Established Techie7 Member

    inactive. getting hold of the laptop. will update u after doing. tq
  6. broni

    broni Malware Annihilator Techie7 Moderator Head Security

  7. ramesh help

    ramesh help Established Techie7 Member

    hye :) no problem or no virus or no malware. everything clean. i did not get the log files. is it ok? whats next?
  8. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

    Make sure, you re-enable your security programs, when you're done with Combofix.


    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
  9. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    This topic is marked as abandoned and closed due to inactivity.

    This member will NOT be eligible to receive any more help in malware removal forum.
Thread Status:
Not open for further replies.