Chitka Infected My System

C

ChitkaStruck

New Member
Thread author
May 14, 2013
14
Around twelve hours ago I started noticing different pop ups I hadn't seen before; soon afterwards my computer blue screened. I used system restore to reboot the computer to how it was in the morning, but I hit another blue screen. I went to safe mode and I did a full system restore back to earlier in the week (which was as far back as my computer would let me go). After Googling my problem, I came across this http://malwaretips.com/blogs/remove-chitka-virus/ and I followed the steps one, two, and four in order to try to resolve my problems, but my computer blue screened again afterwards, and the pop ups persisted.

Let me know if there is more I can do to assist; I think I followed all of the rules, and I'm sorry if there is something I missed.

Thanks!
 

Attachments

  • OTL.Txt
    84.6 KB · Views: 102
  • Extras.Txt
    81.9 KB · Views: 101
  • aswMBR.txt
    1.3 KB · Views: 83
Fiery

Fiery

Level 1
Jan 11, 2011
2,007
Hi ChitkaStruck and welcome to MalwareTips! :)

I'm Fiery and I would gladly assist you in removing the malware on your computer.

PLEASE NOTE: The first 3 posts of ALL new members require approval by mods/admins. Please be patient if you don't see your post immediately after submitting it.

Before we start:
  • Note that the removal process is not immediate. Depending on the severity of your infection, it could take a long time.
  • Malware removal can be dangerous. I cannot guarantee the safety of your system as malware can be unpredictable. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system. Therefore, I would advise you to backup all your important files before we start.
  • Please be patient and stay with me until I give you the green lights and inform you that your PC is clean.
  • Some tools may be flagged by your antivirus as harmful. Rest assure that ALL the tools we use are safe, the detections are false positives.
  • The absence of symptoms does not mean your PC is fully disinfected.
  • If you are unclear about the instructions, please stop and ask. Following the steps in the order that I post them in is vital.
  • Lastly, if you have requested help on other sites, that will delay and hinder the removal process. Please only stick to one site.

<hr>
Open OTL. Under custom scan/fixes, copy and paste the following:

:OTL
[2013/05/14 18:34:15 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Niaz\AppData\Roaming\Mozilla\Firefox\Profiles\kycs479j.default\extensions\plugin@yontoo.com
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CFD4955A-F5A2-4931-96B3-6DF5EE5F459D}: DhcpNameServer = 13.35.0.1 13.35.0.2

:Files
C:\Program Files (x86)\Yontoo
ipconfig /flushdns /c

:Commands
[EMPTYTEMP]
[RESETHOSTS]
Click to expand...

Then click Run Fix. Let your PC reboot to normal mode. A new log will be created automatically, post the content in the next reply.

Download Malwarebytes Anti-Rootkit from here to your Desktop
  • Unzip the contents to a folder on your Desktop.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Make sure there is a check next to Create Restore Point and click the Cleanup button to remove any threats. Reboot if prompted to do so.
  • After the reboot, perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If there are threats, click Cleanup once more and reboot.
  • When done, please post the two logs in the MBAR folder(mbar-log.txt and system-log.txt)

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool(For Vista or Windows 7, right-click and select Run as Administrator to start)
  • Click delete
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt

Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select Run as Administrator to start
  • Wait until Prescan has finished, then click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • Click delete and wait until it saids deleting finished
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
    Exit/Close RogueKiller+
 
C

ChitkaStruck

New Member
Thread author
May 14, 2013
14
RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Niaz [Admin rights]
Mode : Remove -- Date : 05/14/2013 23:05:18
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

ÿþ1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD7500BPKT-75PK4T0 +++++
--- User ---
[MBR] f5d497cc64ecf0b0adf95d35a55e79fe
[BSP] 0d9bdc844c4d286fe0b40717de6e9b3f : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 212992 | Size: 20000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 41172992 | Size: 695299 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_05142013_02d2305.txt >>
RKreport[1]_S_05142013_02d2304.txt ; RKreport[2]_D_05142013_02d2305.txt
 

Attachments

  • mbar-log-2013-05-14 (22-54-56).txt
    1.8 KB · Views: 117
  • system-log.txt
    22 KB · Views: 117
  • OTL.Txt
    84.6 KB · Views: 107
  • AdwCleaner[S1].txt
    3.2 KB · Views: 89
Fiery

Fiery

Level 1
Jan 11, 2011
2,007
Hi,

When you performed the OTL step, I think you pressed the Run Scan button instead on the Run Fix button
 
C

ChitkaStruck

New Member
Thread author
May 14, 2013
14
That is very possible; that said, I just copied the log named "OTL" (which was the same name as the one from before) because I thought from your instructions the file was supposed to change. Is there a new log somewhere that I missed?

Also, is there any way to estimate how many more things I'm going to need to download onto my computer?
 
Fiery

Fiery

Level 1
Jan 11, 2011
2,007
Yes, you need to redo the OTL step again as I think you pressed the wrong button. Make sure you click run fix this time.

Open OTL. Under custom scan/fixes, copy and paste the following:

:OTL
[2013/05/14 18:34:15 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Niaz\AppData\Roaming\Mozilla\Firefox\Profiles\kycs479j.default\extensions\plugin@yontoo.com
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CFD4955A-F5A2-4931-96B3-6DF5EE5F459D}: DhcpNameServer = 13.35.0.1 13.35.0.2

:Files
C:\Program Files (x86)\Yontoo
ipconfig /flushdns /c

:Commands
[EMPTYTEMP]
[RESETHOSTS]
Click to expand...

Then click Run Fix
 
C

ChitkaStruck

New Member
Thread author
May 14, 2013
14
Hi; I should be around for a few more hours. Thank you so much for all of your help and patience with me. I couldn't find the file itself, but I copied and pasted the log below:

All processes killed
========== OTL ==========
Folder C:\Users\Niaz\AppData\Roaming\Mozilla\Firefox\Profiles\kycs479j.default\extensio​ns\plugin@yontoo.com\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ not found.
File C:\Program Files (x86)\Yontoo\YontooIEClient.dll not found.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CFD4955A-F5A2-4931-96B3-6DF5EE5F459D}\\DhcpNameServer| /E : value set successfully!
========== FILES ==========
File\Folder C:\Program Files (x86)\Yontoo not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Niaz\Downloads\cmd.bat deleted successfully.
C:\Users\Niaz\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Niaz
->Temp folder emptied: 2881406 bytes
->Temporary Internet Files folder emptied: 26015497 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 27603615 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 964 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 89237 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 54.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 05152013_152559

Files\Folders moved on Reboot...
C:\Users\Niaz\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 
C

ChitkaStruck

New Member
Thread author
May 14, 2013
14
Yes; both. Do you think it's safe for me to upload a picture I took of the blue screen to show you? I'd rather nothing bad happen to the camera.
 
Fiery

Fiery

Level 1
Jan 11, 2011
2,007
Yes, it's completely safe to upload a picture.

I'd like to get another look on your PC with a different method.

Download Farbar Recovery Scan Tool from the below link:
<ul><li>For 64 bit systems download <a title="External link" href="http://download.bleepingcomputer.com/farbar/FRST64.exe" rel="nofollow external"><>Farbar Recovery Scan Tool x64</></a> and save it to a USB/flash drive.</li>

<li>Plug the flashdrive into the infected PC.</li>

<li>Enter <>System Recovery Options</>.</li>

<>To enter System Recovery Options from the Advanced Boot Options:</>
<ul>
<li>Restart the computer.</li>
<li>As soon as the BIOS is loaded begin tapping the<> F8</> key until Advanced Boot Options appears.</li>
<li>Use the arrow keys to select the <>Repair your computer</> menu item.</li>
<li>Select <>US</> as the keyboard language settings, and then click <>Next</>.</li>
<li>Select the operating system you want to repair, and then click <>Next</>.</li>
<li>Select your user account an click <>Next</>.</li>
</ul>

<li>On the System Recovery Options menu you will get the following options:</span>
<pre>Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt</pre>
<ol>
<li>Select <>Command Prompt</></li>
<li>In the command window type in <>notepad</> and press <>Enter</>.</li>
<li>The notepad opens. Under File menu select <>Open</>.</li>
<li>Select "Computer" and find your flash drive letter and close the notepad.</li>
<li>In the command window type <><span style="color: #ff0000;">e</span>:\frst64</> and press <>Enter</>
<>Note:</><span style="color: #ff0000;"> Replace letter <>e</> with the drive letter of your flash drive.</span></li>
<li>The tool will start to run.</li>
<li>When the tool opens click <>Yes</> to disclaimer.</li>
<li>Press <>Scan</> button.</li>
<li><>FRST</> will let you know when the scan is complete and has written the <>FRST.txt</> to file, close the message.
<li>Type exit</li>
<li>Please copy and paste FRST.txt in your next reply</li></li>
</ol>
</ul>
 
Last edited by a moderator:
C

ChitkaStruck

New Member
Thread author
May 14, 2013
14
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-05-2013
Ran by SYSTEM on 15-05-2013 18:32:09
Running from E:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [CyCpIo] C:\Program Files\Cypress\TrackPad\CyCpIo.exe [2364928 2011-03-10] (Cypress Semiconductor Corporation)
HKLM\...\Run: [CyHidWin] C:\Program Files\Cypress\TrackPad\CyHidWin.exe [2351104 2011-03-10] (Cypress Semiconductor, Inc.)
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6611560 2011-02-25] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3 [2189416 2011-03-01] (Realtek Semiconductor)
HKLM\...\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start [312936 2011-02-18] (NVIDIA Corporation)
HKLM\...\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] ()
HKLM\...\Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp [10355200 2011-01-24] (Intel Corporation)
HKLM\...\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1933584 2010-12-17] (Intel(R) Corporation)
HKLM\...\Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe [4500128 2011-01-31] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4526 2010-11-29] ()
HKLM\...\Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup [207845 2011-04-29] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1532992 2013-03-13] (McAfee, Inc.)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] ()
HKLM-x32\...\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup [885760 2011-04-29] ()
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [151952 2012-11-29] (Apple Inc.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [226920 2011-02-19] (NVIDIA Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Services (Whitelisted) =================

S3 McAWFwk; c:\PROGRA~1\mcafee\msc\mcawfwk.exe [220528 2010-08-30] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [383608 2012-11-17] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)
S2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] ()

==================== Drivers (Whitelisted) ====================

S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)
S3 cyhid; C:\Windows\System32\DRIVERS\cyhid.sys [104960 2011-03-17] (Windows (R) Win 7 DDK provider)
S3 cykbfltrService; C:\Windows\System32\DRIVERS\cykbfltr.sys [13312 2011-03-10] (Cypress Semiconductor, Inc.)
S3 cymfltrService; C:\Windows\System32\DRIVERS\cymfltr.sys [62464 2011-03-23] (Cypress Semiconductor, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)
S3 mfeavfk01; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-05-15 20:11 - 2013-05-15 20:11 - 00262144 ____A C:\Windows\Minidump\051513-18532-01.dmp
2013-05-15 19:42 - 2013-05-15 19:42 - 00262144 ____A C:\Windows\Minidump\051513-25599-01.dmp
2013-05-15 19:28 - 2013-05-15 19:28 - 00262144 ____A C:\Windows\Minidump\051513-24289-01.dmp
2013-05-15 18:44 - 2013-05-15 18:44 - 00262144 ____A C:\Windows\Minidump\051513-37533-01.dmp
2013-05-15 18:32 - 2013-05-15 18:32 - 00000000 ____D C:\FRST
2013-05-15 18:11 - 2013-05-15 18:11 - 00262144 ____A C:\Windows\Minidump\051513-16146-01.dmp
2013-05-15 01:32 - 2013-05-15 01:32 - 00262144 ____A C:\Windows\Minidump\051413-28563-01.dmp
2013-05-15 01:16 - 2013-05-15 01:16 - 00262144 ____A C:\Windows\Minidump\051413-24008-01.dmp
2013-05-15 01:05 - 2013-05-15 01:05 - 00001761 ____A C:\Users\Niaz\Desktop\RKreport[2]_D_05142013_02d2305.txt
2013-05-15 01:04 - 2013-05-15 01:04 - 00001834 ____A C:\Users\Niaz\Desktop\RKreport[1]_S_05142013_02d2304.txt
2013-05-15 01:02 - 2013-05-15 01:04 - 00000000 ____D C:\Users\Niaz\Desktop\RK_Quarantine
2013-05-15 01:01 - 2013-05-15 01:01 - 00816128 ____A C:\Users\Niaz\Downloads\RogueKiller.exe
2013-05-15 00:56 - 2013-05-15 00:57 - 00003236 ____A C:\AdwCleaner[S1].txt
2013-05-15 00:55 - 2013-05-15 00:56 - 00628743 ____A C:\Users\Niaz\Downloads\AdwCleaner.exe
2013-05-15 00:40 - 2013-05-15 00:40 - 00000000 ____D C:\Users\Niaz\Downloads\mbar-1.05.0.1001
2013-05-15 00:39 - 2013-05-15 00:40 - 12917756 ____A C:\Users\Niaz\Downloads\mbar-1.05.0.1001.zip
2013-05-15 00:34 - 2013-05-15 00:34 - 00000000 ____D C:\_OTL
2013-05-15 00:27 - 2013-05-15 00:27 - 00262144 ____A C:\Windows\Minidump\051413-25755-01.dmp
2013-05-15 00:05 - 2013-05-15 00:05 - 00001332 ____A C:\Users\Niaz\Downloads\aswMBR.txt
2013-05-15 00:05 - 2013-05-15 00:05 - 00000512 ____A C:\Users\Niaz\Downloads\MBR.dat
2013-05-15 00:02 - 2013-05-15 00:03 - 04745728 ____A (AVAST Software) C:\Users\Niaz\Downloads\aswMBR.exe
2013-05-15 00:01 - 2013-05-15 00:01 - 00086680 ____A C:\Users\Niaz\Downloads\OTL.Txt
2013-05-15 00:01 - 2013-05-15 00:01 - 00083842 ____A C:\Users\Niaz\Downloads\Extras.Txt
2013-05-14 23:48 - 2013-05-14 23:48 - 00602112 ____A (OldTimer Tools) C:\Users\Niaz\Downloads\OTL.exe
2013-05-14 23:45 - 2013-05-14 23:45 - 00262144 ____A C:\Windows\Minidump\051413-31059-01.dmp
2013-05-14 22:20 - 2013-05-14 22:20 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2013-05-14 22:09 - 2013-05-14 22:09 - 00262144 ____A C:\Windows\Minidump\051413-37331-01.dmp
2013-05-14 22:00 - 2013-05-14 22:21 - 00000000 ____D C:\ProgramData\HitmanPro
2013-05-14 22:00 - 2013-05-14 22:21 - 00000000 ____D C:\ProgramData\Application Data\HitmanPro
2013-05-14 22:00 - 2013-05-14 22:03 - 09741664 ____A (SurfRight B.V.) C:\Users\Niaz\Downloads\HitmanPro_x64.exe
2013-05-14 21:54 - 2013-05-14 21:54 - 00262144 ____A C:\Windows\Minidump\051413-25381-01.dmp
2013-05-14 20:51 - 2013-05-14 20:51 - 00000000 ____D C:\Users\Niaz\Application Data\Malwarebytes
2013-05-14 20:51 - 2013-05-14 20:51 - 00000000 ____D C:\Users\Niaz\AppData\Roaming\Malwarebytes
2013-05-14 20:50 - 2013-05-14 20:50 - 01440846 ____A C:\Users\Niaz\Downloads\mbam-chameleon-1.62.1.1000.zip
2013-05-14 20:50 - 2013-05-14 20:50 - 00000000 ____D C:\Users\Niaz\Downloads\mbam-chameleon-1.62.1.1000
2013-05-14 19:51 - 2013-05-15 20:11 - 00000000 ____D C:\Windows\Minidump
2013-05-14 19:50 - 2013-05-15 20:10 - 585401410 ____A C:\Windows\MEMORY.DMP
2013-05-14 19:07 - 2013-05-14 19:07 - 00000165 ___AH C:\Users\Niaz\My Documents\~$Bioluminescence.pptx
2013-05-14 19:07 - 2013-05-14 19:07 - 00000165 ___AH C:\Users\Niaz\Documents\~$Bioluminescence.pptx
2013-05-14 16:42 - 2013-05-14 16:42 - 00000000 __SHD C:\$$PendingFiles
2013-05-08 23:46 - 2013-05-08 23:56 - 00000000 ____D C:\Users\Niaz\Local Settings\Microsoft Games
2013-05-08 23:46 - 2013-05-08 23:56 - 00000000 ____D C:\Users\Niaz\Local Settings\Application Data\Microsoft Games
2013-05-08 23:46 - 2013-05-08 23:56 - 00000000 ____D C:\Users\Niaz\AppData\Local\Microsoft Games
2013-04-23 22:52 - 2013-04-12 09:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-19 17:33 - 2013-05-15 01:41 - 13459909 ____A C:\Users\Niaz\My Documents\Bioluminescence.pptx
2013-04-19 17:33 - 2013-05-15 01:41 - 13459909 ____A C:\Users\Niaz\Documents\Bioluminescence.pptx

==================== One Month Modified Files and Folders =======

2013-05-15 20:28 - 2011-07-26 22:34 - 01526856 ____A C:\Windows\WindowsUpdate.log
2013-05-15 20:26 - 2009-07-14 00:13 - 00778834 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-15 20:20 - 2012-11-08 23:03 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-15 20:18 - 2009-07-13 23:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-15 20:18 - 2009-07-13 23:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-15 20:11 - 2013-05-15 20:11 - 00262144 ____A C:\Windows\Minidump\051513-18532-01.dmp
2013-05-15 20:11 - 2013-05-14 19:51 - 00000000 ____D C:\Windows\Minidump
2013-05-15 20:11 - 2012-11-08 23:03 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-15 20:11 - 2011-07-26 22:46 - 00000000 ____D C:\Users\Default\Local Settings\SoftThinks
2013-05-15 20:11 - 2011-07-26 22:46 - 00000000 ____D C:\Users\Default\Local Settings\Application Data\SoftThinks
2013-05-15 20:11 - 2011-07-26 22:46 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2013-05-15 20:11 - 2011-07-26 22:46 - 00000000 ____D C:\Users\Default User\Local Settings\SoftThinks
2013-05-15 20:11 - 2011-07-26 22:46 - 00000000 ____D C:\Users\Default User\Local Settings\Application Data\SoftThinks
2013-05-15 20:11 - 2011-07-26 22:46 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2013-05-15 20:11 - 2011-07-26 22:39 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-05-15 20:11 - 2011-07-26 22:24 - 00000000 ____D C:\ProgramData\NVIDIA
2013-05-15 20:11 - 2011-07-26 22:24 - 00000000 ____D C:\ProgramData\Application Data\NVIDIA
2013-05-15 20:11 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-15 20:11 - 2009-07-13 23:51 - 00087850 ____A C:\Windows\setupact.log
2013-05-15 20:10 - 2013-05-14 19:50 - 585401410 ____A C:\Windows\MEMORY.DMP
2013-05-15 19:42 - 2013-05-15 19:42 - 00262144 ____A C:\Windows\Minidump\051513-25599-01.dmp
2013-05-15 19:28 - 2013-05-15 19:28 - 00262144 ____A C:\Windows\Minidump\051513-24289-01.dmp
2013-05-15 18:44 - 2013-05-15 18:44 - 00262144 ____A C:\Windows\Minidump\051513-37533-01.dmp
2013-05-15 18:32 - 2013-05-15 18:32 - 00000000 ____D C:\FRST
2013-05-15 18:11 - 2013-05-15 18:11 - 00262144 ____A C:\Windows\Minidump\051513-16146-01.dmp
2013-05-15 17:26 - 2010-11-20 22:47 - 00075828 ____A C:\Windows\PFRO.log
2013-05-15 01:41 - 2013-04-19 17:33 - 13459909 ____A C:\Users\Niaz\My Documents\Bioluminescence.pptx
2013-05-15 01:41 - 2013-04-19 17:33 - 13459909 ____A C:\Users\Niaz\Documents\Bioluminescence.pptx
2013-05-15 01:32 - 2013-05-15 01:32 - 00262144 ____A C:\Windows\Minidump\051413-28563-01.dmp
2013-05-15 01:16 - 2013-05-15 01:16 - 00262144 ____A C:\Windows\Minidump\051413-24008-01.dmp
2013-05-15 01:05 - 2013-05-15 01:05 - 00001761 ____A C:\Users\Niaz\Desktop\RKreport[2]_D_05142013_02d2305.txt
2013-05-15 01:04 - 2013-05-15 01:04 - 00001834 ____A C:\Users\Niaz\Desktop\RKreport[1]_S_05142013_02d2304.txt
2013-05-15 01:04 - 2013-05-15 01:02 - 00000000 ____D C:\Users\Niaz\Desktop\RK_Quarantine
2013-05-15 01:01 - 2013-05-15 01:01 - 00816128 ____A C:\Users\Niaz\Downloads\RogueKiller.exe
2013-05-15 01:01 - 2012-08-19 04:48 - 00000000 ____D C:\Users\Niaz\My Documents\English5
2013-05-15 01:01 - 2012-08-19 04:48 - 00000000 ____D C:\Users\Niaz\Documents\English5
2013-05-15 00:57 - 2013-05-15 00:56 - 00003236 ____A C:\AdwCleaner[S1].txt
2013-05-15 00:56 - 2013-05-15 00:55 - 00628743 ____A C:\Users\Niaz\Downloads\AdwCleaner.exe
2013-05-15 00:40 - 2013-05-15 00:40 - 00000000 ____D C:\Users\Niaz\Downloads\mbar-1.05.0.1001
2013-05-15 00:40 - 2013-05-15 00:39 - 12917756 ____A C:\Users\Niaz\Downloads\mbar-1.05.0.1001.zip
2013-05-15 00:34 - 2013-05-15 00:34 - 00000000 ____D C:\_OTL
2013-05-15 00:27 - 2013-05-15 00:27 - 00262144 ____A C:\Windows\Minidump\051413-25755-01.dmp
2013-05-15 00:05 - 2013-05-15 00:05 - 00001332 ____A C:\Users\Niaz\Downloads\aswMBR.txt
2013-05-15 00:05 - 2013-05-15 00:05 - 00000512 ____A C:\Users\Niaz\Downloads\MBR.dat
2013-05-15 00:03 - 2013-05-15 00:02 - 04745728 ____A (AVAST Software) C:\Users\Niaz\Downloads\aswMBR.exe
2013-05-15 00:01 - 2013-05-15 00:01 - 00086680 ____A C:\Users\Niaz\Downloads\OTL.Txt
2013-05-15 00:01 - 2013-05-15 00:01 - 00083842 ____A C:\Users\Niaz\Downloads\Extras.Txt
2013-05-14 23:48 - 2013-05-14 23:48 - 00602112 ____A (OldTimer Tools) C:\Users\Niaz\Downloads\OTL.exe
2013-05-14 23:45 - 2013-05-14 23:45 - 00262144 ____A C:\Windows\Minidump\051413-31059-01.dmp
2013-05-14 23:28 - 2012-08-19 01:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-05-14 23:26 - 2011-07-26 22:53 - 00000000 ____D C:\Program Files (x86)\McAfee
2013-05-14 23:25 - 2012-08-19 04:38 - 00000000 ____D C:\Users\Niaz\Desktop\Junk
2013-05-14 23:24 - 2012-08-19 01:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-14 22:21 - 2013-05-14 22:00 - 00000000 ____D C:\ProgramData\HitmanPro
2013-05-14 22:21 - 2013-05-14 22:00 - 00000000 ____D C:\ProgramData\Application Data\HitmanPro
2013-05-14 22:20 - 2013-05-14 22:20 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2013-05-14 22:09 - 2013-05-14 22:09 - 00262144 ____A C:\Windows\Minidump\051413-37331-01.dmp
2013-05-14 22:03 - 2013-05-14 22:00 - 09741664 ____A (SurfRight B.V.) C:\Users\Niaz\Downloads\HitmanPro_x64.exe
2013-05-14 21:54 - 2013-05-14 21:54 - 00262144 ____A C:\Windows\Minidump\051413-25381-01.dmp
2013-05-14 21:09 - 2012-08-19 01:12 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-14 20:51 - 2013-05-14 20:51 - 00000000 ____D C:\Users\Niaz\Application Data\Malwarebytes
2013-05-14 20:51 - 2013-05-14 20:51 - 00000000 ____D C:\Users\Niaz\AppData\Roaming\Malwarebytes
2013-05-14 20:50 - 2013-05-14 20:50 - 01440846 ____A C:\Users\Niaz\Downloads\mbam-chameleon-1.62.1.1000.zip
2013-05-14 20:50 - 2013-05-14 20:50 - 00000000 ____D C:\Users\Niaz\Downloads\mbam-chameleon-1.62.1.1000
2013-05-14 20:40 - 2012-08-19 00:46 - 00000000 ____D C:\users\Niaz
2013-05-14 20:35 - 2010-11-21 02:17 - 00000000 ____D C:\Program Files\Windows Journal
2013-05-14 20:35 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-05-14 20:35 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Cursors
2013-05-14 20:34 - 2013-03-13 02:07 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-05-14 20:34 - 2012-12-04 00:08 - 00000000 ____D C:\Program Files\iTunes
2013-05-14 20:34 - 2012-12-04 00:08 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-05-14 20:34 - 2012-11-30 23:10 - 00000000 ____D C:\Program Files (x86)\Crayon Physics Deluxe
2013-05-14 20:34 - 2012-11-09 13:32 - 00000000 ____D C:\Program Files (x86)\GameFly
2013-05-14 20:34 - 2012-11-09 13:11 - 00000000 ____D C:\Program Files (x86)\iCare Data Recovery Professional
2013-05-14 20:34 - 2012-10-13 20:42 - 00000000 ____D C:\Program Files (x86)\Origin
2013-05-14 20:34 - 2012-09-03 14:09 - 00000000 ____D C:\ProgramData\HP Product Assistant
2013-05-14 20:34 - 2012-09-03 14:09 - 00000000 ____D C:\ProgramData\Application Data\HP Product Assistant
2013-05-14 20:34 - 2012-09-03 14:07 - 00000000 ____D C:\Program Files (x86)\HP
2013-05-14 20:34 - 2012-09-03 13:49 - 00000000 ____D C:\ProgramData\HP
2013-05-14 20:34 - 2012-09-03 13:49 - 00000000 ____D C:\ProgramData\Application Data\HP
2013-05-14 20:34 - 2012-08-25 11:02 - 00000000 ____D C:\Program Files\Dell Support Center
2013-05-14 20:34 - 2012-08-19 01:12 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-05-14 20:34 - 2012-08-19 01:10 - 00000000 ____D C:\Program Files\Bonjour
2013-05-14 20:34 - 2012-08-19 01:10 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-05-14 20:34 - 2012-08-19 01:10 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2013-05-14 20:34 - 2012-08-19 01:07 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2013-05-14 20:34 - 2012-08-19 01:06 - 00000000 ____D C:\Program Files (x86)\Combined Community Codec Pack
2013-05-14 20:34 - 2012-08-19 01:06 - 00000000 ____D C:\Program Files (x86)\AIM
2013-05-14 20:34 - 2011-07-27 00:21 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-05-14 20:34 - 2011-07-27 00:21 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-05-14 20:34 - 2011-07-26 22:53 - 00000000 ____D C:\ProgramData\McAfee
2013-05-14 20:34 - 2011-07-26 22:53 - 00000000 ____D C:\ProgramData\Application Data\McAfee
2013-05-14 20:34 - 2011-07-26 22:53 - 00000000 ____D C:\Program Files (x86)\mcafee.com
2013-05-14 20:34 - 2011-07-26 22:50 - 00000000 ____D C:\Program Files (x86)\Windows Live
2013-05-14 20:34 - 2011-07-26 22:41 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-05-14 20:34 - 2010-11-21 02:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-05-14 20:34 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\System32\restore
2013-05-14 20:34 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-05-14 20:34 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-05-14 20:34 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2013-05-14 20:34 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-05-14 20:34 - 2009-07-13 22:20 - 00000000 __RSD C:\Windows\Media
2013-05-14 20:34 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-05-14 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\spp
2013-05-14 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\servicing
2013-05-14 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\L2Schemas
2013-05-14 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\IME
2013-05-14 20:34 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\System
2013-05-14 20:33 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2013-05-14 20:26 - 2012-08-19 05:03 - 00000000 ____D C:\Users\Niaz\Application Data\.minecraft
2013-05-14 20:26 - 2012-08-19 05:03 - 00000000 ____D C:\Users\Niaz\AppData\Roaming\.minecraft
2013-05-14 20:24 - 2012-08-19 22:34 - 00000000 __RHD C:\MSOCache
2013-05-14 19:07 - 2013-05-14 19:07 - 00000165 ___AH C:\Users\Niaz\My Documents\~$Bioluminescence.pptx
2013-05-14 19:07 - 2013-05-14 19:07 - 00000165 ___AH C:\Users\Niaz\Documents\~$Bioluminescence.pptx
2013-05-14 16:42 - 2013-05-14 16:42 - 00000000 __SHD C:\$$PendingFiles
2013-05-10 14:05 - 2012-08-19 04:48 - 00000000 ____D C:\Users\Niaz\My Documents\Other
2013-05-10 14:05 - 2012-08-19 04:48 - 00000000 ____D C:\Users\Niaz\Documents\Other
2013-05-08 23:56 - 2013-05-08 23:46 - 00000000 ____D C:\Users\Niaz\Local Settings\Microsoft Games
2013-05-08 23:56 - 2013-05-08 23:46 - 00000000 ____D C:\Users\Niaz\Local Settings\Application Data\Microsoft Games
2013-05-08 23:56 - 2013-05-08 23:46 - 00000000 ____D C:\Users\Niaz\AppData\Local\Microsoft Games
2013-05-08 23:44 - 2012-08-20 00:48 - 00000000 ____D C:\Users\Niaz\Application Data\vlc
2013-05-08 23:44 - 2012-08-20 00:48 - 00000000 ____D C:\Users\Niaz\AppData\Roaming\vlc
2013-05-04 11:12 - 2011-07-26 22:38 - 00000000 ____D C:\ProgramData\Application Data\Adobe
2013-05-04 11:12 - 2011-07-26 22:38 - 00000000 ____D C:\ProgramData\Adobe
2013-05-04 11:10 - 2012-08-19 01:02 - 00691592 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-03 17:45 - 2012-12-26 17:51 - 00000000 ____D C:\Users\Niaz\My Documents\YT100
2013-05-03 17:45 - 2012-12-26 17:51 - 00000000 ____D C:\Users\Niaz\Documents\YT100
2013-04-25 23:48 - 2012-08-19 04:48 - 00000000 ____D C:\Users\Niaz\My Documents\Virtue notes
2013-04-25 23:48 - 2012-08-19 04:48 - 00000000 ____D C:\Users\Niaz\Documents\Virtue notes
2013-04-25 23:04 - 2012-08-19 00:51 - 00000000 ____D C:\Users\Niaz\Local Settings\VirtualStore
2013-04-25 23:04 - 2012-08-19 00:51 - 00000000 ____D C:\Users\Niaz\Local Settings\Application Data\VirtualStore
2013-04-25 23:04 - 2012-08-19 00:51 - 00000000 ____D C:\Users\Niaz\AppData\Local\VirtualStore
2013-04-21 08:52 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\DVD Maker
2013-04-21 08:52 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat
2013-04-15 20:18 - 2011-07-26 22:58 - 00000000 ____D C:\ProgramData\Sonic
2013-04-15 20:18 - 2011-07-26 22:58 - 00000000 ____D C:\ProgramData\Application Data\Sonic
2013-04-15 20:09 - 2013-03-29 16:53 - 00000000 ____D C:\Users\Niaz\Desktop\Phys 41

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-04-24 01:37:30
Restore point made on: 2013-05-04 16:37:19
Restore point made on: 2013-05-11 21:49:14
Restore point made on: 2013-05-14 17:46:51

==================== Memory info ===========================

Percentage of memory in use: 9%
Total physical RAM: 8106.07 MB
Available physical RAM: 7324.76 MB
Total Pagefile: 8104.27 MB
Available Pagefile: 7312.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:679 GB) (Free:515.07 GB) NTFS (Disk=0 Partition=3)
Drive d: (RECOVERY) (Fixed) (Total:19.53 GB) (Free:11.42 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive e: () (Removable) (Total:0.96 GB) (Free:0.6 GB) FAT (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 07F2837E)
Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)
Partition 2: (Active) - (Size=20 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=679 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 981 MB) (Disk ID: 00876DDC)
Partition 1: (Active) - (Size=981 MB) - (Type=06)


Last Boot: 2013-05-04 16:29

==================== End Of Log ============================
 
Fiery

Fiery

Level 1
Jan 11, 2011
2,007
Give this a try.

Please download ComboFix from one of these locations:

<a title="External link" href="http://download.bleepingcomputer.com/sUBs/ComboFix.exe" rel="external"><>Link 1</></a>
<a title="External link" href="http://www.infospyware.net/antimalware/combofix/" rel="external"><>Link 2</></a>
<ul>
<li>Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See <a title="External link" href="http://www.bleepingcomputer.com/forums/topic114351.html" rel="external">HERE</a> for help</li>
<li>Double click on Combo-Fix & follow the prompts.</li>
</ul>

When finished, ComboFix will produce a log.

<>Note:</>
1. Do not mouseclick combofix's window while it's running. That may cause it to stall!
2. Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.
 
Last edited by a moderator:
C

ChitkaStruck

New Member
Thread author
May 14, 2013
14
It looks like the virus is starting to redirect my browser to websites I don't want it to go to...I'm about to use the ComboFix thing but I can't figure out how to stop McAfee (I read the link you provided, and it stated how, but there is no "Exit" when I right click the logo).

Edit: I think I figured it out; I'll try now.
 
C

ChitkaStruck

New Member
Thread author
May 14, 2013
14
ComboFix 13-05-15.01 - Niaz 05/15/2013 18:53:18.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8106.6241 [GMT -7:00]
Running from: c:\users\Niaz\Downloads\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6032\AddOnDownloaded\1b0b3c38-2b97-4f8d-954b-06296209b73d.dll
c:\programdata\PCDr\6032\AddOnDownloaded\1ea63693-456f-437c-857f-522df77e7357.dll
c:\programdata\PCDr\6032\AddOnDownloaded\32ac3173-77bd-4ec6-9638-94e174508c22.dll
c:\programdata\PCDr\6032\AddOnDownloaded\3e0b29b2-9809-4050-abfc-ef8aff73ceab.dll
c:\programdata\PCDr\6032\AddOnDownloaded\4d4f44db-c9f0-4cc8-a32f-e98ea4fff68d.dll
c:\programdata\PCDr\6032\AddOnDownloaded\5f2ce3e8-3c56-40bb-86d6-a1a41867000b.dll
c:\programdata\PCDr\6032\AddOnDownloaded\7b6e388f-35d0-44f8-aa2c-20538273473f.dll
c:\programdata\PCDr\6032\AddOnDownloaded\7dd123b0-30e9-4f67-b7e2-20e7374cbb87.dll
c:\programdata\PCDr\6032\AddOnDownloaded\88bde4bf-b24d-4cb6-92ef-eb02d3276f09.dll
c:\programdata\PCDr\6032\AddOnDownloaded\96c23f75-9f21-4ef8-a3c8-1a554b815309.dll
c:\programdata\PCDr\6032\AddOnDownloaded\97cd9b9c-9747-469a-acfa-cfbf8aed528a.dll
c:\programdata\PCDr\6032\AddOnDownloaded\9cdc7b97-c1d2-495c-8b7f-12fd3c7e14b8.dll
c:\programdata\PCDr\6032\AddOnDownloaded\be661974-a339-4e9a-bea4-bda0af68ba7f.dll
c:\programdata\PCDr\6032\AddOnDownloaded\bea3f575-677a-4c92-89ca-7be8480c11a9.dll
c:\programdata\PCDr\6032\AddOnDownloaded\c0ff87a7-2f82-4d5e-8d0f-38cbd0c2f4d1.dll
c:\programdata\PCDr\6032\AddOnDownloaded\ca35a61e-780d-401f-891e-22b67162d061.dll
c:\programdata\PCDr\6032\AddOnDownloaded\caf72ad2-a222-415c-a303-8ca35e466713.dll
c:\programdata\PCDr\6032\AddOnDownloaded\d04640e7-f772-4909-8f8e-f8294ff0752f.dll
c:\programdata\PCDr\6032\AddOnDownloaded\d2597799-52b1-4a68-9280-897ad5c0c18e.dll
c:\programdata\PCDr\6032\AddOnDownloaded\fb803e34-29ed-4941-a7b3-4074ca51286c.dll
c:\programdata\Roaming
c:\users\Niaz\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk
c:\users\Niaz\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk
c:\windows\RPSETUP.EXE.LOG
.
.
((((((((((((((((((((((((( Files Created from 2013-04-16 to 2013-05-16 )))))))))))))))))))))))))))))))
.
.
2013-05-16 01:59 . 2013-05-16 01:59 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-05-16 01:59 . 2013-05-16 01:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-15 23:32 . 2013-05-15 23:32 -------- d-----w- C:\FRST
2013-05-15 05:34 . 2013-05-15 05:34 -------- d-----w- C:\_OTL
2013-05-15 04:24 . 2013-05-15 04:24 262552 ----a-w- c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-05-15 04:23 . 2013-03-08 14:49 74136 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\breakpadinjector.dll
2013-05-15 04:23 . 2013-03-08 14:49 263064 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\components\browsercomps.dll
2013-05-15 04:23 . 2013-03-08 14:49 19352 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\AccessibleMarshal.dll
2013-05-15 03:20 . 2013-05-15 03:20 12872 ----a-w- c:\windows\system32\bootdelete.exe
2013-05-15 03:00 . 2013-05-15 03:21 -------- d-----w- c:\programdata\HitmanPro
2013-05-15 01:54 . 2013-05-15 01:54 -------- d-----w- c:\users\Niaz\AppData\Local\Programs
2013-05-15 01:51 . 2013-05-15 01:51 -------- d-----w- c:\users\Niaz\AppData\Roaming\Malwarebytes
2013-05-14 21:42 . 2013-05-14 21:42 -------- d-sh--w- C:\$$PendingFiles
2013-05-09 04:46 . 2013-05-09 04:56 -------- d-----w- c:\users\Niaz\AppData\Local\Microsoft Games
2013-04-24 03:52 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-04 16:10 . 2012-08-19 06:02 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-12 07:47 . 2012-08-19 06:31 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-04-04 21:50 . 2012-08-19 06:12 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-19 06:04 . 2013-04-10 01:20 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 01:20 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 01:20 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 01:20 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 01:20 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 01:20 112640 ----a-w- c:\windows\system32\smss.exe
2013-03-01 03:36 . 2013-04-10 01:20 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-22 06:57 . 2013-04-12 07:45 17817088 ----a-w- c:\windows\system32\mshtml.dll
2013-02-22 06:29 . 2013-04-12 07:45 10925568 ----a-w- c:\windows\system32\ieframe.dll
2013-02-22 06:27 . 2013-04-12 07:45 2312704 ----a-w- c:\windows\system32\jscript9.dll
2013-02-22 06:21 . 2013-04-12 07:45 1346560 ----a-w- c:\windows\system32\urlmon.dll
2013-02-22 06:20 . 2013-04-12 07:45 1392128 ----a-w- c:\windows\system32\wininet.dll
2013-02-22 06:19 . 2013-04-12 07:45 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-22 06:18 . 2013-04-12 07:45 237056 ----a-w- c:\windows\system32\url.dll
2013-02-22 06:17 . 2013-04-12 07:45 85504 ----a-w- c:\windows\system32\jsproxy.dll
2013-02-22 06:15 . 2013-04-12 07:45 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2013-02-22 06:15 . 2013-04-12 07:45 599040 ----a-w- c:\windows\system32\vbscript.dll
2013-02-22 06:15 . 2013-04-12 07:45 816640 ----a-w- c:\windows\system32\jscript.dll
2013-02-22 06:14 . 2013-04-12 07:45 729088 ----a-w- c:\windows\system32\msfeeds.dll
2013-02-22 06:13 . 2013-04-12 07:45 2147840 ----a-w- c:\windows\system32\iertutil.dll
2013-02-22 06:13 . 2013-04-12 07:45 96768 ----a-w- c:\windows\system32\mshtmled.dll
2013-02-22 06:12 . 2013-04-12 07:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-02-22 06:09 . 2013-04-12 07:45 248320 ----a-w- c:\windows\system32\ieui.dll
2013-02-22 03:46 . 2013-04-12 07:45 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-02-22 03:38 . 2013-04-12 07:45 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2013-02-22 03:37 . 2013-04-12 07:45 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-02-22 03:34 . 2013-04-12 07:45 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-02-22 03:34 . 2013-04-12 07:45 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-02-22 03:31 . 2013-04-12 07:45 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-02-19 21:59 . 2010-10-14 03:28 70112 ----a-w- c:\windows\system32\drivers\cfwids.sys
2013-02-19 21:56 . 2010-10-14 03:28 340216 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2013-02-19 21:56 . 2011-07-27 03:53 182752 ----a-w- c:\windows\system32\mfevtps.exe
2013-02-19 21:55 . 2011-07-27 03:53 10728 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2013-02-19 21:55 . 2010-10-14 03:28 106552 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2013-02-19 21:54 . 2010-10-14 03:28 771536 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2013-02-19 21:53 . 2010-10-14 03:28 515968 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2013-02-19 21:53 . 2010-10-14 03:28 309840 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2013-02-19 21:52 . 2010-10-14 03:28 179280 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2013-02-15 06:08 . 2013-04-10 01:20 44032 ----a-w- c:\windows\system32\tsgqec.dll
2013-02-15 06:06 . 2013-04-10 01:20 3717632 ----a-w- c:\windows\system32\mstscax.dll
2013-02-15 06:02 . 2013-04-10 01:20 158720 ----a-w- c:\windows\system32\aaclient.dll
2013-02-15 04:37 . 2013-04-10 01:20 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll
2013-02-15 04:34 . 2013-04-10 01:20 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
2013-02-15 03:25 . 2013-04-10 01:20 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-03-14 1532992]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-04-29 885760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-11-29 151952]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-01-24 991296]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-01-24 1298496]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2010-08-30 220528]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2013-02-19 106552]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-19 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2013-02-19 340216]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-02-19 25960]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-01-24 901184]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2013-02-19 218760]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2013-02-19 182752]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-02-18 378472]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-12-13 27760]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-01-24 58128]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-11-15 327168]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2013-02-19 70112]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096]
S3 cyhid;Cypress Input Device;c:\windows\system32\DRIVERS\cyhid.sys [2011-03-17 104960]
S3 cykbfltrService;Cypress Keyboard Filter Driver;c:\windows\system32\DRIVERS\cykbfltr.sys [2011-03-10 13312]
S3 cymfltrService;Cypress Trackpad Filter Driver;c:\windows\system32\DRIVERS\cymfltr.sys [2011-03-24 62464]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-12-10 60416]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-16 317440]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-12-28 76912]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2013-02-19 515968]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-10 06:14 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-09 04:03]
.
2013-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-09 04:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CyCpIo"="c:\program files\Cypress\TrackPad\CyCpIo.exe" [2011-03-10 2364928]
"CyHidWin"="c:\program files\Cypress\TrackPad\CyHidWin.exe" [2011-03-10 2351104]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-26 6611560]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-02 2189416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-12 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-12 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-12 418840]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-02-18 312936]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-01-24 10355200]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-04-29 2055016]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-16 499608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Niaz\AppData\Roaming\Mozilla\Firefox\Profiles\jr3y7ipx.default-1368591877508\
FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/feed/subscriptions
FF - ExtSQL: 2013-04-01 04:55; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - ExtSQL: 2013-05-14 21:26; {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}; c:\users\Niaz\AppData\Roaming\Mozilla\Firefox\Profiles\jr3y7ipx.default-1368591877508\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
FF - ExtSQL: 2013-05-14 22:12; jid1-xUfzOsOFlzSOXg@jetpack; c:\users\Niaz\AppData\Roaming\Mozilla\Firefox\Profiles\jr3y7ipx.default-1368591877508\extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi
FF - ExtSQL: 2013-05-14 22:15; socialfixer@mattkruse.com; c:\users\Niaz\AppData\Roaming\Mozilla\Firefox\Profiles\jr3y7ipx.default-1368591877508\extensions\socialfixer@mattkruse.com.xpi
FF - ExtSQL: 2013-05-14 22:20; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Niaz\AppData\Roaming\Mozilla\Firefox\Profiles\jr3y7ipx.default-1368591877508\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: !HIDDEN! 2013-04-01 04:55; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4252675172-1306416467-2356391749-1002\Software\SecuROM\License information*]
"datasecu"=hex:80,01,ca,f6,e3,8e,d8,e8,af,36,32,cc,99,c6,96,a1,31,cf,ae,78,47,
6f,6b,50,93,20,e5,ea,77,97,9e,31,b6,35,66,8c,95,cd,21,b3,20,57,f9,58,a8,7a,\
"rkeysecu"=hex:ef,2d,01,48,de,cb,21,3d,45,06,67,c6,d6,12,47,5a
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-05-15 19:01:42
ComboFix-quarantined-files.txt 2013-05-16 02:01
.
Pre-Run: 552,889,565,184 bytes free
Post-Run: 552,492,789,760 bytes free
.
- - End Of File - - 77B60EE3B5CEEC5BC58FCF9EE7B3F851








By the way, still getting pop ups, probably going to get a blue screen again soon.
 
Fiery

Fiery

Level 1
Jan 11, 2011
2,007
Download TDSSkiller from here
  • Double-Click on TDSSKiller.exe to run the application
  • When TDSSkiller opens, click change parameters , check the box next to Loaded modules . A reboot will be required.
  • After reboot, TDSSKiller will run again. Click Change parameters again and make sure everything is checked.
    clip.jpg
  • click Start scan .
  • If a suspicious object is detected, the default action will be Skip, click on Continue. (If it saids TDL4/TDSS file system, select delete)
  • If malicious objects are found, ensure Cure (default) is selected, then click Continue and Reboot now to finish the cleaning process.

Attach the log after (usually C:\ folder in the form of TDSSKiller.[Version]_[Date]_[Time]_log.txt

Next, Start your computer in Safe Mode with Networking.

  • Remove all floppy disks, CDs, and DVDs from your computer, and then <>restart your computer</>.</li>
    [*]<>Tap the "F8 key" continuously</> until you get the Advanced Boot Options screen.</li>
    [*]On the Advanced Boot Options screen, use the arrow keys to <>highlight Safe Mode with Networking</> , and then <>press ENTER</>.

<br>
<img title="Safe Mode with Networking screen" src="http://malwaretips.com/images/removalguide/safemode.jpg" alt="[Image: Safemode.jpg]" width="539" height="292" border="0" /></li>
</ol>

Download Kaspersky Virus Removal Tool <a title="External link" href="http://www.kaspersky.com/antivirus-removal-tool?form=1" rel="nofollow">from here</a></> <em>(Download Version 11. You'll have to enter your email address and name)</em>
<ol>
<li>Double-click the file and follow the on-screen prompts until it is installed</li>
<li>Click the Options button (the 'Gear' icon), then make sure only the following are ticked:
<ul>
<li><span style="color: #ff0000;">System Memory</span></li>
<li><span style="color: #ff0000;">Hidden startup objects</span></li>
<li><span style="color: #ff0000;">Disk boot sectors</span></li>
<li><span style="color: #ff0000;">Computer</span></li>
<li><span style="color: #ff0000;">Local Disk (C: )</span></li>
</ul>
</li>
<li>Click on <>Automatic Scan</></li>
<li>Now click the <>Start Scanning</> button, to run the scan</li>
<li>After the scan is complete, click the reports button ('Paper icon', next to the 'Gear' icon) on the right hand side</li>
<li>Click <>Detected threats</> on the left</li>
<li>Now click the <>Save</> button, and save it as <>kaslog.txt</> to your <>Desktop</></li>
<li>Please attach kaslog.txt in your next reply.</li>
</ol>
 
Last edited by a moderator:
C

ChitkaStruck

New Member
Thread author
May 14, 2013
14
Here they are.
 

Attachments

  • TDSSKiller.2.8.16.0_15.05.2013_19.30.51_log.txt
    3.7 KB · Views: 94
  • kalog.txt
    364 bytes · Views: 94
Fiery

Fiery

Level 1
Jan 11, 2011
2,007
Hi,

You can delete the things Kaspersky found. Still having popups?

Run Eset NOD32 Online AntiVirus here

Note: You will need to use Internet Explorer for this scan.
Vista / 7 users: You will need to to right-click on the Internet Explorer icon and select Run as Administrator
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your current antivirus software. You can usually do this with its Notfication Tray icon near the clock.
  • Make sure that the option "Remove found threats" is Un-checked, and the following Advance Settings are Checked
    • Scan unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log in your next reply to this topic.
  • The log can also be found in logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txt
 
C

ChitkaStruck

New Member
Thread author
May 14, 2013
14
I deleted them last night; I haven't had much time to use the computer (finals), but I'm planning to use it to study tomorrow. I haven't run the latest thing you recommended, and I won't unless something else comes up. The computer is running quite normally now. I will try to hit you up again soon to follow up; because of finals I'm not sure if I'll get to it soon enough, but I will absolutely at least personal message you. I think Kaspersky did the trick. Thanks!
 

Similar threads

5
  • Locked
Need help removing Google Chrome Malware Extension
Replies
6
Views
489
Windows Malware Removal Help & Support
nasdaq
nasdaq
M
  • Locked
Browser redirect malware
Replies
3
Views
257
Inactive Support Threads
icotonev
icotonev
L
  • Locked
Waiting for reply I have my first virus
Replies
1
Views
390
Windows Malware Removal Help & Support
nasdaq
nasdaq

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top