first notice mid November. Computer very slow. internet modem is almost on fire because running so hard and Norton keeps finding TrojanPoweliks!gm . Appears to be finding a home in C\windows\syswow64\00030595.tmp
computer slow due to a trojanpoweliks!gm
- Thread starter jasdanser
- Start date
- Apr 24, 2014
- 3,395
Helllo,
Before we begin, please note the following:
Scan with Farbar Recovery Scan Tool
Please download Farbar Recovery Scan Tool and save it to your desktop.
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
Before we begin, please note the following:
- I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
- The logs can take some time to research, so please be patient with me.
- Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
- Instructions that I give are for your system only!
- Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
- Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
- Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.
Please download Farbar Recovery Scan Tool and save it to your desktop.
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
- Double-click to run it. When the tool opens click Yes to disclaimer.
- Press Scan button.
- It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
- The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
I tried downloading Farbar but a message comes up say that my security settings does not allow!
PS If you fix this malware problem I will buy you a case of beer
PS If you fix this malware problem I will buy you a case of beer
- Apr 24, 2014
- 3,395
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 12/10/2014
Scan Time: 9:46:32 PM
Logfile:
Administrator: Yes
Version: 2.00.4.1028
Malware Database: v2014.12.10.10
Rootkit Database: v2014.12.08.03
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTF
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 353080
Time Elapsed: 24 min, 49 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 17
PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}, , [6ec44918acd082b4849fd534b74cbd43],
PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}, , [6ec44918acd082b4849fd534b74cbd43],
PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}, , [6ec44918acd082b4849fd534b74cbd43],
PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{6C434537-053E-486D-B62A-160059D9D456}, , [6ec44918acd082b4849fd534b74cbd43],
PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}, , [6ec44918acd082b4849fd534b74cbd43],
PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}, , [6ec44918acd082b4849fd534b74cbd43],
PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{6C434537-053E-486D-B62A-160059D9D456}, , [6ec44918acd082b4849fd534b74cbd43],
PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}, , [6ec44918acd082b4849fd534b74cbd43],
PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}, , [6ec44918acd082b4849fd534b74cbd43],
PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}, , [6ec44918acd082b4849fd534b74cbd43],
PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\CLASSES\GenericAskToolbar.ToolbarWnd.1, , [6ec44918acd082b4849fd534b74cbd43],
PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\CLASSES\GenericAskToolbar.ToolbarWnd, , [6ec44918acd082b4849fd534b74cbd43],
PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\GenericAskToolbar.ToolbarWnd, , [6ec44918acd082b4849fd534b74cbd43],
PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{D4027C7F-154A-4066-A1AD-4243D8127440}, , [6ec44918acd082b4849fd534b74cbd43],
PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\GenericAskToolbar.ToolbarWnd.1, , [6ec44918acd082b4849fd534b74cbd43],
PUP.Optional.FrostwireTB.A, HKU\S-1-5-21-2469825085-2062244620-3944050049-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D4027C7F-154A-4066-A1AD-4243D8127440}, , [6ec44918acd082b4849fd534b74cbd43],
PUP.Optional.FrostwireTB.A, HKU\S-1-5-21-2469825085-2062244620-3944050049-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D4027C7F-154A-4066-A1AD-4243D8127440}, , [6ec44918acd082b4849fd534b74cbd43],
Registry Values: 3
PUP.Optional.FrostwireTB.A, HKU\S-1-5-21-2469825085-2062244620-3944050049-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{00000000-6E41-4FD3-8538-502F5495E5FC}, , [6ec44918acd082b4849fd534b74cbd43],
PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{D4027C7F-154A-4066-A1AD-4243D8127440}, , [6ec44918acd082b4849fd534b74cbd43],
PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{D4027C7F-154A-4066-A1AD-4243D8127440}, , [5ad8540d502c162011122fdaaf54b34d],
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 54
PUP.Optional.FrostwireTB.A, C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll, , [6ec44918acd082b4849fd534b74cbd43],
Trojan.ClickBot, C:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$R11UY2G.tmp, , [d9598ed3cab266d099b06d86bd44f709],
Trojan.ClickBot, C:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$R1ERZ6L.tmp, , [082aa4bde696b38374d57e752cd56b95],
Trojan.ClickBot, C:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$R2NGC1B.tmp, , [a38fabb61864b680f257d61dff02619f],
Trojan.ClickBot, C:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$R2NI7G1.tmp, , [4de59fc2fe7eaa8c8bbe1bd8768b936d],
Trojan.ClickBot, C:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$R39KY2I.tmp, , [64ce2b36c4b8350117320de63dc4a15f],
Trojan.ClickBot, C:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$R3JUY6P.tmp, , [959d570aec9016203712db1857aaa858],
Trojan.ClickBot, C:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$R42LGI5.tmp, , [f73bc59c4735c86ee465c82bba47f40c],
Trojan.ClickBot, C:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$RNCC6X9.tmp, , [bb776af7bebe66d0e7622ac9df227f81],
Trojan.ClickBot, C:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$ROSCYVW.tmp, , [40f24b16cab276c0f4553eb5eb16cb35],
Trojan.ClickBot, C:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$RP7Q3ML.tmp, , [c270e8790973261050f9d91ac839f907],
Trojan.ClickBot, C:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$RPWZMZS.tmp, , [e151352c92ea7abcb297de155ca5b14f],
Trojan.ClickBot, C:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$RQDFUX0.tmp, , [9d956bf694e8cc6a1732cc27cd34a65a],
Trojan.ClickBot, C:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$RRQERRQ.tmp, , [250de57ca7d5bd79e960a251c43d47b9],
Trojan.ClickBot, C:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$RRYAOTE.tmp, , [a48ec39e81fba78fc287777cb64b867a],
Trojan.ClickBot, C:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$RS7BLYK.tmp, , [44ee4b166f0d6fc7173253a060a101ff],
Trojan.ClickBot, C:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$RSI3BYJ.tmp, , [cf6364fd06762c0a0445718204fdce32],
Trojan.ClickBot, C:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$RSWXS7H.tmp, , [a48ed68be696cc6a351401f22dd4a65a],
Trojan.ClickBot, C:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$R9Y4Q67.tmp, , [a9891b468defcd6997b2d22147ba966a],
Trojan.ClickBot, C:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$RAWYOFH.tmp, , [9b974b16027ac76f7ccd945fee1308f8],
Trojan.ClickBot, c:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$rblcnwf.tmp, , [989a00613d3fbb7b7acfda1954ad34cc],
Trojan.ClickBot, c:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$rc0q4uo.tmp, , [d85a77eaabd1ca6cbf8a25cedc255ca4],
Trojan.ClickBot, c:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$rcoji3q.tmp, , [a78baab7f28a31051c2d876c2cd5f20e],
Trojan.ClickBot, c:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$rdzo82z.tmp, , [da585d04ea92999de465ee05d52c9b65],
Trojan.ClickBot, c:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$rebs1i4.tmp, , [b37f352ccab230064bfe00f343be7d83],
Trojan.ClickBot, c:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$rf8f7ma.tmp, , [939f3c25fd7fcb6b4cfd0be8679a27d9],
Trojan.ClickBot, c:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$rtwxc3n.tmp, , [76bc5e03fa8253e322276f846f921ce4],
Trojan.ClickBot, c:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$ru2zils.tmp, , [a88ab9a8c6b6da5cbb8e17dc29d8c43c],
Trojan.ClickBot, c:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$ru9jils.tmp, , [db5767fab7c5da5c8ebbfaf9857ca55b],
Trojan.ClickBot, c:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$ruqen3m.tmp, , [73bf5e035f1d83b352f71bd81ce54db3],
Trojan.ClickBot, c:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$rvkpz9a.tmp, , [69c98bd65b2148ee0a3f5b9818e9847c],
Trojan.ClickBot, c:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$rwnarb1.tmp, , [1a1889d8522ad85e80c9e1127091a25e],
Trojan.ClickBot, c:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$ri01orc.tmp, , [32006001e19b56e0430601f2c53cd927],
Trojan.ClickBot, c:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$ri7h9fg.tmp, , [78ba4b16a8d4ea4ccb7ea94a867b56aa],
Trojan.ClickBot, c:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$ricfy4f.tmp, , [a78b77ead9a3fd39b396b83b7190f808],
Trojan.ClickBot, c:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$rjphd3a.tmp, , [68cab2afd5a774c2311823d010f149b7],
Trojan.ClickBot, c:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$rk4pgcq.tmp, , [ff33f26fdba123138bbec231f30ef50b],
Trojan.ClickBot, c:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$rky93sl.tmp, , [cf638ad72b51a49284c5d81bd42d7888],
Trojan.ClickBot, c:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$rlx3qyk.tmp, , [8da5520ffd7fc57167e2c52eb34e926e],
Trojan.ClickBot, c:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$rmjmkad.tmp, , [1121055c017b2a0cb297b3404eb32bd5],
Trojan.ClickBot, c:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$rmps97k.tmp, , [3ff3154c9ae273c33712886b10f1738d],
Trojan.ClickBot, c:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$r5ecl5n.tmp, , [1d15ed74afcd3df99aaf9d56e61ba858],
Trojan.ClickBot, c:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$r5mzmcr.tmp, , [35fd3c2594e84de96edb7d769f6243bd],
Trojan.ClickBot, c:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$r6d2kq4.tmp, , [56dca3bedf9dc57166e328cb6f92c53b],
Trojan.ClickBot, c:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$r8ynl0n.tmp, , [43ef4c157ffd171f7bce32c15aa759a7],
Trojan.ClickBot, c:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$r9n2lq1.tmp, , [032fed74027a60d678d10fe443be41bf],
Trojan.ClickBot, c:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$r9u3z9w.tmp, , [55ddce935626e0561c2d03f0dc25c739],
Trojan.ClickBot, c:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$r05zawb.tmp, , [3df5abb6ccb06ec84207e3106b9655ab],
Trojan.ClickBot, c:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$r09mfpp.tmp, , [ad85253c7903fc3ab69331c26d941be5],
Trojan.ClickBot, c:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$rx54wcv.tmp, , [4de568f9423a38fe3f0a757ec33e9f61],
Trojan.ClickBot, c:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$rxgt9l1.tmp, , [71c11c45700c67cff45549aab1509769],
Trojan.ClickBot, c:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$rxxtwih.tmp, , [a68c0d540e6e52e4c0895c97df2227d9],
Trojan.ClickBot, c:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$rybpnfm.tmp, , [73bffc656d0fc17585c47c77946d2fd1],
Trojan.ClickBot, c:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$rz9f28e.tmp, , [80b2570adba1fa3c1b2e03f0768bd12f],
Physical Sectors: 0
(No malicious items detected)
(end)
www.malwarebytes.org
Scan Date: 12/10/2014
Scan Time: 9:46:32 PM
Logfile:
Administrator: Yes
Version: 2.00.4.1028
Malware Database: v2014.12.10.10
Rootkit Database: v2014.12.08.03
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTF
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 353080
Time Elapsed: 24 min, 49 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 17
PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}, , [6ec44918acd082b4849fd534b74cbd43],
PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}, , [6ec44918acd082b4849fd534b74cbd43],
PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}, , [6ec44918acd082b4849fd534b74cbd43],
PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{6C434537-053E-486D-B62A-160059D9D456}, , [6ec44918acd082b4849fd534b74cbd43],
PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}, , [6ec44918acd082b4849fd534b74cbd43],
PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}, , [6ec44918acd082b4849fd534b74cbd43],
PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{6C434537-053E-486D-B62A-160059D9D456}, , [6ec44918acd082b4849fd534b74cbd43],
PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}, , [6ec44918acd082b4849fd534b74cbd43],
PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}, , [6ec44918acd082b4849fd534b74cbd43],
PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}, , [6ec44918acd082b4849fd534b74cbd43],
PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\CLASSES\GenericAskToolbar.ToolbarWnd.1, , [6ec44918acd082b4849fd534b74cbd43],
PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\CLASSES\GenericAskToolbar.ToolbarWnd, , [6ec44918acd082b4849fd534b74cbd43],
PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\GenericAskToolbar.ToolbarWnd, , [6ec44918acd082b4849fd534b74cbd43],
PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{D4027C7F-154A-4066-A1AD-4243D8127440}, , [6ec44918acd082b4849fd534b74cbd43],
PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\GenericAskToolbar.ToolbarWnd.1, , [6ec44918acd082b4849fd534b74cbd43],
PUP.Optional.FrostwireTB.A, HKU\S-1-5-21-2469825085-2062244620-3944050049-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D4027C7F-154A-4066-A1AD-4243D8127440}, , [6ec44918acd082b4849fd534b74cbd43],
PUP.Optional.FrostwireTB.A, HKU\S-1-5-21-2469825085-2062244620-3944050049-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D4027C7F-154A-4066-A1AD-4243D8127440}, , [6ec44918acd082b4849fd534b74cbd43],
Registry Values: 3
PUP.Optional.FrostwireTB.A, HKU\S-1-5-21-2469825085-2062244620-3944050049-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{00000000-6E41-4FD3-8538-502F5495E5FC}, , [6ec44918acd082b4849fd534b74cbd43],
PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{D4027C7F-154A-4066-A1AD-4243D8127440}, , [6ec44918acd082b4849fd534b74cbd43],
PUP.Optional.FrostwireTB.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{D4027C7F-154A-4066-A1AD-4243D8127440}, , [5ad8540d502c162011122fdaaf54b34d],
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 54
PUP.Optional.FrostwireTB.A, C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll, , [6ec44918acd082b4849fd534b74cbd43],
Trojan.ClickBot, C:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$R11UY2G.tmp, , [d9598ed3cab266d099b06d86bd44f709],
Trojan.ClickBot, C:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$R1ERZ6L.tmp, , [082aa4bde696b38374d57e752cd56b95],
Trojan.ClickBot, C:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$R2NGC1B.tmp, , [a38fabb61864b680f257d61dff02619f],
Trojan.ClickBot, C:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$R2NI7G1.tmp, , [4de59fc2fe7eaa8c8bbe1bd8768b936d],
Trojan.ClickBot, C:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$R39KY2I.tmp, , [64ce2b36c4b8350117320de63dc4a15f],
Trojan.ClickBot, C:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$R3JUY6P.tmp, , [959d570aec9016203712db1857aaa858],
Trojan.ClickBot, C:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$R42LGI5.tmp, , [f73bc59c4735c86ee465c82bba47f40c],
Trojan.ClickBot, C:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$RNCC6X9.tmp, , [bb776af7bebe66d0e7622ac9df227f81],
Trojan.ClickBot, C:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$ROSCYVW.tmp, , [40f24b16cab276c0f4553eb5eb16cb35],
Trojan.ClickBot, C:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$RP7Q3ML.tmp, , [c270e8790973261050f9d91ac839f907],
Trojan.ClickBot, C:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$RPWZMZS.tmp, , [e151352c92ea7abcb297de155ca5b14f],
Trojan.ClickBot, C:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$RQDFUX0.tmp, , [9d956bf694e8cc6a1732cc27cd34a65a],
Trojan.ClickBot, C:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$RRQERRQ.tmp, , [250de57ca7d5bd79e960a251c43d47b9],
Trojan.ClickBot, C:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$RRYAOTE.tmp, , [a48ec39e81fba78fc287777cb64b867a],
Trojan.ClickBot, C:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$RS7BLYK.tmp, , [44ee4b166f0d6fc7173253a060a101ff],
Trojan.ClickBot, C:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$RSI3BYJ.tmp, , [cf6364fd06762c0a0445718204fdce32],
Trojan.ClickBot, C:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$RSWXS7H.tmp, , [a48ed68be696cc6a351401f22dd4a65a],
Trojan.ClickBot, C:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$R9Y4Q67.tmp, , [a9891b468defcd6997b2d22147ba966a],
Trojan.ClickBot, C:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$RAWYOFH.tmp, , [9b974b16027ac76f7ccd945fee1308f8],
Trojan.ClickBot, c:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$rblcnwf.tmp, , [989a00613d3fbb7b7acfda1954ad34cc],
Trojan.ClickBot, c:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$rc0q4uo.tmp, , [d85a77eaabd1ca6cbf8a25cedc255ca4],
Trojan.ClickBot, c:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$rcoji3q.tmp, , [a78baab7f28a31051c2d876c2cd5f20e],
Trojan.ClickBot, c:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$rdzo82z.tmp, , [da585d04ea92999de465ee05d52c9b65],
Trojan.ClickBot, c:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$rebs1i4.tmp, , [b37f352ccab230064bfe00f343be7d83],
Trojan.ClickBot, c:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$rf8f7ma.tmp, , [939f3c25fd7fcb6b4cfd0be8679a27d9],
Trojan.ClickBot, c:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$rtwxc3n.tmp, , [76bc5e03fa8253e322276f846f921ce4],
Trojan.ClickBot, c:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$ru2zils.tmp, , [a88ab9a8c6b6da5cbb8e17dc29d8c43c],
Trojan.ClickBot, c:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$ru9jils.tmp, , [db5767fab7c5da5c8ebbfaf9857ca55b],
Trojan.ClickBot, c:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$ruqen3m.tmp, , [73bf5e035f1d83b352f71bd81ce54db3],
Trojan.ClickBot, c:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$rvkpz9a.tmp, , [69c98bd65b2148ee0a3f5b9818e9847c],
Trojan.ClickBot, c:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$rwnarb1.tmp, , [1a1889d8522ad85e80c9e1127091a25e],
Trojan.ClickBot, c:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$ri01orc.tmp, , [32006001e19b56e0430601f2c53cd927],
Trojan.ClickBot, c:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$ri7h9fg.tmp, , [78ba4b16a8d4ea4ccb7ea94a867b56aa],
Trojan.ClickBot, c:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$ricfy4f.tmp, , [a78b77ead9a3fd39b396b83b7190f808],
Trojan.ClickBot, c:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$rjphd3a.tmp, , [68cab2afd5a774c2311823d010f149b7],
Trojan.ClickBot, c:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$rk4pgcq.tmp, , [ff33f26fdba123138bbec231f30ef50b],
Trojan.ClickBot, c:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$rky93sl.tmp, , [cf638ad72b51a49284c5d81bd42d7888],
Trojan.ClickBot, c:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$rlx3qyk.tmp, , [8da5520ffd7fc57167e2c52eb34e926e],
Trojan.ClickBot, c:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$rmjmkad.tmp, , [1121055c017b2a0cb297b3404eb32bd5],
Trojan.ClickBot, c:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$rmps97k.tmp, , [3ff3154c9ae273c33712886b10f1738d],
Trojan.ClickBot, c:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$r5ecl5n.tmp, , [1d15ed74afcd3df99aaf9d56e61ba858],
Trojan.ClickBot, c:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$r5mzmcr.tmp, , [35fd3c2594e84de96edb7d769f6243bd],
Trojan.ClickBot, c:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$r6d2kq4.tmp, , [56dca3bedf9dc57166e328cb6f92c53b],
Trojan.ClickBot, c:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$r8ynl0n.tmp, , [43ef4c157ffd171f7bce32c15aa759a7],
Trojan.ClickBot, c:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$r9n2lq1.tmp, , [032fed74027a60d678d10fe443be41bf],
Trojan.ClickBot, c:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$r9u3z9w.tmp, , [55ddce935626e0561c2d03f0dc25c739],
Trojan.ClickBot, c:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$r05zawb.tmp, , [3df5abb6ccb06ec84207e3106b9655ab],
Trojan.ClickBot, c:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$r09mfpp.tmp, , [ad85253c7903fc3ab69331c26d941be5],
Trojan.ClickBot, c:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$rx54wcv.tmp, , [4de568f9423a38fe3f0a757ec33e9f61],
Trojan.ClickBot, c:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$rxgt9l1.tmp, , [71c11c45700c67cff45549aab1509769],
Trojan.ClickBot, c:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$rxxtwih.tmp, , [a68c0d540e6e52e4c0895c97df2227d9],
Trojan.ClickBot, c:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$rybpnfm.tmp, , [73bffc656d0fc17585c47c77946d2fd1],
Trojan.ClickBot, c:\$RECYCLE.BIN\S-1-5-21-2469825085-2062244620-3944050049-1001\$rz9f28e.tmp, , [80b2570adba1fa3c1b2e03f0768bd12f],
Physical Sectors: 0
(No malicious items detected)
(end)
- Apr 24, 2014
- 3,395
Scan with Farbar Recovery Scan Tool
Please download Farbar Recovery Scan Tool and save it to your desktop.
Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.
- Double-click to run it. When the tool opens click Yes to disclaimer.
- Press Scan button.
- It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
- The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
sorry it took so long...just got home from work.
see attachments below: computer was working amazing first thing this morning but appears Trojan returned.
see attachments below: computer was working amazing first thing this morning but appears Trojan returned.
- Apr 24, 2014
- 3,395
Disable malwarebytes.
Right-click on the MBAM icon in the systray and uncheck Enable Protection.
Download
Malwarebytes Anti-Rootkit to your desktop.
Fix with Farbar Recovery Scan Tool
This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable.
Download attached fixlist.txt file and save it to the Desktop:
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
Please attach it to your reply.
Right-click on the MBAM icon in the systray and uncheck Enable Protection.
Download
- Double-click the icon to start the tool.
- It will ask you where to extract it, then it will start.
- Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
- Click in the introduction screen "next" to continue.
- Click in the following screen "Update" to obtain the latest malware definitions.
- Once the update is complete select "Next" and click "Scan".
- When the scan is finished and no malware has been found select "Exit".
- If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
- Open the MBAR folder and paste the content of the following files in your next reply:
- "mbar-log-{date} (xx-xx-xx).txt"
- "system-log.txt"
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
- Right-click on
icon and select
Run as Administrator to start the tool.
(XP users click run after receipt of Windows Security Warning - Open File). - Press the Fix button just once and wait.
- If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
- When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please attach it to your reply.
Similar threads
