Inactive-A Worst Virus problem I've ever had

Status
Not open for further replies.
NeilCourticeONT

NeilCourticeONT

Posts: 10   +0
Virus: Win32/Rovnix.gen!C
Virus: DOS/Rovnix.gen!A

Both of these showed up on my computer today (or activated today at least).

With my internet connection active, Internet Explorer starts to open multiple times in the background.
(without me launching IE at all - I use Chrome for everything)
It chokes my CPU resources almost immediately ( 100% CPU use )

I have gone through steps 1 and 2 as per the instructions. Attached is my Scan Log from MBAM, as I move on to DDS.

***********************************
 

Attachments

  • MBAMScanLogMay092014.txt
    15.8 KB · Views: 0
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==================================

Please observe forum rules.
All logs have to be pasted not attached.
 
Oops - sorry.
Here's the text from the log :

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 09/05/2014
Scan Time: 11:23:16 PM
Logfile:
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.10.01
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: Default

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 290533
Time Elapsed: 26 min, 27 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 29
PUP.Optional.MediaBuzz.A, HKLM\SOFTWARE\CLASSES\CLSID\{6e5fc976-41f5-4a38-8b32-d50e5b211a55}, Quarantined, [a41559f6f586c0760ed33f2d0bf9e818],
PUP.Optional.MediaBuzz.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{cb66ca12-a3d1-4cc4-8309-1d45ccf2ad44}, Quarantined, [a41559f6f586c0760ed33f2d0bf9e818],
PUP.Optional.MediaBuzz.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C2DA4F9D-8922-4C55-A10B-9AD784A87E25}, Quarantined, [a41559f6f586c0760ed33f2d0bf9e818],
PUP.Optional.MediaBuzz.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{6E5FC976-41F5-4A38-8B32-D50E5B211A55}, Quarantined, [a41559f6f586c0760ed33f2d0bf9e818],
PUP.Optional.MediaBuzz.A, HKU\S-1-5-21-3167029622-1747883471-2824578182-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{6E5FC976-41F5-4A38-8B32-D50E5B211A55}, Quarantined, [a41559f6f586c0760ed33f2d0bf9e818],
PUP.Optional.MediaBuzz.A, HKU\S-1-5-21-3167029622-1747883471-2824578182-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{6E5FC976-41F5-4A38-8B32-D50E5B211A55}, Quarantined, [a41559f6f586c0760ed33f2d0bf9e818],
PUP.Optional.MediaBuzz.A, HKLM\SOFTWARE\CLASSES\CLSID\{6E5FC976-41F5-4A38-8B32-D50E5B211A55}\INPROCSERVER32, Quarantined, [a41559f6f586c0760ed33f2d0bf9e818],
PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\CLASSES\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}, Quarantined, [813878d70576b87e1dcfc8639171f808],
PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\CLASSES\TYPELIB\{A0EE0278-2986-4E5A-884E-A3BF0357E476}, Quarantined, [813878d70576b87e1dcfc8639171f808],
PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\CLASSES\INTERFACE\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}, Quarantined, [813878d70576b87e1dcfc8639171f808],
PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}, Quarantined, [813878d70576b87e1dcfc8639171f808],
PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\CLASSES\Updater.AmiUpd.1, Quarantined, [813878d70576b87e1dcfc8639171f808],
PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\CLASSES\Updater.AmiUpd, Quarantined, [813878d70576b87e1dcfc8639171f808],
Trojan.Vundo, HKU\S-1-5-21-3167029622-1747883471-2824578182-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{56256A51-B582-467e-B8D4-7786EDA79AE0}, Quarantined, [4178ec63017ab18576066ee454ae916f],
Trojan.Vundo, HKU\S-1-5-21-3167029622-1747883471-2824578182-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{56256A51-B582-467E-B8D4-7786EDA79AE0}, Quarantined, [4178ec63017ab18576066ee454ae916f],
Trojan.Vundo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{56256A51-B582-467E-B8D4-7786EDA79AE0}, Quarantined, [4178ec63017ab18576066ee454ae916f],
PUP.Optional.FunWebProducts.A, HKU\S-1-5-21-3167029622-1747883471-2824578182-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}, Quarantined, [fabff45b087368ce4745095106fc2dd3],
PUP.Optional.FunWebProducts.A, HKLM\SOFTWARE\MICROSOFT\CODE STORE DATABASE\DISTRIBUTION UNITS\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}, Quarantined, [fabff45b087368ce4745095106fc2dd3],
PUP.Optional.DomaIQ.A, HKLM\SOFTWARE\DomaIQ, Quarantined, [9b1e014e64170630b46a6f2818ea12ee],
PUP.Optional.MediaBuzz.A, HKLM\SOFTWARE\MediaBuzzV1, Quarantined, [2099450a89f277bf2bf486f9d72b8080],
PUP.Optional.MediaBuzz.A, HKLM\SOFTWARE\MediaBuzzV1mode7984, Quarantined, [19a0c48b3744ee4821fe384720e2cc34],
PUP.Optional.FunWebProducts.A, HKLM\SOFTWARE\FUNWEBPRODUCTS\Installer, Quarantined, [6950450a205b93a35f4e4a66649f38c8],
PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\dedmngkbaffkenlfdcbganndoghblmap, Quarantined, [a019262987f482b4dfab1d5ee0229967],
PUP.Optional.Gophoto.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pfmopbbadnfoelckkcmjjeaaegjpjjbk, Quarantined, [6c4deb64b5c66ccab949812e7b88cc34],
PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\poheodfamflhhhdcmjfeggbgigeefaco, Quarantined, [f9c0ba95a1dadf570cdc8ef9d23060a0],
PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-3167029622-1747883471-2824578182-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\1ClickDownload, Quarantined, [f8c170dfdd9e53e3b3ec4f5c3cc7c739],
PUP.Optional.PriceGong.A, HKU\S-1-5-21-3167029622-1747883471-2824578182-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, Quarantined, [942580cfed8e85b1ed7948460ef4c53b],
PUP.Optional.HDVidCodec.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\1ClickDownload, Quarantined, [bbfe97b80e6df442168c7feec939817f],
PUP.Optional.MediaBuzz.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MediaBuzzV1mode7984, Quarantined, [2a8fada2cab1e5514e1ca9d09d65c23e],

Registry Values: 5
PUP.Optional.MindSpark.A, HKU\S-1-5-21-3167029622-1747883471-2824578182-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{00A6FAF6-072E-44cf-8957-5838F569A31D}, Quarantined, [c4f5fd523c3f87af73a270ec4eb405fb],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-3167029622-1747883471-2824578182-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{00A6FAF6-072E-44CF-8957-5838F569A31D}, Quarantined, [c4f5fd523c3f87af73a270ec4eb405fb],
PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|ext@bettersurfplus.com, C:\Program Files\BetterSurf\BetterSurfPlus\ff, Quarantined, [4475ed62abd052e43f121c7013ef38c8]
PUP.Optional.MediaBuzz.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|ext@MediaBuzzV1mode7984.net, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode7984\ff, Quarantined, [02b7113ee19ad4620d13ceb123df7c84]
PUP.Optional.ConduitSearchProtect, HKU\S-1-5-21-3167029622-1747883471-2824578182-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|SearchProtect, C:\Users\Guest\AppData\Roaming\SearchProtect\bin\cltmng.exe, Quarantined, [308981ce3d3e05318fb44d5a679cce32]

Registry Data: 0
(No malicious items detected)

Folders: 19
PUP.Optional.HDVidCodec.A, C:\Users\Default.Default-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hdvidcodec.com, Quarantined, [26931b341c5fe74f1e0fddcefe05ba46],
PUP.Optional.Gophoto.A, C:\Program Files\Gophoto.it, Quarantined, [2594f15ec1ba39fd4cb5bbf4ba498779],
PUP.Optional.OpenCandy, C:\Users\Default.Default-PC\AppData\Roaming\OpenCandy, Quarantined, [eccddb74e79468ce200ebab2d52d12ee],
PUP.Optional.OpenCandy, C:\Users\Default.Default-PC\AppData\Roaming\OpenCandy\OpenCandy_C3096C6E8EE7413B99CDD45A9BF442CE, Quarantined, [eccddb74e79468ce200ebab2d52d12ee],
PUP.Optional.HDVidCodec.A, C:\Program Files\hdvidcodec.com, Quarantined, [bbfe97b80e6df442168c7feec939817f],
PUP.Optional.Webexp, C:\Program Files\WebexpEnhancedV1, Quarantined, [c3f685cadaa184b28b970e6014ee7987],
PUP.Optional.CrossRider.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpkbnefaikfaeadgidhpoanckoiaheli, Quarantined, [baff2a256813d56180b65b1630d2cc34],
PUP.Optional.CrossRider.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpkbnefaikfaeadgidhpoanckoiaheli\2.1_0, Quarantined, [baff2a256813d56180b65b1630d2cc34],
PUP.Optional.CrossRider.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpkbnefaikfaeadgidhpoanckoiaheli\2.1_0\html, Quarantined, [baff2a256813d56180b65b1630d2cc34],
PUP.Optional.CrossRider.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpkbnefaikfaeadgidhpoanckoiaheli\2.1_0\images, Quarantined, [baff2a256813d56180b65b1630d2cc34],
PUP.Optional.CrossRider.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpkbnefaikfaeadgidhpoanckoiaheli\2.1_0\js, Quarantined, [baff2a256813d56180b65b1630d2cc34],
PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode7984, Quarantined, [2a8fada2cab1e5514e1ca9d09d65c23e],
PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode7984\ch, Quarantined, [2a8fada2cab1e5514e1ca9d09d65c23e],
PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode7984\ff, Quarantined, [2a8fada2cab1e5514e1ca9d09d65c23e],
PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode7984\ff\chrome, Quarantined, [2a8fada2cab1e5514e1ca9d09d65c23e],
PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode7984\ff\chrome\content, Quarantined, [2a8fada2cab1e5514e1ca9d09d65c23e],
PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode7984\ff\chrome\content\icons, Quarantined, [2a8fada2cab1e5514e1ca9d09d65c23e],
PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode7984\ff\chrome\content\icons\default, Quarantined, [2a8fada2cab1e5514e1ca9d09d65c23e],
PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode7984\ie, Quarantined, [2a8fada2cab1e5514e1ca9d09d65c23e],

Files: 40
PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode7984\ie\MediaBuzzV1mode7984.dll, Quarantined, [a41559f6f586c0760ed33f2d0bf9e818],
PUP.Optional.SoftwareUpdater, C:\Users\Default.Default-PC\AppData\Local\SwvUpdater\Updater.exe, Quarantined, [813878d70576b87e1dcfc8639171f808],
PUP.FakeFlash.Domaiq, C:\Users\Default.Default-PC\Documents\Downloads\FlashPlayer_V.137018230c.exe, Quarantined, [cfea212e62193402534902e3b44ca45c],
PUP.Optional.Bandoo, C:\Users\Default.Default-PC\Documents\Downloads\iLividSetup-r989-n-bc.exe, Quarantined, [6950292688f392a4df56d236bd448779],
PUP.Optional.iBryte, C:\Users\Default.Default-PC\Documents\Downloads\Express_Installer.exe, Quarantined, [7445430c5e1d0b2b01960cf9e819df21],
PUP.FakeFlash.Domaiq, C:\Users\Default.Default-PC\Documents\Downloads\FlashPlayer_V.129023709c.exe, Quarantined, [cced3d1289f277bf049811d454ac15eb],
PUP.FakeFlash.Domaiq, C:\Users\Default.Default-PC\Documents\Downloads\FlashPlayer_V.130330288c.exe, Quarantined, [2b8ecd827902d264ccd02cb989779769],
PUP.Optional.MediaBuzz.A, C:\Users\Default.Default-PC\AppData\Local\Temp\appinstal1.exe, Quarantined, [b3065df249324aece8f9214b877dba46],
Trojan.Inject.ED, C:\Users\Default.Default-PC\AppData\Local\Temp\UpdateFlashPlayer_7d8f91ca.exe, Quarantined, [9d1caea13f3c13230882b3ab06fb2cd4],
Spyware.Zbot.VXGen, C:\Users\Default.Default-PC\AppData\Local\Temp\1syasdsgscsafgrwonf.exe, Quarantined, [79406be41b60f93d8783e484f40dcc34],
PUP.Optional.Conduit.A, C:\Users\Guest\AppData\Local\Temp\cltmng.exe, Quarantined, [e5d406496f0c6ccac50c5bc13cc5a25e],
PUP.Software.Updater, C:\Windows\Tasks\AmiUpdXp.job, Quarantined, [8930fa5597e48fa7fcc04c4f5fa3649c],
PUP.Optional.HDVidCodec.A, C:\Users\Default.Default-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hdvidcodec.com\HDVidCodec.lnk, Quarantined, [26931b341c5fe74f1e0fddcefe05ba46],
PUP.Optional.HDVidCodec.A, C:\Users\Default.Default-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\hdvidcodec.com\Uninstall.lnk, Quarantined, [26931b341c5fe74f1e0fddcefe05ba46],
PUP.Optional.Gophoto.A, C:\Program Files\Gophoto.it\gophotoit14.crx, Quarantined, [2594f15ec1ba39fd4cb5bbf4ba498779],
PUP.Optional.OpenCandy, C:\Users\Default.Default-PC\AppData\Roaming\OpenCandy\OpenCandy_C3096C6E8EE7413B99CDD45A9BF442CE\DLMgr_3_1.6.44.exe, Quarantined, [eccddb74e79468ce200ebab2d52d12ee],
PUP.Optional.HDVidCodec.A, C:\Program Files\hdvidcodec.com\b.bmp, Quarantined, [bbfe97b80e6df442168c7feec939817f],
PUP.Optional.HDVidCodec.A, C:\Program Files\hdvidcodec.com\finish.bmp, Quarantined, [bbfe97b80e6df442168c7feec939817f],
PUP.Optional.HDVidCodec.A, C:\Program Files\hdvidcodec.com\FinishHDVID.exe, Quarantined, [bbfe97b80e6df442168c7feec939817f],
PUP.Optional.HDVidCodec.A, C:\Program Files\hdvidcodec.com\HDVidCodec.exe, Quarantined, [bbfe97b80e6df442168c7feec939817f],
PUP.Optional.HDVidCodec.A, C:\Program Files\hdvidcodec.com\HDvidCodec10.crx, Quarantined, [bbfe97b80e6df442168c7feec939817f],
PUP.Optional.HDVidCodec.A, C:\Program Files\hdvidcodec.com\hdvidextsetup.exe, Quarantined, [bbfe97b80e6df442168c7feec939817f],
PUP.Optional.HDVidCodec.A, C:\Program Files\hdvidcodec.com\hdvid_temp.bmp, Quarantined, [bbfe97b80e6df442168c7feec939817f],
PUP.Optional.HDVidCodec.A, C:\Program Files\hdvidcodec.com\uninst.exe, Quarantined, [bbfe97b80e6df442168c7feec939817f],
PUP.Optional.CrossRider.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpkbnefaikfaeadgidhpoanckoiaheli\2.1_0\manifest.json, Quarantined, [baff2a256813d56180b65b1630d2cc34],
PUP.Optional.CrossRider.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpkbnefaikfaeadgidhpoanckoiaheli\2.1_0\html\background.html, Quarantined, [baff2a256813d56180b65b1630d2cc34],
PUP.Optional.CrossRider.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpkbnefaikfaeadgidhpoanckoiaheli\2.1_0\images\icon.128.png, Quarantined, [baff2a256813d56180b65b1630d2cc34],
PUP.Optional.CrossRider.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpkbnefaikfaeadgidhpoanckoiaheli\2.1_0\images\icon.16.png, Quarantined, [baff2a256813d56180b65b1630d2cc34],
PUP.Optional.CrossRider.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpkbnefaikfaeadgidhpoanckoiaheli\2.1_0\images\icon.48.png, Quarantined, [baff2a256813d56180b65b1630d2cc34],
PUP.Optional.CrossRider.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpkbnefaikfaeadgidhpoanckoiaheli\2.1_0\js\background.js, Quarantined, [baff2a256813d56180b65b1630d2cc34],
PUP.Optional.CrossRider.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpkbnefaikfaeadgidhpoanckoiaheli\2.1_0\js\ex.js, Quarantined, [baff2a256813d56180b65b1630d2cc34],
PUP.Optional.CrossRider.A, C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpkbnefaikfaeadgidhpoanckoiaheli\2.1_0\js\jquery.js, Quarantined, [baff2a256813d56180b65b1630d2cc34],
PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode7984\uninstall.exe, Quarantined, [2a8fada2cab1e5514e1ca9d09d65c23e],
PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode7984\ch\MediaBuzzV1mode7984.crx, Quarantined, [2a8fada2cab1e5514e1ca9d09d65c23e],
PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode7984\ff\chrome.manifest, Quarantined, [2a8fada2cab1e5514e1ca9d09d65c23e],
PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode7984\ff\install.rdf, Quarantined, [2a8fada2cab1e5514e1ca9d09d65c23e],
PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode7984\ff\chrome\content\ffMediaBuzzV1mode7984.js, Quarantined, [2a8fada2cab1e5514e1ca9d09d65c23e],
PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode7984\ff\chrome\content\overlay.xul, Quarantined, [2a8fada2cab1e5514e1ca9d09d65c23e],
PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode7984\ff\chrome\content\icons\Thumbs.db, Quarantined, [2a8fada2cab1e5514e1ca9d09d65c23e],
PUP.Optional.MediaBuzz.A, C:\Program Files\MediaBuzzV1\MediaBuzzV1mode7984\ff\chrome\content\icons\default\MediaBuzzV1mode7984_32.png, Quarantined, [2a8fada2cab1e5514e1ca9d09d65c23e],

Physical Sectors: 0
(No malicious items detected)


(end)
 
DDS notepad message :

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 01/07/2008 4:08:42 AM
System Uptime: 09/05/2014 11:34:33 PM (1 hours ago)
.
Motherboard: TOSHIBA | | ISRAA
Processor: Intel(R) Core(TM)2 Duo CPU T5450 @ 1.66GHz | U2E1 | 1667/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 174 GiB total, 96.767 GiB free.
D: is FIXED (NTFS) - 6 GiB total, 5.792 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Image File Execution Options =============
.
.
==== Installed Programs ======================
.
.
==== End Of File ===========================
 
Above post was the attach.txt info - I don't see any DDS.txt file since running that scan.
Is that unusual ?
Not sure if I should run the DDS application again.
 
Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
Reboot was required after TDSSKiller ran.

This is what was in the report window from the software after the reboot (could not find the text file otherwise - but I will look again) :


18:26:19.0065 0x05bc TDSS rootkit removing tool 3.0.0.34 Apr 29 2014 18:20:10
18:26:19.0568 0x05bc ============================================================
18:26:19.0569 0x05bc Current date / time: 2014/05/11 18:26:19.0568
18:26:19.0569 0x05bc SystemInfo:
18:26:19.0569 0x05bc
18:26:19.0569 0x05bc OS Version: 6.0.6002 ServicePack: 2.0
18:26:19.0569 0x05bc Product type: Workstation
18:26:19.0569 0x05bc ComputerName: NEILTOSHIBAVIST
18:26:19.0569 0x05bc UserName: Default
18:26:19.0569 0x05bc Windows directory: C:\Windows
18:26:19.0569 0x05bc System windows directory: C:\Windows
18:26:19.0569 0x05bc Processor architecture: Intel x86
18:26:19.0569 0x05bc Number of processors: 2
18:26:19.0569 0x05bc Page size: 0x1000
18:26:19.0569 0x05bc Boot type: Normal boot
18:26:19.0569 0x05bc ============================================================
18:26:19.0574 0x05bc BG loaded
18:26:20.0831 0x05bc System UUID: {6F3A93E9-BD11-D367-9995-227AD560FDD4}
18:26:23.0951 0x05bc Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:26:23.0982 0x05bc ============================================================
18:26:23.0982 0x05bc \Device\Harddisk0\DR0:
18:26:23.0982 0x05bc MBR partitions:
18:26:23.0982 0x05bc \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x15B3F000
18:26:23.0982 0x05bc \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x15E2D800, BlocksNum 0xBC3800
18:26:23.0982 0x05bc ============================================================
18:26:24.0013 0x05bc C: <-> \Device\Harddisk0\DR0\Partition1
18:26:24.0060 0x05bc D: <-> \Device\Harddisk0\DR0\Partition2
18:26:24.0060 0x05bc ============================================================
18:26:24.0060 0x05bc Initialize success
18:26:24.0060 0x05bc ============================================================
 
Besides that - the system has corrected enough that I no longer see Internet Explorer randomly loading anymore in Task Manager - so that's a good thing. (haven't seen that since I ran the DDS software, before I ran TDSSKiller).

CPU running at a baseline 4% to 10 % again, which was pretty much normal before.

Physical memory is way up though - close to 1.6 GB, and it was usually at or below 1 GB before.

Another good sign is that Micrsoft Security Essentials went green again after the TDSSKiller was run. That alone puts my mind at ease a bit - it was stuck when the 2 viruses were found, and couldn't remove them itself. Running another full scan on it now.

At what point do I remove the other 3 tools ?
(MBAM , DDS , TDSSKiller )

I get the sense that I am in the home stretch at least.
 
TDSSKIller log looks incomplete but from what you're saying it fixed quite a bit so I won't worry about it.

redtarget.gif
Re-run DDS and see if it'll give you both logs this time around.

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

  • Close all the running programs
  • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download Malwarebytes Anti-Rootkit (MBAR) from HERE
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
 
Interesting - I did get both this time.

DDS.txt here :

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16545 BrowserJavaVersion: 10.21.2
Run by Default at 20:50:22 on 2014-05-11
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2038.768 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Rogers\Update Manager\RogersUpdateManager.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Google\Update\1.3.24.7\GoogleCrashHandler.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Users\Default.Default-PC\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Users\Default.Default-PC\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.ca/
uProxyOverride = <-loopback>;<local>
BHO: Yahoo! Toolbar Helper: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [Akamai NetSession Interface] "c:\users\default.default-pc\appdata\local\akamai\netsession_win.exe"
uRun: [Google Update] "c:\users\default.default-pc\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [iLivid] "c:\users\default.default-pc\appdata\local\ilivid\iLivid.exe" -autorun
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
mRun: [HWSetup] \HWSetup.exe hwSetUP
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe"
mRun: [TPwrMain] c:\program files\toshiba\power saver\TPwrMain.EXE
mRun: [HSON] c:\program files\toshiba\tbs\HSON.exe
mRun: [SmoothView] c:\program files\toshiba\smoothview\SmoothView.exe
mRun: [00TCrdMain] c:\program files\toshiba\flashcards\TCrdMain.exe
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [Skytel] Skytel.exe
mRun: [Windows Mobile-based device management] c:\windows\windowsmobile\wmdcBase.exe
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
StartupFolder: c:\users\defaul~1.def\appdata\roaming\micros~1\windows\startm~1\programs\startup\zooskm~1.lnk - c:\program files\zooskmessenger\ZooskMessenger.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
LSP: c:\windows\system32\wpclsp.dll
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{040130EB-6108-4208-BFF3-9C74CE9DD47A} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{C5102A62-2BB8-4CC3-BB61-A4F5A28FFDDB} : DHCPNameServer = 192.168.0.1
Handler: intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} -
Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - c:\program files\turbotax 2011\ic2011pp.dll
Handler: intu-tt2012 - {02F985EF-502B-4597-993F-6BF9E004C138} - c:\program files\turbotax 2012\ic2012pp.dll
Handler: intu-tt2013 - {9FF5EC07-1645-43BF-828F-C73CFA7BC1AF} - c:\program files\turbotax 2013\ic2013pp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\34.0.1847.131\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2014-1-25 231960]
R1 FreeOTFE;FreeOTFE;c:\windows\system32\FreeOTFE.sys [2012-10-12 31856]
R1 FreeOTFECypherAES_ltc;FreeOTFECypherAES_ltc;c:\windows\system32\FreeOTFECypherAES_ltc.sys [2012-10-12 47216]
R1 FreeOTFEHashRIPEMD;FreeOTFEHashRIPEMD;c:\windows\system32\FreeOTFEHashRIPEMD.sys [2012-10-12 32624]
R1 MpKsl7033c795;MpKsl7033c795;c:\programdata\microsoft\microsoft antimalware\definition updates\{a608da40-0bb9-4db7-81d5-9ff5d55d8ae1}\MpKsl7033c795.sys [2014-5-11 39464]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-12-6 21504]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-5-9 1809720]
R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-5-9 857912]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-8-30 104264]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-3-6 39056]
R2 RogersUpdateManager;Rogers Update Manager;c:\program files\rogers\update manager\RogersUpdateManager.exe [2009-11-9 169936]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-5-9 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-5-9 107736]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-5-9 51416]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2014-3-11 279776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 ivm;ivm;c:\windows\system32\drivers\ivm.sys [2011-8-14 502112]
S3 vDeskNetProt;RingCube vDeskNet Protocol Driver;c:\windows\system32\drivers\vDeskNetProt.sys [2011-8-14 42848]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]
.
=============== File Associations ===============
.
ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~2\office\FRONTPG.EXE
.
=============== Created Last 30 ================
.
2014-05-11 22:57:40 62576 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{a608da40-0bb9-4db7-81d5-9ff5d55d8ae1}\offreg.dll
2014-05-11 22:57:40 39464 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{a608da40-0bb9-4db7-81d5-9ff5d55d8ae1}\MpKsl7033c795.sys
2014-05-11 22:40:16 8050496 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{a608da40-0bb9-4db7-81d5-9ff5d55d8ae1}\mpengine.dll
2014-05-11 22:15:08 -------- d-----w- C:\TDSSKiller_Quarantine
2014-05-10 02:54:39 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-10 02:53:26 73432 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-10 02:53:26 51416 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-10 02:53:26 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-10 02:53:25 -------- d-----w- c:\programdata\Malwarebytes
2014-05-10 02:53:25 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-05-09 22:30:32 8050496 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-05-09 14:14:19 765968 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{a9a2af2c-488a-4058-b926-7e41d2fc5236}\gapaengine.dll
2014-05-02 21:18:32 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-04-28 03:59:21 -------- d-----w- c:\windows\Migration
2014-04-27 04:14:33 -------- d-----w- c:\windows\system32\MRT
2014-04-27 04:10:04 9728 ----a-w- c:\windows\system32\Wdfres.dll
2014-04-27 04:10:00 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2014-04-27 04:10:00 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2014-04-27 04:09:59 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2014-04-27 04:09:59 16896 ----a-w- c:\windows\system32\winusb.dll
2014-04-27 04:09:58 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2014-04-27 04:09:57 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2014-04-27 04:09:54 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2014-04-27 04:09:54 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2014-04-27 04:09:53 613888 ----a-w- c:\windows\system32\WUDFx.dll
2014-04-26 12:45:33 1400832 ----a-w- c:\windows\system32\msxml6.dll
2014-04-26 12:45:27 34304 ----a-w- c:\windows\system32\atmlib.dll
2014-04-26 12:45:27 293376 ----a-w- c:\windows\system32\atmfd.dll
2014-04-26 12:45:26 376320 ----a-w- c:\windows\system32\winsrv.dll
2014-04-26 12:44:32 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-04-26 12:44:30 443904 ----a-w- c:\windows\system32\win32spl.dll
2014-04-26 12:44:30 37376 ----a-w- c:\windows\system32\printcom.dll
2014-04-26 12:25:31 -------- d-----w- c:\program files\MediaBuzzV1
2014-04-25 23:26:48 812544 ----a-w- c:\windows\system32\certutil.exe
2014-04-25 23:26:47 41984 ----a-w- c:\windows\system32\certenc.dll
2014-04-25 23:25:58 993792 ----a-w- c:\windows\system32\crypt32.dll
2014-04-25 23:25:36 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2014-04-25 23:25:16 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2014-04-25 23:25:16 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2014-04-25 23:25:15 683008 ----a-w- c:\windows\system32\d2d1.dll
2014-04-25 23:25:15 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2014-04-25 23:25:15 189952 ----a-w- c:\windows\system32\d3d10core.dll
2014-04-25 23:25:15 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2014-04-25 23:25:15 1029120 ----a-w- c:\windows\system32\d3d10.dll
2014-04-25 23:25:14 798208 ----a-w- c:\windows\system32\FntCache.dll
2014-04-25 23:25:14 1069056 ----a-w- c:\windows\system32\DWrite.dll
2014-04-25 23:24:13 638400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-04-25 23:24:13 37376 ----a-w- c:\windows\system32\cdd.dll
2014-04-25 23:24:10 3603904 ----a-w- c:\windows\system32\ntkrnlpa.exe
2014-04-25 23:24:09 64000 ----a-w- c:\windows\system32\smss.exe
2014-04-25 23:24:09 49152 ----a-w- c:\windows\system32\csrsrv.dll
2014-04-25 23:24:09 3551680 ----a-w- c:\windows\system32\ntoskrnl.exe
2014-04-25 23:24:09 1205168 ----a-w- c:\windows\system32\ntdll.dll
2014-04-25 23:23:45 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
2014-04-25 23:23:38 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2014-04-25 23:23:11 623616 ----a-w- c:\windows\system32\localspl.dll
2014-04-25 23:21:59 36864 ----a-w- c:\windows\system32\wshcon.dll
2014-04-25 23:20:23 172544 ----a-w- c:\windows\system32\wintrust.dll
2014-04-25 23:20:22 98304 ----a-w- c:\windows\system32\cryptnet.dll
2014-04-25 23:20:22 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2014-04-25 23:12:15 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2014-04-25 23:12:14 983552 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2014-04-25 23:12:14 964608 ----a-w- c:\program files\windows journal\JNWDRV.dll
2014-04-25 23:12:14 1218048 ----a-w- c:\program files\windows journal\NBDoc.DLL
2014-04-25 23:02:40 2048 ----a-w- c:\windows\system32\tzres.dll
2014-04-25 23:02:08 876032 ----a-w- c:\windows\system32\wer.dll
.
==================== Find3M ====================
.
2014-04-29 02:25:01 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-29 02:25:01 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-11 13:52:30 104264 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2014-03-07 23:12:00 1806848 ----a-w- c:\windows\system32\jscript9.dll
2014-03-07 23:02:19 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-07 23:02:07 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-03-07 22:57:17 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-07 22:56:03 421376 ----a-w- c:\windows\system32\vbscript.dll
.
============= FINISH: 20:52:00.06 ===============


And Attach.txt here :

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 01/07/2008 4:08:42 AM
System Uptime: 11/05/2014 6:22:23 PM (2 hours ago)
.
Motherboard: TOSHIBA | | ISRAA
Processor: Intel(R) Core(TM)2 Duo CPU T5450 @ 1.66GHz | U2E1 | 1667/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 174 GiB total, 96.171 GiB free.
D: is FIXED (NTFS) - 6 GiB total, 5.792 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Community Help
Adobe Flash Player 13 ActiveX
Adobe Flash Player 13 Plugin
Adobe Media Player
Adobe Reader X (10.1.9)
Adobe Shockwave Player 11.5
Akamai NetSession Interface
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Software Update
Camera Assistant Software for Toshiba
Canon MP Navigator EX 2.0
Canon Utilities Solution Menu
CanoScan LiDE 200 Scanner Driver
CD/DVD Drive Acoustic Silencer
Connect
Coupon Printer for Windows
DVD MovieFactory for TOSHIBA
Emicsoft MTS Converter
Facebook Video Calling 1.2.0.159
ffdshow v1.2.4422 [2012-04-09]
Google Chrome
Google Earth
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Deskjet 1000 J110 series Basic Device Software
HP Deskjet 1000 J110 series Help
HP Deskjet 1000 J110 series Product Improvement Study
HP Photo Creations
HP Product Detection
HP Update
Intel Matrix Storage Manager
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless Software
Java 7 Update 21
Java Auto Updater
Java(TM) 6 Update 32
Java(TM) SE Runtime Environment 6
JavaFX 2.1.1
Malwarebytes Anti-Malware version 2.0.1.1004
mCore
mHelp
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4.5.1
Microsoft Office 2000 Premium
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Word Supplemental Templates and Wizards
Microsoft XML Parser
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
mMHouse
mPfMgr
MS Extra links
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Octoshape add-in for Adobe Flash Player
OnlinePlay 1.0
Quicken 2009
QuickTime
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
RealUpgrade 1.1
reminder
Rogers Update Manager
Rogers Yahoo! Applications
Roxio Media Manager
RPS CRT
RSH Home Networking Wizard
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Skype™ 6.14
Staples Copy & Print Online
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA Recovery Disc Creator
Toshiba Registration
TOSHIBA SD Memory Utilities
TOSHIBA Software Modem
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TurboTax 2011
TurboTax 2012
TurboTax 2013
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Utility Common Driver
Windows Media Encoder 9 Series
Yahoo! Toolbar
.
==== End Of File ===========================


Working on RogueKiller next.
 
Rogue Killer Report :

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Default [Admin rights]
Mode : Remove -- Date : 05/11/2014 21:23:07
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : iLivid ("C:\Users\Default.Default-PC\AppData\Local\iLivid\iLivid.exe" -autorun [x]) -> DELETED
[RUN][SUSP PATH] HKLM\[...]\Run : Skytel (Skytel.exe [7]) -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-21-3167029622-1747883471-2824578182-1000\[...]\Run : iLivid ("C:\Users\Default.Default-PC\AppData\Local\iLivid\iLivid.exe" -autorun [x]) -> [0x2] The system cannot find the file specified.
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowRun (0) -> REPLACED (1)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MK2046GSX +++++
--- User ---
[MBR] e390ef7599d11c13e1c234bb0309624c
[BSP] 87042bb57fab562d2f4fd0a527263a3f : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 177790 MB
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 367187968 | Size: 6023 MB
3 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 379523072 | Size: 5468 MB
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_05112014_212307.txt >>
RKreport[0]_S_05112014_211925.txt
 
MBAR started up fine.
It updated itself, and I started the scan.

The scan failed during the first part of the scan.

Not sure where to go from here.
 
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
This topic is marked as abandoned and closed due to inactivity.

This member will NOT be eligible to receive any more help in malware removal forum.
 
Status
Not open for further replies.

Similar threads

Scorpus
AMD launches Ryzen 6000 series for laptops: What's new with the Zen 3+ architecture?
2
Replies
47
Views
7K
mxfalcon54
M
N
Microsoft announces Windows 11 with redesigned UI, Start Menu, and Store
2 3 4
Replies
83
Views
11K
ron baer
ron baer
Bob O'Donnell
Amazon Astro brings a personal robot into your home
Replies
16
Views
2K
GLenn63
GLenn63

Latest posts

Back