Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Inactive Malware Help Topics

User Tag List

Police Central e-crime Unit virus

This is a discussion on Police Central e-crime Unit virus within the Inactive Malware Help Topics forums, part of the Tech Support Forum category. Hi. My brother was on his new computer playing on a game when a message randomly popped up on his


 
 
Thread Tools Search this Thread
Old 01-15-2013, 02:57 AM   #1
Registered Member
 
Join Date: Feb 2012
Posts: 36
OS: Windows 7



Hi.

My brother was on his new computer playing on a game when a message randomly popped up on his screen saying that it was the Police Central e-crime Unit and his computer had been locked on the grounds that he'd broke some laws (some of which ridiculous) and needed to pay money to have the computer released, pretty obvious it's a scam/virus.

First thought was to try a system restore and roll back to a few days ago, however after restarting and logging on for the restore to take place I got an error saying that the system restore did not complete successfully, followed by the pop-up screen coming back on and locking the computer again.

Even though it seems to have locked the computer, it only appears to have done it on the one account so by using ctrl+alt+del you can still get into the guest or other administrator account and use it with out any problems, and it only comes on on the one account a few moments after logging in. I have pictures of the pop-up which locks the screen if needed.

I have access to the Windows Install Disc. Would be very grateful if someone could help me out.

Results of the DDS scan:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.10.2
Run by Bradley at 9:52:47 on 2013-01-15
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8174.6040 [GMT 0:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\sppsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{F2CE1336-E7D6-460A-BCED-878B94F7AA61} : DHCPNameServer = 192.168.1.254 192.168.1.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Bradley\AppData\Roaming\Mozilla\Firefox\Profiles\atg2t78n.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=100000027&locale=en_UK&apn_uid=9EBB0393-4F6C-498A-A538-878E2A6FAB6F&apn_ptnrs=%5EU3&apn_sauid=4EC73A7C-BD12-4C87-9825-3D8B6706491D&apn_dtid=%5EOSJ000%5EYY%5EGB&&q=
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-11-15 111968]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\System32\drivers\SCMNdisP.sys [2012-12-24 25056]
R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2012-12-22 21616]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-9-28 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-9-28 361984]
R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
R2 WSWNDA3100v2;WSWNDA3100v2;C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [2012-12-24 303360]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-12-22 46136]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\System32\drivers\bcmwlhigh664.sys [2012-12-24 1256192]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-12-22 104560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [2012-9-5 234776]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-12-25 1255736]
.
=============== Created Last 30 ================
.
2013-01-15 09:44:47 -------- d-----w- C:\Users\Bradley\AppData\Local\Mozilla
2013-01-14 22:13:58 82568 ----a-w- C:\ProgramData\ifgxpers.exe
2013-01-14 14:14:23 -------- d-----w- C:\Windows\PCHEALTH
2013-01-13 14:17:54 -------- d-----w- C:\Crash
2013-01-13 14:14:30 -------- d--h--w- C:\Windows\msdownld.tmp
2013-01-13 14:14:29 -------- d-----w- C:\Windows\SysWow64\directx
2013-01-13 10:50:26 -------- d-----w- C:\Program Files (x86)\Microsoft XNA
2013-01-11 1820 2162 ----a-w- C:\Windows\SysWow64\ealregsnapshot1.reg
2013-01-11 17:49:14 -------- d-----w- C:\Program Files (x86)\LEGO Media
2013-01-11 17:48:59 306688 ----a-w- C:\Windows\IsUninst.exe
2013-01-11 17:38:55 -------- d-----w- C:\Program Files (x86)\EA GAMES
2013-01-10 15:31:28 -------- d-----w- C:\Program Files\Lexmark
2013-01-09 15:08:58 68608 ----a-w- C:\Windows\System32\taskhost.exe
2013-01-09 15:08:58 3149824 ----a-w- C:\Windows\System32\win32k.sys
2013-01-05 08:58:31 -------- d-----w- C:\Program Files (x86)\AMD AVT
2013-01-05 08:58:28 -------- d-----w- C:\Program Files (x86)\AMD APP
2013-01-05 08:54:46 -------- d-----w- C:\AMD
2012-12-29 09:24:47 -------- d-----w- C:\Program Files (x86)\Ask.com
2012-12-29 09:14:38 -------- d-----w- C:\ProgramData\Ask
2012-12-29 09:14:20 859072 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-12-29 09:14:20 779704 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-12-29 09:14:11 95184 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-27 18:55:35 281288 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-12-27 02:23:48 281872 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-12-27 02:23:48 281288 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-12-27 02:23:47 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-12-27 02:23:40 78680 ----a-w- C:\Windows\System32\XAPOFX1_4.dll
2012-12-27 02:23:40 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_4.dll
2012-12-27 02:23:40 530776 ----a-w- C:\Windows\System32\XAudio2_6.dll
2012-12-27 02:23:40 528216 ----a-w- C:\Windows\SysWow64\XAudio2_6.dll
2012-12-27 02:23:40 24920 ----a-w- C:\Windows\System32\X3DAudio1_7.dll
2012-12-27 02:23:40 238936 ----a-w- C:\Windows\SysWow64\xactengine3_6.dll
2012-12-27 02:23:40 22360 ----a-w- C:\Windows\SysWow64\X3DAudio1_7.dll
2012-12-27 02:23:40 176984 ----a-w- C:\Windows\System32\xactengine3_6.dll
2012-12-27 02:21:57 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2012-12-27 02:21:52 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-12-26 12:10:20 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-12-26 12:10:20 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-12-26 12:10:20 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2012-12-25 21:36:27 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{29D4A10B-0247-4AFE-A7FB-688AE99F663E}\mpengine.dll
2012-12-25 20:23:56 -------- d-----w- C:\Program Files (x86)\Dotjosh Studios
2012-12-25 16:37:36 -------- d-----r- C:\Program Files (x86)\Skype
2012-12-25 16:24:56 4178264 ----a-w- C:\Windows\SysWow64\D3DX9_41.dll
2012-12-25 16:24:55 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2012-12-25 16:24:55 235344 ----a-w- C:\Windows\SysWow64\d3dx11_42.dll
2012-12-25 16:24:53 1974616 ----a-w- C:\Windows\SysWow64\D3DCompiler_42.dll
2012-12-25 16:24:53 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
2012-12-25 16:24:52 3495784 ----a-w- C:\Windows\SysWow64\d3dx9_33.dll
2012-12-25 16:09:47 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2012-12-25 16:09:47 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-12-25 16:09:47 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-12-25 16:09:47 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-12-25 15:59:26 -------- d-----w- C:\Windows\SysWow64\URTTEMP
2012-12-25 15:58:26 -------- d-----w- C:\ProgramData\Turbine
2012-12-25 15:58:19 -------- d-----w- C:\ProgramData\HappyCloud
2012-12-25 15:58:12 294912 ----a-w- C:\Windows\System32\browserchoice.exe
2012-12-25 15:53:11 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2012-12-25 15:53:11 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-25 15:53:11 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-25 15:53:11 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-25 15:53:11 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-25 15:53:11 100864 ----a-w- C:\Windows\System32\fontsub.dll
2012-12-25 15:52:52 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2012-12-25 15:52:52 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2012-12-25 15:52:52 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2012-12-25 15:52:52 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2012-12-25 15:52:52 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2012-12-25 15:52:52 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2012-12-25 15:52:52 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2012-12-25 15:51:24 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-12-25 15:51:24 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-12-25 15:51:24 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-12-25 15:51:24 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-12-25 15:51:24 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-12-25 15:34:17 -------- d-----w- C:\ProgramData\McAfee Security Scan
2012-12-25 15:34:16 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan
2012-12-25 13:13:16 -------- d-----w- C:\Program Files\Bohemia Interactive
2012-12-25 11:05:27 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-25 11:05:27 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-25 09:04:14 -------- d-----w- C:\Windows\SysWow64\Wat
2012-12-25 09:04:14 -------- d-----w- C:\Windows\System32\Wat
2012-12-24 20:50:10 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2012-12-24 20:50:09 -------- d-----w- C:\Program Files (x86)\Steam
2012-12-24 20:36:36 -------- d--h--w- C:\$AVG
2012-12-24 20:36:36 -------- d-----w- C:\ProgramData\AVG2013
2012-12-24 20:35:29 -------- d-----w- C:\Program Files (x86)\AVG
2012-12-24 20:23:39 -------- d--h--w- C:\ProgramData\Common Files
2012-12-24 20:23:39 -------- d-----w- C:\ProgramData\MFAData
2012-12-24 20:12:59 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-12-24 20:11:58 956928 ----a-w- C:\Windows\System32\localspl.dll
2012-12-24 20:09:51 96224 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
2012-12-24 20:07:01 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-12-24 20:04:51 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-12-24 20:04:51 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-12-24 20:04:51 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-12-24 20:01:37 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-12-24 20:01:33 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-12-24 20:01:25 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-12-24 20:01:25 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-12-24 19:55:27 95544 ----a-w- C:\Windows\System32\bcmwlcoi.dll
2012-12-24 19:55:27 3566592 ----a-w- C:\Windows\System32\bcmihvui64.dll
2012-12-24 19:55:27 1256192 ----a-w- C:\Windows\System32\drivers\bcmwlhigh664.sys
2012-12-24 19:55:26 3900928 ----a-w- C:\Windows\System32\bcmihvsrv64.dll
2012-12-24 19:55:26 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll
2012-12-24 19:55:23 96784 ----a-w- C:\Windows\SysWow64\Packet.dll
2012-12-24 19:55:23 53299 ----a-w- C:\Windows\SysWow64\pthreadVC.dll
2012-12-24 19:55:23 47632 ----a-w- C:\Windows\System32\drivers\npf.sys
2012-12-24 19:55:23 281104 ----a-w- C:\Windows\SysWow64\wpcap.dll
2012-12-24 19:55:23 25056 ----a-w- C:\Windows\System32\drivers\SCMNdisP.sys
2012-12-24 19:55:20 -------- d-----w- C:\Program Files (x86)\NETGEAR
2012-12-22 08:34:19 -------- d-----w- C:\Windows\Panther
2012-12-22 01:35:10 0 ----a-w- C:\Windows\ativpsrm.bin
2012-12-22 01:18:59 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2012-12-22 01:18:59 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2012-12-22 01:18:30 -------- d-----w- C:\ProgramData\AMD
2012-12-22 01:18:29 46136 ----a-w- C:\Windows\System32\drivers\amdiox64.sys
2012-12-22 01:18:19 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2012-12-22 01:17:54 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2012-12-22 01:17:43 -------- d-sh--w- C:\Windows\Installer
2012-12-22 01:17:05 -------- d-----w- C:\Program Files\ATI Technologies
2012-12-22 01:17:04 -------- d-----w- C:\Program Files\ATI
2012-12-22 01:11:18 104560 ----a-w- C:\Windows\System32\drivers\L1C62x64.sys
2012-12-22 01:08:44 -------- d-----w- C:\Windows\SysWow64\RTCOM
2012-12-22 00:56:33 -------- d-sh--w- C:\Recovery
.
==================== Find3M ====================
.
2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll
2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-11-15 23:33:24 111968 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2012-11-09 05:45:32 750592 ----a-w- C:\Windows\System32\win32spl.dll
2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-09 04:43:04 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-11-01 05:43:42 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2012-11-01 05:43:42 1882624 ----a-w- C:\Windows\System32\msxml3.dll
2012-11-01 04:47:54 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-11-01 04:47:54 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-10-22 13:02:44 154464 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
.
============= FINISH: 9:52:56.68 ===============
Attached Files
File Type: zip attach.zip (4.4 KB, 18 views)
Alex197 is offline  
Sponsored Links
Advertisement
 
Old 01-16-2013, 10:06 AM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

What is the name of the affected account?

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Emergency Backup Procedure - Tech Support Forum

------------------------------------------------------

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Double-click ComboFix.exe and follow the prompts to run it.

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, C:\ComboFix.txt, in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.

If you get an 'Illegal operation attempted on a Registry key which has been marked for deletion' error message, please reboot your machine.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 01-20-2013, 01:05 PM   #3
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

IMPORTANT - Read This Before Posting For Malware Removal Help

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Redirecting and virus problems
My computer is redirecting and im sure i have a virus. When i try to run gmer it shuts my computer down even when only checking sections and c drive. Here is the logs that i could get. Thanks in advance. Timmy This is not the same computer as my previous problems. Thanks timmy DDS...
toliver30471 Resolved HJT Threads 21 02-23-2011 05:09 PM
computer freezes redirects to different sites on google
Please help. My computer has been running slow and many times when I upload a page it says it is not responding. The other issue is that when I do a search on google and click on the correct search,it directs me to another soliciting site. I have tried to run GMER both ways and it just will not...
lubo1 Inactive Malware Help Topics 8 02-21-2011 09:28 PM
Browser Redirect Issue
I have been having an issue with both IE and Firefox redirecting Google search results a majority of the time. I had done a scan with Spybot Search & Destroy prior to posting here and "Fraud.WindowsProtectionSuite" (15 entries) and "Microsoft.Windows.RedirectedHosts" (3 entries) were the only...
bob2881 Resolved HJT Threads 21 02-21-2011 06:48 PM
Google Redirect Virus....PLease Help!
Hi, I have managed to contract a a very nasty virus onto my laptop which redirects my google links to other obscure websites. It also blocks me from accessing any antivirus websites such as avg.com. I have looked at other threads and tried combifix, malwarebytes, tdsskiller and everything else...
phil221986 Resolved HJT Threads 8 02-01-2011 03:49 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 07:18 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts