luluhifi

Happy New Year to every one 2k19

Best is YoutubeByClick

Thanks Guys.....No place like home when you need help

Thank your very much for your help JonTom My system 100% better now>>I did all in post #41>>>idle is bouncing between 15 --22% while i have firefox open which makin me surf much faster than before>.i can see the increase I am goin to do the same with my other system...I Thank u so much.

[2011/01/30 05:30:55 | 000,084,480 | ---- | C] () -- F:WindowsSystem32ff_vfw.dll [2011/01/29 13:02:14 | 000,003,884 | ---- | C] () -- F:UsersTTArmstrongAppDataRoamingdvdae.config [2010/11/14 06:08:43 | 000,001,378 | ---- | C] () -- F:WindowsSystem32SpoonUninstall-dBpowerAMP WMA V9.1 Codec.dat [2010/10/23 20:04:09 | 000,130,048 | ---- | C] () -- F:WindowsSystem32SpoonUninstall.exe [2010/10/23 05:02:04 | 000,001,057 | ---- | C] () -- F:UsersTTArmstrongAppDataRoamingvso_ts_preview.xml [2010/10/23 05:00:39 | 000,087,608 | ---- | C] () -- F:UsersTTArmstrongAppDataRoaminginst.exe [2010/10/23 0

OTL logfile created on: 8/1/2012 8:47:10 AM - Run 3 OTL by OldTimer - Version 3.2.54.1 Folder = F:UsersTTArmstrongDesktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.99 Gb Total Physical Memory | 1.11 Gb Available Physical Memory | 55.63% Memory free 3.98 Gb Paging File | 2.43 Gb Available in Paging File | 61.12% Paging File free Paging file location(s): ?:pagefile.sys [binary data] %SystemDrive% = F: | %SystemRo

F:QooboxQuarantineFWindowsInstaller{371f0327-d1cc-d2bc-bbb5-70ff0af3e16e}[email protected] Win32/Conedex.E trojan cleaned by deleting - quarantined Make sure that the option to "Remove Found Threats" is UN checked. i miss doin this before the scan sorry ESET

The system is running much better now and only one thing seem funny to me is that in a idle state my CPU is bouncing between 50% -60% Eset in next post.

Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.31.13 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 TTArmstrong :: TTARMSTRONG-PC [administrator] 7/31/2012 7:47:54 PM mbam-log-2012-07-31 (19-47-54).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 206811 Time elapsed: 4 minute(s), 13 second(s) Memory Processes Detected: 0 (No malicious items detected) Me

I run the ESET Scan yesturday before post #32 and this is what the log is>>i will run both scan again posted in #32 and post log F:Program FilesLoarisTrojan Remover 1.2ltr12.exe a variant of Win32/1AntiVirus application cleaned by deleting - quarantined F:QooboxQuarantineFWindowsInstaller{371f0327-d1cc-d2bc-bbb5-70ff0af3e16e}[email protected] Win32/Conedex.D trojan cleaned by deleting - quarantined F:QooboxQuarantineFWindowsInstaller{371f0327-d1cc-d2bc-bbb5-70ff0af3e16e}[email protected] a variant of Win32/Sirefef.FA trojan cleaned by deleting - quarantined F:QooboxQuaranti

[2011/11/17 08:50:28 | 000,012,800 | ---- | C] () -- F:WindowsSystem32driversanodlwf.sys [2011/11/17 08:50:27 | 000,014,051 | ---- | C] () -- F:WindowsSystem32RaCoInst.dat [2011/11/09 19:55:48 | 000,000,566 | ---- | C] () -- F:WindowsSystem32SP7302.INI [2011/07/27 08:53:38 | 000,000,000 | ---- | C] () -- F:UsersTTArmstrongAppDataLocal{DEB393EC-9D07-4AAF-B6DE-442513357526} [2011/03/24 22:02:01 | 000,029,008 | ---- | C] () -- F:WindowsSystem32SmartDefragBootTime.exe [2011/03/24 22:02:01 | 000,016,184 | ---- | C] () -- F:WindowsSystem32driversSmartDefragDriver.sys [2011/01/30 05:30:55 | 000

OTL logfile created on: 7/30/2012 9:57:44 PM - Run 2 OTL by OldTimer - Version 3.2.54.1 Folder = F:UsersTTArmstrongDesktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.99 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 63.66% Memory free 3.98 Gb Paging File | 2.34 Gb Available in Paging File | 58.92% Paging File free Paging file location(s): ?:pagefile.sys [binary data] %SystemDrive% = F: | %SystemR

Here you go All processes killed ========== OTL ========== File HKEY_CURRENT_USERsoftwaremozillaFirefoxExtensions{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: F:Program FilesPriceGong2.1.0FF not found. F:UsersTTArmstron[email protected]OneClickDownload.comskin folder moved successfully. F:UsersTTArmstron[email protected]OneClickDownload.comlocaleen-US folder moved successfully. F:UsersTTArmstron[email protected]OneClickDownload.comlocale fold

yet this one was a real nasty one that i could not get rid of>>>Is there any other progam that i can put with and work with the other ones i have to protect me from this again ??I will run the scan when I get back to system in trouble..Thanks alot

https://www.virustotal.com/file/6aab9ce51d0aad73f64e2159e32f541cf4b95b5a05f0a50655eb70e91a5cf1ba/analysis/1343527972/

16:24:42.0798 4192 VSS (209a3b1901b83aeb8527ed211cce9e4c) F:Windowssystem32vssvc.exe 16:24:42.0814 4192 VSS - ok 16:24:42.0845 4192 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) F:Windowssystem32DRIVERSvwifibus.sys 16:24:42.0845 4192 vwifibus - ok 16:24:42.0860 4192 vwififlt (7090d3436eeb4e7da3373090a23448f7) F:Windowssystem32DRIVERSvwififlt.sys 16:24:42.0876 4192 vwififlt - ok 16:24:42.0907 4192 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) F:Windowssystem32DRIVERSvwifimp.sys 16:24:42.0907 4192 vwifimp - ok 16:24:42.0954 4192 W32Time (55187

========== LOP Check ========== [2011/08/13 15:53:50 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingApowersoft [2010/10/23 09:09:08 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingBackTalk [2012/07/22 18:25:11 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingBitTorrent [2010/10/23 20:17:56 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingdBpoweramp [2010/10/02 11:17:50 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingDisk Cleaner [2012/02/01 23:36:24 | 000,000,000 | ---D | M] -- F:UsersTTArmstrongAppDataRoamingDVDFab [201

16:23:03.0231 4288 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32 16:23:04.0042 4288 ============================================================ 16:23:04.0042 4288 Current date / time: 2012/07/26 16:23:04.0042 16:23:04.0042 4288 SystemInfo: 16:23:04.0042 4288 16:23:04.0042 4288 OS Version: 6.1.7601 ServicePack: 1.0 16:23:04.0042 4288 Product type: Workstation 16:23:04.0042 4288 ComputerName: TTARMSTRONG-PC 16:23:04.0042 4288 UserName: TTArmstrong 16:23:04.0042 4288 Windows directory: F:Windows 16:23:04.0042 4288 System windows directory: F:Windows 16:23:04.004

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-07-26 15:39:12 ----------------------------- 15:39:12.760 OS Version: Windows 6.1.7601 Service Pack 1 15:39:12.760 Number of processors: 2 586 0x170A 15:39:12.760 ComputerName: TTARMSTRONG-PC UserName: TTArmstrong 15:39:13.852 Initialize success 15:47:07.175 AVAST engine defs: 12072601 15:47:17.611 Disk 0 (boot) DeviceHarddisk0DR0 -> DeviceIdeIAAStorageDevice-1 15:47:17.611 Disk 0 Vendor: WDC_WD16 11.0 Size: 152627MB BusType: 8 15:47:17.627 Disk 0 MBR read successfully 15:4

Ok Here is the OTL OTL logfile created on: 7/26/2012 3:26:09 PM - Run 1 OTL by OldTimer - Version 3.2.54.1 Folder = F:UsersTTArmstrongDesktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.99 Gb Total Physical Memory | 1.36 Gb Available Physical Memory | 68.26% Memory free 3.98 Gb Paging File | 2.61 Gb Available in Paging File | 65.70% Paging File free Paging file location(s): ?:pagefile.sys [binary data]

I update ComboFix and this is what i got ComboFix 12-07-27.01 - TTArmstrong 07/26/2012 8:10.2.2 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2036.1001 [GMT -4:00] Running from: f:usersTTArmstrongDesktopComboFix.exe Command switches used :: f:usersTTArmstrongDesktopCFScript.txt AV: Panda Cloud Antivirus *Disabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C} FW: Cloud Antivirus Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117} FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB} SP: COMODO Defense+ *Enabled/Updated*

I did acouple of times and i didnt see anything like log comes up atall after Combofix>>> maybe im doing something wrong

https://www.virustotal.com/file/e432d688852c27d2c3df460311f5170235908c08c54bec3ae33b238aba37fbe9/analysis/1343091368/ https://www.virustotal.com/file/3c61584d439739489a02314c2649847d6f19ac56e2319beae87f4bc77605eeee/analysis/1343091589/ F:UsersTTArmstrongAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupLvbicEQ.exe This one say >>>LvbicEQ.exe file not found

ComboFix 12-07-21.01 - TTArmstrong 07/22/2012 19:52:23.1.2 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2036.1031 [GMT -4:00] Running from: f:usersTTArmstrongDesktopComboFix.exe AV: Panda Cloud Antivirus *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59} FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB} SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D} SP: Panda Cloud Antivirus *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C

ok JonTom thanks