Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

USB shortcuts + Remove access to all files + Remove Control Panel + JS virus


  • This topic is locked This topic is locked
19 replies to this topic

#1 gauchotche

gauchotche

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:24 PM

Posted 13 May 2013 - 12:39 PM

Hello, after inserting a pendrive I've contaminated my personal computer with a virus that:
 
1) Transform all files and folder of the pendrive in hiden and create shortcuts
2) Remove the Control Panel itens
3) Blocks my access to all my files/programs/folders (system says that I've no permission to use/work in all the folder and all the programs)
4) It's a JS type os virus because there are JS stuff in the Start menu item.
5) The virus also deactivates Avira completely. The program starts but when I click it's icon it just closes. Also avira did detect the virus in the pendrive but it was too late.
 
After a lot of work following instructions here I believe I've succesffuly cleaned my system, but I would like to confirm. I'm posting the DDS log. thanks

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.21.2
Run by Fernando at 14:30:56 on 2013-05-13
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1033.18.8108.4048 [GMT -3:00]
.
AV: Bitdefender Antivirus *Enabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Bitdefender Antispyware *Enabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fb_inet_server.exe
C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
C:\Windows\system32\HPSIsvc.exe
D:\Programas\Borland\InterBase\bin\ibguard.exe
D:\Programas\Virus\Malwarebytes' Anti-Malware\mbamscheduler.exe
D:\Programas\Virus\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
D:\Programas\Virus\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files (x86)\EPSON\MyEpson Portal\mep.exe
C:\Windows\SysWOW64\NLSSRV32.EXE
C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Cyberlink\Shared files\RichVideo64.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files (x86)\BlueStacks\HD-Service.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\splwow64.exe
C:\Windows\SysWOW64\DllHost.exe
D:\Programas\Disk Director\OSS\reinstall_svc.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\BlueStacks\HD-Network.exe
D:\Programas\VMWare Player\vmware-authd.exe
C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
D:\Programas\Hardware\Core Temp.exe
C:\Program Files\Apoint\Apoint.exe
D:\Programas\Eraser\Eraser.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Windows\System32\TiltWheelMouse.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
D:\Programas\Skype Recorder\MP3 Skype Recorder.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
D:\Jogos\HWiNFO64\RTSS\RTSS.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
D:\Programas\Acronis True Image\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\BlueStacks\HD-Agent.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\Apvfb.exe
D:\Jogos\ThrottleStop_400\ThrottleStop.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
D:\Programas\Borland\InterBase\bin\ibserver.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\explorer.exe
D:\Programas\Bitdefender\Bitdefender 2013\updatesrv.exe
D:\Programas\Bitdefender\Bitdefender 2013\bdagent.exe
D:\Programas\Bitdefender\Bitdefender 2013\vsserv.exe
C:\Windows\system32\wuauclt.exe
D:\Programas\Firefox\firefox.exe
D:\Programas\uTorrent\uTorrent_3.2_build_27886.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Windows\System32\WUDFHost.exe
D:\Programas\Firefox\plugin-container.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Java\jre7\bin\jp2launcher.exe
C:\Program Files (x86)\Java\jre7\bin\java.exe
D:\Programas\Capture2Text_v2.4\Capture2Text\Capture2Text.exe
D:\Programas\Delphi\RAD Studio\9.0\bin\bds.exe
C:\Windows\system32\taskeng.exe
D:\Programas\Bitdefender\Bitdefender 2013\downloader.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
uRun: [MP3 Skype Recorder] D:\Programas\Skype Recorder\MP3 Skype Recorder.exe
uRun: [DAEMON Tools Lite] "D:\Programas\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [RTSS] "D:\Jogos\HWiNFO64\RTSS\RTSSWrapper.exe" /s
mRun: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [TrueImageMonitor.exe] "D:\Programas\Acronis True Image\TrueImageHome\TrueImageMonitor.exe"
mRun: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
StartupFolder: C:\Users\Fernando\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\BATTER~1.LNK - C:\Program Files\BatteryBar\BatteryBar.exe
StartupFolder: C:\Users\Fernando\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RTSSEX~1.LNK - D:\Jogos\HWiNFO64\RTSS\RTSS.exe
StartupFolder: C:\Users\Fernando\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\THROTT~1.LNK - D:\Jogos\ThrottleStop_400\ThrottleStop.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - D:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Open with &ZipScan - C:\PROGRA~2\ZIPSCA~1\zs_ie.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 168.95.1.1
TCP: Interfaces\{0E0A27BA-5C00-4358-AF98-EE40E5FD2B97} : DHCPNameServer = 168.95.1.1
TCP: Interfaces\{0E0A27BA-5C00-4358-AF98-EE40E5FD2B97}\14C4655435 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{0E0A27BA-5C00-4358-AF98-EE40E5FD2B97}\6424353534 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{0E0A27BA-5C00-4358-AF98-EE40E5FD2B97}\642435353453 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{0E0A27BA-5C00-4358-AF98-EE40E5FD2B97}\745796C6865627D656 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{EAD73522-99A7-4745-A1DA-816A66565352}\14C4655435 : DHCPNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Programas\Skype Recorder\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
x64-Run: [Apoint] C:\Program Files (x86)\Apoint\Apoint.exe
x64-Run: [Eraser] "D:\PROGRA~2\Eraser\Eraser.exe" --atRestart
x64-Run: [MouseDriver] TiltWheelMouse.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [Bdagent] D:\Programas\Bitdefender\Bitdefender 2013\bdagent.exe
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Fernando\AppData\Roaming\Mozilla\Firefox\Profiles\qbgmm2e7.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Fernando\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Users\Fernando\AppData\Roaming\Mozilla\Firefox\Profiles\qbgmm2e7.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\plugins\npgbfnc_bb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll
FF - ExtSQL: 2013-03-25 12:12; {1280606b-2510-4fe0-97ef-9b5a22eafe30}; C:\Users\Fernando\AppData\Roaming\Mozilla\Firefox\Profiles\qbgmm2e7.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;C:\Windows\System32\drivers\avc3.sys [2013-5-13 718840]
R0 fltsrv;Acronis Storage Filter Management;C:\Windows\System32\drivers\fltsrv.sys [2012-11-4 155272]
R0 tib_mounter;Acronis TIB Mounter;C:\Windows\System32\drivers\tib_mounter.sys [2012-11-4 1093256]
R0 vididr;Acronis Virtual Disk;C:\Windows\System32\drivers\vididr.sys [2012-11-4 228488]
R0 vidsflt;Acronis Disk Storage Filter;C:\Windows\System32\drivers\vidsflt.sys [2012-11-4 166024]
R0 vsock;vSockets Driver;C:\Windows\System32\drivers\vsock.sys [2013-1-1 70296]
R1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2013-5-13 103504]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-3-16 283200]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]
R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-11-4 3696632]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-3-9 235520]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-12-12 661504]
R2 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2013-4-19 393032]
R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2013-4-19 70984]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2013-4-19 384840]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-1-13 135952]
R2 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fb_inet_server.exe [2013-2-7 3727360]
R2 Freemake Improver;Freemake Improver;C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2012-7-1 96768]
R2 HPSIService;HP SI Service;C:\Windows\System32\HPSIsvc.exe [2011-8-8 127800]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-7-31 13336]
R2 MBAMScheduler;MBAMScheduler;D:\Programas\Virus\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-5-12 418376]
R2 MBAMService;MBAMService;D:\Programas\Virus\Malwarebytes' Anti-Malware\mbamservice.exe [2013-5-12 701512]
R2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2013-3-25 121144]
R2 MyEpson Portal Service;MyEpson Portal Service;C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe [2012-10-1 696320]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2013-3-5 70152]
R2 OS Selector;Acronis OS Selector activator;D:\Programas\Disk Director\OSS\reinstall_svc.exe [2010-5-25 2139400]
R2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2013-4-14 65657]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\Cyberlink\Shared files\RichVideo64.exe [2013-4-3 390672]
R2 syncagentsrv;Acronis Sync Agent Service;C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2012-8-18 7017888]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-7-31 2656280]
R2 UPDATESRV;Bitdefender Desktop Update Service;D:\Programas\Bitdefender\Bitdefender 2013\updatesrv.exe [2013-5-13 68856]
R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2012-7-2 550080]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-10-11 918680]
R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2012-11-4 367200]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-12-12 195072]
R3 avchv;avchv Function Driver;C:\Windows\System32\drivers\avchv.sys [2013-5-13 261056]
R3 avckf;avckf;C:\Windows\System32\drivers\avckf.sys [2013-5-13 593144]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-4-14 54824]
R3 gzflt;gzflt;C:\Windows\System32\drivers\gzflt.sys [2013-5-13 147232]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-1-5 317440]
R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2012-3-8 12289472]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2012-4-19 25528]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-5-12 25928]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-4-17 82432]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-4-17 181760]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-7-31 425064]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2011-7-31 12032]
R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2012-1-13 1256040]
R3 WinRing0_1_2_0;WinRing0_1_2_0;D:\Jogos\ThrottleStop_400\WinRing0x64.sys [2012-3-10 14544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2011-12-12 195072]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2011-8-8 36328]
S3 anvsnddrv;AnvSoft Virtual Sound Device;C:\Windows\System32\drivers\anvsnddrv.sys [2012-2-14 33872]
S3 ATSwpWDF;AuthenTec TruePrint WBF Driver;C:\Windows\System32\drivers\ATSwpWDF.sys [2011-1-27 894240]
S3 bdsandbox;bdsandbox;C:\Windows\System32\drivers\bdsandbox.sys [2013-5-13 82384]
S3 CYUSB;Cypress Generic USB Driver;C:\Windows\System32\drivers\CYUSB.sys [2012-4-3 47104]
S3 DAdderFltr;DeathAdder Mouse;C:\Windows\System32\drivers\dadder.sys [2012-4-10 12672]
S3 danewFltr;NewDeathAdder Mouse;C:\Windows\System32\drivers\danew.sys [2012-4-10 12032]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-2-6 102936]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 FlashUSB;FlashUSB;C:\Windows\System32\drivers\FlashUSB_x64.sys [2011-8-1 19968]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2012-4-19 35256]
S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\System32\drivers\motoandroid.sys [2009-7-10 31744]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\System32\drivers\motccgp.sys [2012-6-11 22016]
S3 motccgpfl;MotCcgpFlService;C:\Windows\System32\drivers\motccgpfl.sys [2012-1-25 9728]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-1-4 340240]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-16 19456]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-7-31 329832]
S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8187.sys [2010-1-7 448512]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-8-8 125416]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-8-8 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-8-8 159208]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 t_mouse.sys;iBall Advanced Mouse;C:\Windows\System32\drivers\t_mouse.sys [2009-4-16 25088]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2012-11-16 29696]
S3 TFsExDisk;TFsExDisk;C:\Windows\System32\drivers\TFsExDisk.sys [2011-8-8 16448]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-16 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-16 30208]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 VKbms;Razer Gaming Device;C:\Windows\System32\drivers\VKbms.sys [2012-4-3 13312]
.
=============== File Associations ===============
.
FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
FileExt: .js: Applications\notepad.exe=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-05-13 13:32:21 76944 ----a-w- C:\Windows\System32\drivers\bdvedisk.sys
2013-05-13 13:17:03 678710 ----a-w- C:\ProgramData\1368448871.bdinstall.bin
2013-05-13 13:00:40 -------- d-----w- C:\ProgramData\BDLogging
2013-05-13 13:00:31 511328 ----a-w- C:\Windows\capicom.dll
2013-05-13 13:00:30 82384 ----a-w- C:\Windows\System32\drivers\bdsandbox.sys
2013-05-13 13:00:27 718840 ----a-w- C:\Windows\System32\drivers\avc3.sys
2013-05-13 13:00:27 593144 ----a-w- C:\Windows\System32\drivers\avckf.sys
2013-05-13 13:00:27 261056 ----a-w- C:\Windows\System32\drivers\avchv.sys
2013-05-13 12:46:31 -------- d-----w- C:\Users\Fernando\AppData\Roaming\Bitdefender
2013-05-13 12:46:23 -------- d-----w- C:\ProgramData\Bitdefender
2013-05-13 12:44:56 -------- d-----w- C:\Users\Fernando\AppData\Roaming\QuickScan
2013-05-13 12:42:01 147232 ----a-w- C:\Windows\System32\drivers\gzflt.sys
2013-05-13 12:41:57 350160 ----a-w- C:\Windows\System32\drivers\trufos.sys
2013-05-13 12:36:02 -------- d-----w- C:\Program Files\Common Files\Bitdefender
2013-05-12 23:23:12 -------- d-----w- C:\$RECYCLE.BIN
2013-05-12 22:10:46 98816 ----a-w- C:\Windows\sed.exe
2013-05-12 22:10:46 256000 ----a-w- C:\Windows\PEV.exe
2013-05-12 22:10:46 208896 ----a-w- C:\Windows\MBR.exe
2013-05-12 21:23:20 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-05-12 18:46:53 9317456 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{79C2DD2C-DDFE-489A-94D6-E7087C01E411}\mpengine.dll
2013-05-12 18:26:41 -------- d-sh--w- C:\Users\Fernando\AppData\Roaming\5c25
2013-05-12 18:19:45 -------- d-----w- C:\ProgramData\Kaspersky Lab
2013-05-12 00:59:10 -------- d-----w- C:\Program Files (x86)\BlueStacks
2013-05-12 00:58:53 -------- d-----w- C:\ProgramData\BlueStacksSetup
2013-05-12 00:58:53 -------- d-----w- C:\ProgramData\BlueStacks
2013-05-08 13:44:22 -------- d-----w- C:\Users\Fernando\AppData\Roaming\Subversion
2013-05-08 13:43:20 -------- d-----w- C:\Users\Fernando\AppData\Local\Embarcadero
2013-05-08 13:33:14 -------- dc-h--w- C:\ProgramData\{EDA307AA-B5A4-4524-B840-2914497A9C3C}
2013-05-08 13:31:54 -------- d-----w- C:\Program Files (x86)\Common Files\CodeGear Shared
2013-05-08 13:31:54 -------- d-----w- C:\Program Files (x86)\Common Files\Borland Shared
2013-05-08 13:31:53 -------- d-----w- C:\Users\Fernando\AppData\Roaming\Embarcadero
2013-05-08 13:31:53 -------- d-----w- C:\ProgramData\Embarcadero
2013-05-08 13:14:42 -------- d--h--w- C:\ProgramData\{46A13B26-D605-4DC3-8770-D0F4A0C3565D}
2013-05-06 23:32:38 -------- d-----w- C:\Users\Fernando\AppData\Local\Help
2013-05-06 23:32:02 9216 ----a-w- C:\Windows\SysWow64\ftlx0411.dll
2013-05-06 23:32:02 9216 ----a-w- C:\Windows\System32\ftlx0411.dll
2013-05-06 23:32:02 195072 ----a-w- C:\Windows\SysWow64\ftsrch.dll
2013-05-06 23:32:02 195072 ----a-w- C:\Windows\System32\ftsrch.dll
2013-05-06 23:32:02 10240 ----a-w- C:\Windows\SysWow64\ftlx041e.dll
2013-05-06 23:32:02 10240 ----a-w- C:\Windows\System32\ftlx041e.dll
2013-05-06 23:32:01 296960 ----a-w- C:\Windows\winhlp32.exe
2013-05-06 23:18:39 -------- d-----w- C:\Users\Fernando\.borland
2013-05-06 23:11:06 327168 ----a-w- C:\Windows\IsUninst.exe
2013-05-06 22:54:46 177152 ----a-w- C:\Windows\SysWow64\ibinstall.dll
2013-05-06 22:54:44 376832 ----a-w- C:\Windows\SysWow64\gds32.dll
2013-05-06 22:54:44 28672 ----a-w- C:\Windows\SysWow64\ibxml.dll
2013-05-06 22:54:43 430080 ----a-w- C:\Windows\SysWow64\ibmgr.cpl
2013-05-03 16:16:08 -------- d-----w- C:\Users\Fernando\AppData\Local\bcWebCam
2013-04-24 00:14:54 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-18 17:35:40 -------- d-----w- C:\Eternita
2013-04-18 17:32:47 -------- d-----w- C:\Temp
2013-04-17 14:24:49 -------- d-----w- C:\ESTETICA
2013-04-15 00:23:52 -------- d-----w- C:\Users\Fernando\AppData\Roaming\Motorola Mobility
2013-04-15 00:23:48 -------- d-----w- C:\Program Files (x86)\Motorola Mobility
2013-04-15 00:23:48 -------- d-----w- C:\Program Files (x86)\Motorola
2013-04-15 00:23:48 -------- d-----w- C:\Program Files (x86)\Common Files\MSSoap
2013-04-15 00:23:21 -------- d-----w- C:\Program Files\Motorola Inc
2013-04-15 00:23:21 -------- d-----w- C:\Program Files\Common Files\Motorola Shared
2013-04-15 00:22:48 -------- d-----w- C:\Users\Fernando\AppData\Roaming\Motorola
.
==================== Find3M ====================
.
2013-05-02 05:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-11 21:50:17 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-11 21:50:17 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-04-04 08:35:05 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe
2013-03-17 00:53:11 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2013-03-12 23:46:37 861088 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2013-03-12 23:46:37 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-03-05 04:10:56 70152 ----a-w- C:\Windows\SysWow64\NLSSRV32.EXE
2013-03-01 03:36:04 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-02-21 10:30:16 1766912 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-02-21 10:29:39 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-02-21 10:29:37 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-02-21 10:29:37 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-02-21 10:15:07 2240512 ----a-w- C:\Windows\System32\wininet.dll
2013-02-21 10:14:09 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-02-21 10:14:05 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-02-21 10:14:05 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-02-19 12:01:03 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-02-19 11:42:14 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-02-19 11:10:53 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-02-19 10:51:18 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
.
============= FINISH: 14:31:21,63 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 31/07/2011 19:42:10
System Uptime: 13/05/2013 09:39:27 (5 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: Intel® Core™ i5-2520M CPU @ 2.50GHz | N/A | 2501/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 55 GiB total, 10,501 GiB free.
D: is FIXED (NTFS) - 374 GiB total, 17,509 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 37 GiB total, 18,934 GiB free.
G: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Smart Card
Device ID: SCFILTER\CID_8031E0554245524753\7&1C1D9FAA&0&VASCO_DP905V1.1_0_SCFILTER_CID_8031E0554245524753
Manufacturer:
Name: Smart Card
PNP Device ID: SCFILTER\CID_8031E0554245524753\7&1C1D9FAA&0&VASCO_DP905V1.1_0_SCFILTER_CID_8031E0554245524753
Service:
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: sensorsview
Device ID: ROOT\LEGACY_SENSORSVIEW\0000
Manufacturer:
Name: sensorsview
PNP Device ID: ROOT\LEGACY_SENSORSVIEW\0000
Service: sensorsview
.
==== System Restore Points ===================
.
RP645: 13/05/2013 13:18:50 - Windows Update
.
==== Installed Programs ======================
.
3DMark Vantage
3DMark06
ABBYY FineReader 9.0 Sprint
Absolute Uninstaller 2.9.0.722
Acronis Disk Director Home
Active@ KillDisk Professional Suite
Adobe Audition CS6
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Manager
Adobe Reader XI (11.0.02)
Advertising Center
Alps Pointing-device for VAIO
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
Any Video Converter Ultimate 4.3.4
ArcSoft WebCam Companion 4
µTorrent
Audacity 2.0.3
AuthenTec WinBio FingerPrint Software
AVS Audio Editor 7.1
AVS Video Converter 8
BatteryBar (remove only)
bcWebCam
Bitdefender Antivirus Plus 2013
BlueStacks App Player
BlueStacks Notification Center
Bullzip PDF Printer 8.2.0.1406
BurnAware Free 6.0
Carbon
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Profiles Mobile
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
CheckerBoard 1.70
Compatibility Pack for the 2007 Office system
ConvertXtoDVD 4.1.19.365
CSVed 2.1.4
CyberLink PowerDirector 11
DAEMON Tools Lite
DepositFiles FileManager 0.9.9.206
Diagnóstico da ventoinha da CPU do VAIO
DolbyFiles
DVD Shrink 3.2
Embarcadero RAD Studio XE2
Epson Event Manager
EPSON K100 Series Printer Uninstall
EPSON K300 Series Printer Uninstall
EPSON Scan
EpsonNet Print
EpsonNet Setup 3.3
Eraser 6.0.9.2343
Firebird 2.5.0.26074 (Win32)
Fraps
Freemake Video Converter version 3.0.2
Glary Undelete 1.8.0.468
Google Chrome
Google Talk (remove only)
Hewlett-Packard ACLM.NET v1.1.0.0
HP LaserJet Professional P1100-P1560-P1600 Series
HP Product Detection
HWiNFO64 Version 3.95
IBM SPSS Statistics 19
ImagXpress
inSSIDer
inSSIDer 3
Intel PROSet Wireless
Intel® Display Audio Driver
Intel® Management Engine Components
Intel® Rapid Storage Technology
Intel® WiDi
Intel® Wireless Display
InterBase 6.5
Java 7 Update 21
Java Auto Updater
Junk Mail filter update
K-Lite Codec Pack 9.1.0 (Standard)
KLS Mail Backup 1.9.8.0
LAME v3.99.3 (for Windows)
MajorWare PDF To Excel Converter
Malwarebytes Anti-Malware version 1.75.0.1300
Media Player Classic - Home Cinema 1.6.1.4235 x64
Menu Templates - Starter Kit
Messenger Plus!
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Document Explorer 2008
Microsoft Office 2003 Proofing Tools
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual J# 2.0 Redistributable Package
Motorola Device Manager
Motorola Device Software Update
Motorola Mobile Drivers Installation 6.0.0
Movie Templates - Starter Kit
Mozilla Firefox 20.0.1 (x86 en-US)
Mozilla Maintenance Service
MP3 Skype Recorder
MSI to redistribute MS VS2005 CRT libraries
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2758694)
MyEpson Portal
Nero 9
Nero BurningROM
Nero BurnRights
Nero ControlCenter
Nero DiscSpeed
Nero Express
Nero InfoTool
Nero Installer
Nero StartSmart
Nero StartSmart Help
NeroBurningROM
NeroExpress
neroxml
Network Switcher
Newblue Art Effects for PowerDirector
Orçamento Fácil 12 Free
pdfsam
PowerDirector
PX Profile Update
Ralink RT2870 Wireless LAN Card
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
Recuva
Renesas Electronics USB 3.0 Host Controller Driver
SAMSUNG USB Driver for Mobile Phones
Sapphire TRIXX
SeaTools for Windows
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Skype™ 6.3
Software Intel® PROSet/Wireless WiFi
SPL De-Verb 1.4
StarCraft II
Subtitle Workshop 2.51
tools-linux
TorrentRover beta v0.18.1
True Image 2013
True Image 2013 Plus Pack
TrueCrypt
UltraFileSearch
UNVEIL VST 1.6.0 Demo
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
VAIO Control Center
VAIO Easy Connect
VAIO Event Service
VAIO Smart Network
VAIO Update
VAIO Update Merge Module x64
VCCx86
VESx64
VESx86
VMware Player
VNC Enterprise Edition E4.6.1
VPMx64
VU5x64
Windows Driver Package - Razer (HidUsb) HIDClass (02/02/2007 1.0.5.0)
Windows Driver Package - Sony Corporation (SFEP) HIDClass (11/27/2009 8.0.1.2)
Windows Live Communications Platform
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Media Player Firefox Plugin
WinRAR 4.01 (32-bit)
Wisdom-soft AutoScreenRecorder 3.1 Pro
Xvid Video Codec
Zan Image Printer
.
==== Event Viewer Messages From Past Week ========
.
13/05/2013 09:40:34, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sensorsview
13/05/2013 09:39:45, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error The data is invalid..
12/05/2013 21:57:31, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
12/05/2013 20:18:50, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
12/05/2013 20:11:36, Error: Service Control Manager [7034] - The Freemake Improver service terminated unexpectedly. It has done this 1 time(s).
12/05/2013 19:18:58, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
12/05/2013 18:10:51, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
12/05/2013 16:27:00, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {26A28DD1-D23A-43A0-A495-F1C3F75C49E2}. The error: "5" Happened while starting this command: C:\Windows\SysWOW64\DllHost.exe /Processid:{1EF75F33-893B-4E8F-9655-C3D602BA4897}
12/05/2013 16:25:20, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {C2BFE331-6739-4270-86C9-493D9A04CD38}. The error: "5" Happened while starting this command: C:\Windows\system32\igfxsrvc.exe -Embedding
12/05/2013 16:11:45, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {FE9617F6-E606-42AA-BECC-0E9CDA246D63}. The error: "5" Happened while starting this command: C:\Windows\system32\igfxsrvc.exe -Embedding
12/05/2013 16:11:44, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {C332C124-340D-4430-AA0D-C75602876FCC}. The error: "5" Happened while starting this command: C:\Windows\system32\igfxsrvc.exe -Embedding
12/05/2013 16:11:44, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}. The error: "5" Happened while starting this command: C:\Windows\system32\igfxsrvc.exe -Embedding
12/05/2013 16:08:58, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}. The error: "5" Happened while starting this command: C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
12/05/2013 15:42:37, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706be: Definition Update for Windows Defender - KB915597 (Definition 1.149.1652.0).
12/05/2013 15:39:25, Error: Service Control Manager [7031] - The Firebird Server - DefaultInstance service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
12/05/2013 15:39:07, Error: Service Control Manager [7034] - The EpsonBidirectionalService service terminated unexpectedly. It has done this 1 time(s).
12/05/2013 15:38:36, Error: Service Control Manager [7034] - The Avira Real-Time Protection service terminated unexpectedly. It has done this 6 time(s).
12/05/2013 15:37:49, Error: Service Control Manager [7034] - The Avira Real-Time Protection service terminated unexpectedly. It has done this 5 time(s).
12/05/2013 15:37:21, Error: Service Control Manager [7034] - The Avira Real-Time Protection service terminated unexpectedly. It has done this 4 time(s).
12/05/2013 15:27:03, Error: Service Control Manager [7034] - The Avira Real-Time Protection service terminated unexpectedly. It has done this 3 time(s).
12/05/2013 15:27:02, Error: Service Control Manager [7031] - The Avira Real-Time Protection service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
12/05/2013 15:27:01, Error: Service Control Manager [7034] - The VAIO Power Management service terminated unexpectedly. It has done this 1 time(s).
12/05/2013 15:27:01, Error: Service Control Manager [7031] - The Avira Real-Time Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
12/05/2013 15:14:46, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
09/05/2013 20:10:39, Error: Microsoft-Windows-Smartcard-Server [610] - Smart Card Reader 'VASCO DP905v1.1 0' rejected IOCTL GET_STATE: The I/O operation has been aborted because of either a thread exit or an application request. If this error persists, your smart card or reader may not be functioning correctly. Command Header: XX XX XX XX
06/05/2013 19:54:43, Error: Service Control Manager [7030] - The InterBase Server service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
06/05/2013 19:54:43, Error: Service Control Manager [7030] - The InterBase Guardian service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
.
==== End Of File ===========================

Attached Files


Edited by Oh My, 17 May 2013 - 11:07 AM.
Posted logs


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 16,039 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:24 PM

Posted 17 May 2013 - 11:06 AM

Greetings gauchotche and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me some time to review the information you have provided and I will reply as soon as possible.
Regards,
Gary

If I do not respond to you within 24 hours of your post please send me a Personal Message .


"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 16,039 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:24 PM

Posted 17 May 2013 - 11:40 AM

Hi gauchotche,

Thank you for your continued patience. Please run this for me.

===================================================

RogueKiller by Tigzy

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • For Vista/7 users right click on the icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • When prompted, Click Scan
  • When the Status box shows Scan Finished click Delete
  • Click Report
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it winlogon.exe (or winlogon.com) and try again
  • Copy and paste the contents of the report in your reply
===================================================

Unhide

--------------------
  • Please download Unhide to your desktop
  • Double click the icon
  • Once the program has completed a Windows alert will be displayed stating your files have been restored
  • Please reboot your computer
  • If the issues is not resolved please run the program a second time
  • Please copy and paste the contents of the Unhide.txt document which will be created on your desktop
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • RogueKiller log
  • Unhide log

Regards,
Gary

If I do not respond to you within 24 hours of your post please send me a Personal Message .


"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 gauchotche

gauchotche
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:24 PM

Posted 17 May 2013 - 12:04 PM

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Fernando [Admin rights]
Mode : Remove -- Date : 05/17/2013 13:50:08
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 9 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST95005620AS +++++
--- User ---
[MBR] 332b88865f8caec2e461b522636da9e1
[BSP] 965b7c84398fcc64766165e18d9d0035 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 56058 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 115013632 | Size: 383138 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 899680256 | Size: 37642 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_05172013_02d1350.txt >>
RKreport[1]_S_05172013_02d1347.txt ; RKreport[2]_D_05172013_02d1350.txt


 

Unhide by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
  http://www.bleepingcomputer.com/forums/topic405109.html

Program started at: 05/17/2013 01:57:48 PM
Windows Version: Windows 7

Please be patient while your files are made visible again.

Processing the C:\ drive
Finished processing the C:\ drive. 254358 files processed.

Processing the D:\ drive
Finished processing the D:\ drive. 257106 files processed.

Processing the F:\ drive
Finished processing the F:\ drive. 7 files processed.

The C:\Users\Fernando\AppData\Local\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
Start Menu shortcuts: http://www.bleepingcomputer.com/forums/topic405109.html

Searching for Windows Registry changes made by FakeHDD rogues.
 - Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
 - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
 - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
 - Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
  * Start_TrackDocs was set to 0! It was set back to 1!

Program finished at: 05/17/2013 02:03:32 PM
Execution time: 0 hours(s), 5 minute(s), and 43 seconds(s)

 

thanks



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 16,039 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:24 PM

Posted 17 May 2013 - 12:08 PM

Greetings,

Can you tell me if you notice any changes with your computer? Please describe.
Regards,
Gary

If I do not respond to you within 24 hours of your post please send me a Personal Message .


"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 gauchotche

gauchotche
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:24 PM

Posted 17 May 2013 - 12:10 PM

It's like i've said, I believe I have removed the damn virus. Just which to be a 100% sure. Because it was like a manual removal. Do you know what virus is that one?



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 16,039 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:24 PM

Posted 17 May 2013 - 12:13 PM

Sorry, let me just clarify. When you say you have cleaned your computer do you mean the virus is gone and you have resolved all the symptoms you listed?


Regards,
Gary

If I do not respond to you within 24 hours of your post please send me a Personal Message .


"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 gauchotche

gauchotche
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:24 PM

Posted 17 May 2013 - 03:24 PM

Sorry, let me just clarify. When you say you have cleaned your computer do you mean the virus is gone and you have resolved all the symptoms you listed?

Yes I've fixed the symptoms, but since this virus was very smart (after a few seconds of infection it simple removed all of my folder/files access rights, so I couldn't use anything in the computer) I would like an expert (this is you) opinion if it's really gone. And also just for cusiosity what is the name of the virus and how it works? what I remember is the antivirus saying something with ".GEN"



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 16,039 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:24 PM

Posted 17 May 2013 - 05:24 PM

OK, sorry I misunderstood. Without actually seeing the information that was removed it is difficult to say what you were infected with. Your logs look good but let's run a couple of scans. In addition, I would like to caution you about a program on your computer.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Rerun Malwarebytes (MBAM)

--------------------

Temporarily disable your antivirus program.
  • Please locate your Malwarebytes icon 1208__malwarebytes.png and launch the program
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. (If no malware was found you will not be presented with a log).
  • Click the Back button.
  • Click the Finish button.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:
  • Malwarebytes results
  • ESET results (no log if nothing found)

Regards,
Gary

If I do not respond to you within 24 hours of your post please send me a Personal Message .


"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 16,039 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:24 PM

Posted 20 May 2013 - 08:35 PM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Regards,
Gary

If I do not respond to you within 24 hours of your post please send me a Personal Message .


"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 gauchotche

gauchotche
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:24 PM

Posted 21 May 2013 - 07:42 AM

One more thing, how to clean infected pendrives, SD cards?



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 16,039 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:24 PM

Posted 21 May 2013 - 08:36 AM

You can scan them with Malwarebytes. Click on full scan and then place a checkmark in the additional drives.

You can also scan with ESET. On the computer scan settings screen click on Advanced Settings, Current scan targets: Change.., then place a checkmark in the additional drives.

 

Please let me know the results so we may wrap up the topic once we know you are all set.


Regards,
Gary

If I do not respond to you within 24 hours of your post please send me a Personal Message .


"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 gauchotche

gauchotche
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:24 PM

Posted 21 May 2013 - 08:38 AM

Is it safe to stick the pendrive in the computer? because that was how I've got infected.



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 16,039 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:24 PM

Posted 21 May 2013 - 08:43 AM

Cross contamination between a pendrive and another computer can occur by manually transferring or launching files from the pendrive or by an autorun infection whereby when the pendrive is inserted the malicious software automatically launches.  You can control the first method of infection by being careful.  Here is how we guard against the potential for an autorun related infection.
 
===================================================

Panda USB Vaccine

--------------------

From a clean computer, please download and use Panda USB Vaccine

Alternate download link 1
Alternate download link 2

  • Double-click on USBVaccineSetup.exe to install the program to C:\Program Files\Panda USB Vaccine.
  • Read and accept the license agreement, then click Next.
  • When setup completes, make sure "Launch Panda USB Vaccine" is checked and click Finish to open the program.
  • Click the Vaccinate computer button. It should now show a green checkmark and confirm Computer vaccinated.
  • Hold down the Shift key and insert your USB flash drive.
  • When the name of the drive appears in the dialog box, click the button to Vaccinate USB drive(s).
  • Exit the program when done
Note: Computer Vaccination will prevent any AutoRun file from running, regardless of whether the removable device is infected or not. USB Vaccination disables the autorun file so it cannot be read, modified or replaced and creates an AUTORUN_.INF as protection against malicious code. The Panda Resarch Blog advises that once USB drives have been vaccinated, they cannot be reversed except with a format. If you do this, be sure to back up your data files first or they will be lost during the formatting process.

Edited by Oh My, 21 May 2013 - 08:44 AM.

Regards,
Gary

If I do not respond to you within 24 hours of your post please send me a Personal Message .


"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 16,039 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:24 PM

Posted 23 May 2013 - 08:07 AM

Greetings,

How are things going?
Regards,
Gary

If I do not respond to you within 24 hours of your post please send me a Personal Message .


"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users