Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32/Alureon infection according to cbl.abuseat


  • This topic is locked This topic is locked
17 replies to this topic

#1 nille1

nille1

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:23 AM

Posted 10 March 2012 - 07:03 AM

Hi,

My IP-address have been listed at cbl.abuseat.org and they state that the computer is infected and now I can't send e-mails.

"This IP is infected with, or is NATting for a machine infected with the Win32/Alureon (Microsoft) rootkit or one of its derivitives." they say.

I've tried using avast, tdsskiller and norton power eraser but neither could detect it.

My wireless network have been strange lately, often not working for a few minutes. Have no idea if that is related though. Other than that, the only problem I've had is not being able to send e-mails.

DDS worked properly but gmer didn't. The first time I tried it I got blue screen a few minutes in. The second time I tried it worked but seemed to be running really slow after a while. 4 or 5 hours in I had to turn it off as I was going to bed. Tried it twice again today, and the blue screen appered the first time and the second time the gmer.exe stopped working.

I attached the log from the gmer 5 hour run in case you have use for it anyway. I don't know how complete it is.

Thanks in advance, I really appreciate the work you guys do.

nille1



.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Lotta at 20:40:38 on 2012-03-09
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.46.1053.18.3036.1173 [GMT 1:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\ASUS\SmartLogon\smartlogon.exe
C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program files\P4G\BatteryLife.exe
C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe
C:\Program Files\ASUS\ATK Hotkey\HControl.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\ACEngSvr.exe
C:\Program Files\ASUSTek\ASUSDVD 8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\VIA\VIAudioi\VDeck\VDECK.EXE
C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Windows\AsScrPro.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Personal\bin\Personal.exe
C:\Program Files\ASUS\ATK Hotkey\WDC.exe
C:\Users\Lotta\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Companion\companionuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
uInternet Settings,ProxyOverride = *.local
BHO: Länkhjälp till Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [DisableS3S4] c:\DisableS3S4.cmd
mRun: [RemoteControl8] "c:\program files\asustek\asusdvd 8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "c:\program files\asustek\asusdvd 8\language\Language.exe"
mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"
mRun: [P2Go_Menu] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [HDAudDeck] c:\program files\via\viaudioi\vdeck\VDeck.exe -r
mRun: [AmIcoSinglun] c:\program files\amicosinglun\AmIcoSinglun.exe
mRun: [HControlUser] c:\program files\asus\atk hotkey\HControlUser.exe
mRun: [ATKOSD2] c:\program files\asus\atkosd2\ATKOSD2.exe
mRun: [ATKMEDIA] c:\program files\asus\atk media\DMedia.exe
mRun: [ADSMTray] c:\program files\asus\asus data security manager\ADSMTray.exe
mRun: [ACMON] c:\program files\asus\splendid\ACMON.exe
mRun: [Wireless Console 3] c:\program files\asus\wireless console 3\wcourier.exe
mRun: [ASUS Screen Saver Protector] c:\windows\AsScrPro.exe
mRun: [ASUS Camera ScreenSaver] c:\windows\AsScrProlog.exe
mRun: [ETDWare] c:\program files\elantech\ETDCtrl.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PMBVolumeWatcher] c:\program files\sony\pmb\PMBVolumeWatcher.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\users\lotta\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\lotta\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bankid~1.lnk - c:\program files\personal\bin\Personal.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\fancys~1.lnk - c:\windows\installer\{567c654b-7fe9-4970-8323-56e8191d1941}\_71A97E24F422AA49EDBF39.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportera till Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\programs\partygaming\partypoker\RunApp.exe
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://service.futuremark.com/gom/receiver/tc/FMSI.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{531EF7A4-A2AA-47A7-9F5B-2C68D0FA1D11} : DhcpNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
LSA: Notification Packages = scecli c:\program files\asus\asus data security manager\ASPWDFLT
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 lullaby;lullaby;c:\windows\system32\drivers\lullaby.sys [2009-6-18 15416]
R0 SMR250;Symantec SMR Utility Service 2.5.0;c:\windows\system32\drivers\SMR250.SYS [2012-3-9 83064]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-9-29 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-9-29 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-9-29 20696]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-9-29 57688]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-9-29 44768]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2009-10-24 360224]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [2009-3-13 140800]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [2009-6-18 230952]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-3-20 984064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ca8879228d050;Tjänsten Google Update (gupdate1ca8879228d050);c:\program files\google\update\GoogleUpdate.exe [2009-12-29 133104]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\norton internet security\engine\16.0.0.125\ccsvchst.exe" /s "norton internet security" /m "c:\program files\norton internet security\engine\16.0.0.125\dimaster.dll" /prefetch:1 --> c:\program files\norton internet security\engine\16.0.0.125\ccSvcHst.exe [?]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-21 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
S3 gupdatem;Tjänsten Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-29 133104]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-03-09 17:08:30 83064 ----a-w- c:\windows\system32\drivers\SMR250.SYS
2012-03-09 17:08:23 -------- d-----w- c:\users\lotta\appdata\local\NPE
2012-03-09 12:41:26 6552120 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{6f381ede-501c-4fc3-998b-0675ae45cde6}\mpengine.dll
2012-03-09 12:37:11 -------- d-----w- c:\users\lotta\appdata\local\{298238EA-EE94-4CE9-815A-EB2C4EDF2A39}
2012-03-09 12:37:01 -------- d-----w- c:\users\lotta\appdata\local\{DD69755D-184B-41F5-A65C-B2B83FD67809}
2012-03-08 15:29:36 -------- d-----w- c:\users\lotta\appdata\local\{4ADC7625-79F5-462B-BE98-6C38FF848897}
2012-03-08 15:29:22 -------- d-----w- c:\users\lotta\appdata\local\{BFE5252D-9576-4B6C-99FC-D65BD3C30FD3}
2012-03-07 17:32:45 -------- d-----w- c:\users\lotta\appdata\local\{BEB5967B-1BEC-493F-9EEB-AAC5ABF4844D}
2012-03-07 17:32:05 -------- d-----w- c:\users\lotta\appdata\local\{8534E8F5-94BA-4FAA-A44B-F6798F25B492}
2012-03-06 05:58:23 -------- d-----w- c:\users\lotta\appdata\local\{60D3FE0A-686C-4505-8556-D0D29BCF56B6}
2012-03-06 05:57:49 -------- d-----w- c:\users\lotta\appdata\local\{FBC20B4B-5D84-4A50-AC12-C9349B1B58FD}
2012-03-05 13:58:23 -------- d-----w- c:\users\lotta\appdata\local\{B921AEDF-E4F1-4221-A5FC-1E3CFF5AD73F}
2012-03-05 13:57:57 -------- d-----w- c:\users\lotta\appdata\local\{DF886480-2270-408C-8319-B9F3D25E71C9}
2012-03-04 09:48:09 -------- d-----w- c:\users\lotta\appdata\local\{5B60384C-FD52-44EF-9898-C7399B82A83C}
2012-03-04 09:47:58 -------- d-----w- c:\users\lotta\appdata\local\{A2754C54-7186-4DA1-83A4-53942072C3CE}
2012-03-03 21:47:32 -------- d-----w- c:\users\lotta\appdata\local\{DCAC0347-95B3-4C02-940C-742A267AB665}
2012-03-03 09:46:49 -------- d-----w- c:\users\lotta\appdata\local\{F05857B5-5063-4D11-A23E-BE98AB0C0CD6}
2012-03-03 09:46:16 -------- d-----w- c:\users\lotta\appdata\local\{5E6016E0-3D7A-4C4A-8993-08A9E7E5E04F}
2012-03-02 11:34:28 -------- d-----w- c:\users\lotta\appdata\local\{FC9CD08E-9C5C-48D5-968F-3CE330FB5F09}
2012-03-02 11:33:53 -------- d-----w- c:\users\lotta\appdata\local\{A7B00C4B-DCF0-44C1-A8F2-682490E9D02B}
2012-03-01 21:32:42 -------- d-----w- c:\users\lotta\appdata\local\{AF22FA47-B0C6-40EB-938F-6EF7165CC77C}
2012-03-01 21:32:31 -------- d-----w- c:\users\lotta\appdata\local\{F4BB6F36-A87F-419D-A9B3-B0231DE95B07}
2012-03-01 09:32:05 -------- d-----w- c:\users\lotta\appdata\local\{1D13254D-65F8-4C65-A557-A572CA5EF7B1}
2012-03-01 09:31:55 -------- d-----w- c:\users\lotta\appdata\local\{DCE45131-8867-459F-AE4D-3B8F00E2DD8F}
2012-02-29 11:28:13 -------- d-----w- c:\users\lotta\appdata\local\{5A5BBF11-65F6-439F-A534-738C39CB3406}
2012-02-29 11:27:39 -------- d-----w- c:\users\lotta\appdata\local\{AE0C5A86-CC8C-4A02-85A0-FDD6834CAAED}
2012-02-28 06:37:27 -------- d-----w- c:\users\lotta\appdata\local\{38610488-9B04-4710-AA21-885E2FA777F7}
2012-02-28 06:36:55 -------- d-----w- c:\users\lotta\appdata\local\{BC5FCBBE-E095-4616-A401-4CC40AB8426E}
2012-02-27 13:07:15 -------- d-----w- c:\users\lotta\appdata\local\{859B5BDB-5D64-41C8-9496-4CFCE501ACD0}
2012-02-27 13:07:04 -------- d-----w- c:\users\lotta\appdata\local\{46865987-D323-429F-9C78-1D23F0B7384B}
2012-02-26 08:43:36 -------- d-----w- c:\users\lotta\appdata\local\{15B70E85-B249-4F9A-879E-F1E548AA16A1}
2012-02-26 08:43:06 -------- d-----w- c:\users\lotta\appdata\local\{7D711EBC-13EF-443D-8DE6-8F960CFBD667}
2012-02-25 20:27:15 -------- d-----w- c:\users\lotta\appdata\local\{454A8C18-B450-45AE-A1A3-8659EB5CAD70}
2012-02-25 08:26:27 -------- d-----w- c:\users\lotta\appdata\local\{736DE2C0-A80B-4DC0-85F2-39C732510F5D}
2012-02-25 08:25:59 -------- d-----w- c:\users\lotta\appdata\local\{B9199A74-AD46-4ADB-AC9E-0A6DE7583253}
2012-02-24 06:22:00 -------- d-----w- c:\users\lotta\appdata\local\{7EDC621C-5BC9-4018-93B9-9AF742DEF13C}
2012-02-24 06:21:36 -------- d-----w- c:\users\lotta\appdata\local\{85B29475-E9CE-4031-A821-3992E9BF48A8}
2012-02-23 13:28:53 -------- d-----w- c:\users\lotta\appdata\local\{0CA6797C-8248-4C69-9DA5-C99C90FB8865}
2012-02-23 13:28:42 -------- d-----w- c:\users\lotta\appdata\local\{EC360B5D-EA7C-421D-9F46-943861E9EF8E}
2012-02-22 09:44:32 -------- d-----w- c:\users\lotta\appdata\local\{719E19F3-FAFB-4C2D-AD64-7A9232C4D8A0}
2012-02-22 09:44:08 -------- d-----w- c:\users\lotta\appdata\local\{0B7A6C7F-BFFE-4155-B86A-A3AA23145642}
2012-02-21 14:01:38 -------- d-----w- c:\users\lotta\appdata\local\{283667E2-027B-4D9A-B383-221536295B34}
2012-02-21 14:01:23 -------- d-----w- c:\users\lotta\appdata\local\{45D4522B-9D7D-41AD-AE3E-017AE52D73D7}
2012-02-20 12:37:40 -------- d-----w- c:\users\lotta\appdata\local\{091AAA4F-03EF-4903-B21B-48E4B03BCE7B}
2012-02-20 12:37:17 -------- d-----w- c:\users\lotta\appdata\local\{30465C4E-6609-4B8D-BA47-8D6180DC2EDB}
2012-02-19 18:24:01 -------- d-----w- c:\users\lotta\appdata\local\{307CCD38-35A4-4ED1-9E61-E2C85EFBE93B}
2012-02-19 06:23:36 -------- d-----w- c:\users\lotta\appdata\local\{9C3EBEA6-51C1-4E8B-8AF0-FA1A21E8F5E6}
2012-02-19 06:22:41 -------- d-----w- c:\users\lotta\appdata\local\{20028F39-4CBA-4C27-BE4A-F20CE2AEBC2B}
2012-02-17 12:54:20 -------- d-----w- c:\users\lotta\appdata\local\{9C505D8C-A1C7-4F97-9E56-18D885D7ABA9}
2012-02-17 12:54:09 -------- d-----w- c:\users\lotta\appdata\local\{620A8E5B-077F-4545-AA49-3E5696DC2C8A}
2012-02-16 14:37:29 -------- d-----w- c:\users\lotta\appdata\local\{646FDDD9-B061-4CD3-B3C1-3DEC9090B27A}
2012-02-16 14:37:18 -------- d-----w- c:\users\lotta\appdata\local\{61892144-E1F1-4E92-A53A-8CC7D88A7A61}
2012-02-15 13:21:34 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 13:21:33 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 13:21:31 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-02-15 13:10:30 -------- d-----w- c:\users\lotta\appdata\local\{0247C0F4-8899-407B-BFFD-F5AE82951E88}
2012-02-15 13:09:34 -------- d-----w- c:\users\lotta\appdata\local\{69FBAC77-0288-48C4-9486-1E9FA17F323C}
2012-02-14 15:15:46 -------- d-----w- c:\users\lotta\appdata\local\{C88982D7-F040-4CB4-BFBB-D816A0D65634}
2012-02-14 15:14:54 -------- d-----w- c:\users\lotta\appdata\local\{B4096566-6BB8-4CD9-8C9F-990760AA8905}
2012-02-13 15:51:41 -------- d-----w- c:\users\lotta\appdata\local\{1054A39C-4632-4DE4-ADB0-64A0C03F823F}
2012-02-13 15:50:54 -------- d-----w- c:\users\lotta\appdata\local\{246DF52A-5A08-4BD9-85A0-524108B5B5DA}
2012-02-12 07:21:39 -------- d-----w- c:\users\lotta\appdata\local\{D58B4408-9120-4EFB-A681-D0D743270241}
2012-02-12 07:20:48 -------- d-----w- c:\users\lotta\appdata\local\{E40B6CAA-D8AE-4D61-9322-22CBB55A0908}
2012-02-11 07:37:56 -------- d-----w- c:\users\lotta\appdata\local\{FC5CDF3E-FB94-4253-9C64-C6C3BC240BFF}
2012-02-11 07:37:17 -------- d-----w- c:\users\lotta\appdata\local\{EAC3F06D-ABF8-4D24-88E0-41A1DBA080C1}
2012-02-10 13:31:31 -------- d-----w- c:\users\lotta\appdata\local\{27AE65AD-D765-4FFF-9B99-E301C57476F0}
2012-02-10 13:31:16 -------- d-----w- c:\users\lotta\appdata\local\{F86F9584-5A0D-4846-9B60-01467310320F}
2012-02-09 11:33:24 -------- d-----w- c:\users\lotta\appdata\local\{89C2D234-3318-4441-803D-63FF8354EBD7}
2012-02-09 11:32:48 -------- d-----w- c:\users\lotta\appdata\local\{FBBBB11F-AC56-48F6-B054-F0AEFFD4E7F6}
.
==================== Find3M ====================
.
2012-03-09 12:34:21 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-03-07 00:15:19 41184 ----a-w- c:\windows\avastSS.scr
2012-03-07 00:03:51 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-07 00:01:48 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-02-23 08:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-16 15:30:50 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-01-08 13:40:37 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-14 03:04:54 1798656 ----a-w- c:\windows\system32\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2008-12-23 20:36:14 106496 ----a-w- c:\program files\common files\CPInstallAction.dll
.
============= FINISH: 20:41:27,15 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:23 AM

Posted 13 March 2012 - 12:53 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 nille1

nille1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:23 AM

Posted 13 March 2012 - 11:20 AM

I have not used the computer since the last time I posted and I haven't noticed any new problems. The network has been working fine until today when i turned this computer on again.
I see that windows defender was running, did not know that before looking at the log. I obviously managed to fail turning it off somehow.. tell me if I should run it again without it.

Here it is if it's still worth looking at:


ComboFix 12-03-12.03 - Lotta 2012-03-13 15:30:44.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.46.1053.18.3036.1717 [GMT 1:00]
Körs från: c:\users\Lotta\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\ASPG_icon.ico
c:\windows\system\Mci32.oca
c:\windows\system32\drivers\etc\hosts.ics
.
.
(((((((((((((((((((((((( Filer skapade från 2012-02-13 till 2012-03-13 ))))))))))))))))))))))))))))))
.
.
2012-03-13 15:02 . 2012-03-13 15:04 -------- d-----w- c:\users\Lotta\AppData\Local\temp
2012-03-13 15:02 . 2012-03-13 15:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-13 14:19 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D1AF2CE8-B81C-452C-BDFC-F199C1C9A89A}\mpengine.dll
2012-03-10 11:07 . 2012-03-10 11:07 -------- d-----w- c:\users\Lotta\AppData\Local\CrashDumps
2012-03-09 17:08 . 2012-03-09 19:27 -------- d-----w- c:\users\Lotta\AppData\Local\NPE
2012-02-15 13:21 . 2011-12-14 16:17 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 13:21 . 2012-01-12 19:52 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 13:21 . 2011-12-20 10:56 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-10 10:36 . 2009-06-18 00:07 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-03-07 00:15 . 2011-09-29 19:56 41184 ----a-w- c:\windows\avastSS.scr
2012-03-07 00:15 . 2011-09-29 19:56 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-07 00:03 . 2011-09-29 19:57 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-07 00:03 . 2011-09-29 19:57 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-07 00:02 . 2011-09-29 19:57 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-07 00:01 . 2011-09-29 19:57 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-07 00:01 . 2011-09-29 19:57 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-07 00:01 . 2011-09-29 19:57 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-23 08:18 . 2009-10-03 07:30 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-16 15:30 . 2012-01-16 15:30 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-01-08 13:40 . 2011-06-02 06:15 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2008-12-23 20:36 . 2008-12-23 20:36 106496 ----a-w- c:\program files\Common Files\CPInstallAction.dll
.
.
(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* tomma poster & legitima standardposter visas inte.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Lotta\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Lotta\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Lotta\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-21 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl8"="c:\program files\ASUSTek\ASUSDVD 8\PDVD8Serv.exe" [2009-04-16 91432]
"PDVD8LanguageShortcut"="c:\program files\ASUSTek\ASUSDVD 8\Language\Language.exe" [2009-04-16 50472]
"CLMLServer"="c:\program files\Cyberlink\Power2Go\CLMLSvc.exe" [2008-07-19 104936]
"P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-03-23 17149952]
"AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2008-09-30 237568]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304]
"ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2009-03-04 8392704]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2008-12-29 159744]
"ADSMTray"="c:\program files\ASUS\ASUS Data Security Manager\ADSMTray.exe" [2008-04-01 266240]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2008-10-01 851968]
"Wireless Console 3"="c:\program files\ASUS\Wireless Console 3\wcourier.exe" [2009-02-06 1593344]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2009-06-18 3054136]
"ASUS Camera ScreenSaver"="c:\windows\AsScrProlog.exe" [2009-06-18 47672]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-03-06 424352]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-03-24 599328]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\users\Lotta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Lotta\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BankID säkerhetsprogram.lnk - c:\program files\Personal\bin\Personal.exe [2011-9-1 1087896]
FancyStart daemon.lnk - c:\windows\Installer\{567C654B-7FE9-4970-8323-56E8191D1941}\_71A97E24F422AA49EDBF39.exe [2009-6-18 12862]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Innehåll i mappen 'Schemalagda aktiviteter':
.
2012-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 11:20]
.
2012-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 11:20]
.
.
------- Extra genomsökning -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportera till Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -
.
HKLM-Run-DisableS3S4 - c:\DisableS3S4.cmd
AddRemove-DVD Decrypter - c:\program\DVDDecrypter\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-13 16:03
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\VDeck\VDeck.exe -r???????????????????????????????????????????????
.
scanning hidden files ...
.
.
C:\ADSM_PData_0150
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- DLL'er som "laddats" under processer som körs ---------------------
.
- - - - - - - > 'lsass.exe'(704)
c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT.dll
.
Sluttid: 2012-03-13 16:18:03
ComboFix-quarantined-files.txt 2012-03-13 15:17
.
Före genomsökningen: 57 487 273 984 byte ledigt
Efter genomsökningen: 60 879 806 464 byte ledigt
.
- - End Of File - - 5D2E971D4C13B7C586D35EDD6EB170E8

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:23 AM

Posted 13 March 2012 - 01:00 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 nille1

nille1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:23 AM

Posted 14 March 2012 - 09:21 AM

Hello,

Both seemed to run fine

TDSSkiller:


14:34:04.0307 1220 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
14:34:04.0352 1220 ============================================================
14:34:04.0352 1220 Current date / time: 2012/03/14 14:34:04.0352
14:34:04.0352 1220 SystemInfo:
14:34:04.0352 1220
14:34:04.0352 1220 OS Version: 6.0.6002 ServicePack: 2.0
14:34:04.0352 1220 Product type: Workstation
14:34:04.0352 1220 ComputerName: LOTTAS-DATOR
14:34:04.0352 1220 UserName: Lotta
14:34:04.0352 1220 Windows directory: C:\Windows
14:34:04.0352 1220 System windows directory: C:\Windows
14:34:04.0352 1220 Processor architecture: Intel x86
14:34:04.0352 1220 Number of processors: 2
14:34:04.0352 1220 Page size: 0x1000
14:34:04.0352 1220 Boot type: Normal boot
14:34:04.0352 1220 ============================================================
14:34:04.0802 1220 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:34:04.0805 1220 \Device\Harddisk0\DR0:
14:34:04.0806 1220 MBR used
14:34:04.0806 1220 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1770D7A, BlocksNum 0xE8E0360
14:34:04.0831 1220 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x10051119, BlocksNum 0xD173468
14:34:04.0935 1220 Initialize success
14:34:04.0935 1220 ============================================================
14:34:30.0934 1368 ============================================================
14:34:30.0934 1368 Scan started
14:34:30.0934 1368 Mode: Manual;
14:34:30.0934 1368 ============================================================
14:34:31.0471 1368 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
14:34:31.0473 1368 ACPI - ok
14:34:31.0526 1368 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
14:34:31.0534 1368 adp94xx - ok
14:34:31.0576 1368 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
14:34:31.0583 1368 adpahci - ok
14:34:31.0614 1368 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
14:34:31.0617 1368 adpu160m - ok
14:34:31.0650 1368 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
14:34:31.0654 1368 adpu320 - ok
14:34:31.0779 1368 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
14:34:31.0782 1368 AFD - ok
14:34:31.0831 1368 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
14:34:31.0833 1368 agp440 - ok
14:34:31.0879 1368 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
14:34:31.0882 1368 aic78xx - ok
14:34:31.0918 1368 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
14:34:31.0919 1368 aliide - ok
14:34:31.0964 1368 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
14:34:31.0967 1368 amdagp - ok
14:34:31.0996 1368 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
14:34:31.0997 1368 amdide - ok
14:34:32.0025 1368 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
14:34:32.0027 1368 AmdK7 - ok
14:34:32.0049 1368 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
14:34:32.0051 1368 AmdK8 - ok
14:34:32.0100 1368 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
14:34:32.0103 1368 arc - ok
14:34:32.0155 1368 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
14:34:32.0163 1368 arcsas - ok
14:34:32.0197 1368 AsDsm (104db777372411c55850c4a2ae6877ef) C:\Windows\system32\drivers\AsDsm.sys
14:34:32.0198 1368 AsDsm - ok
14:34:32.0283 1368 ASMMAP (7b4d08d2017ac06689d422e06c43f0aa) C:\Program Files\ATKGFNEX\ASMMAP.sys
14:34:32.0285 1368 ASMMAP - ok
14:34:32.0386 1368 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\Windows\system32\drivers\aswFsBlk.sys
14:34:32.0396 1368 aswFsBlk - ok
14:34:32.0444 1368 aswMonFlt (6693141560b1615d8dccf0d8eb00087e) C:\Windows\system32\drivers\aswMonFlt.sys
14:34:32.0447 1368 aswMonFlt - ok
14:34:32.0472 1368 aswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\Windows\system32\drivers\aswRdr.sys
14:34:32.0473 1368 aswRdr - ok
14:34:32.0517 1368 aswSnx (dcb199b967375753b5019ec15f008f53) C:\Windows\system32\drivers\aswSnx.sys
14:34:32.0522 1368 aswSnx - ok
14:34:32.0606 1368 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\Windows\system32\drivers\aswSP.sys
14:34:32.0609 1368 aswSP - ok
14:34:32.0780 1368 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\Windows\system32\drivers\aswTdi.sys
14:34:32.0781 1368 aswTdi - ok
14:34:32.0839 1368 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
14:34:32.0840 1368 AsyncMac - ok
14:34:32.0875 1368 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
14:34:32.0876 1368 atapi - ok
14:34:32.0997 1368 athr (2846f5ee802889d500fcf5cc48b28381) C:\Windows\system32\DRIVERS\athr.sys
14:34:33.0009 1368 athr - ok
14:34:33.0132 1368 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
14:34:33.0133 1368 Beep - ok
14:34:33.0182 1368 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
14:34:33.0185 1368 blbdrive - ok
14:34:33.0327 1368 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
14:34:33.0329 1368 bowser - ok
14:34:33.0373 1368 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
14:34:33.0374 1368 BrFiltLo - ok
14:34:33.0400 1368 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
14:34:33.0403 1368 BrFiltUp - ok
14:34:33.0455 1368 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
14:34:33.0458 1368 Brserid - ok
14:34:33.0498 1368 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
14:34:33.0501 1368 BrSerWdm - ok
14:34:33.0525 1368 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
14:34:33.0527 1368 BrUsbMdm - ok
14:34:33.0548 1368 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
14:34:33.0549 1368 BrUsbSer - ok
14:34:33.0607 1368 BthEnum (da7b195275bda7f8fcf79b40e0f45dde) C:\Windows\system32\DRIVERS\BthEnum.sys
14:34:33.0608 1368 BthEnum - ok
14:34:33.0660 1368 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
14:34:33.0662 1368 BTHMODEM - ok
14:34:33.0706 1368 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
14:34:33.0709 1368 BthPan - ok
14:34:33.0754 1368 BTHPORT (671134053d59e23704f08db19f11e10b) C:\Windows\system32\Drivers\BTHport.sys
14:34:33.0759 1368 BTHPORT - ok
14:34:33.0788 1368 BTHUSB (93d7007e2c660dfcca6ae72622740b14) C:\Windows\system32\Drivers\BTHUSB.sys
14:34:33.0789 1368 BTHUSB - ok
14:34:33.0940 1368 catchme - ok
14:34:34.0040 1368 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
14:34:34.0042 1368 cdfs - ok
14:34:34.0103 1368 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
14:34:34.0105 1368 cdrom - ok
14:34:34.0175 1368 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
14:34:34.0177 1368 circlass - ok
14:34:34.0227 1368 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
14:34:34.0231 1368 CLFS - ok
14:34:34.0335 1368 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
14:34:34.0336 1368 CmBatt - ok
14:34:34.0435 1368 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
14:34:34.0437 1368 cmdide - ok
14:34:34.0466 1368 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
14:34:34.0469 1368 Compbatt - ok
14:34:34.0491 1368 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
14:34:34.0492 1368 crcdisk - ok
14:34:34.0526 1368 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
14:34:34.0532 1368 Crusoe - ok
14:34:34.0651 1368 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
14:34:34.0661 1368 DfsC - ok
14:34:34.0781 1368 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
14:34:34.0782 1368 disk - ok
14:34:34.0840 1368 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
14:34:34.0842 1368 drmkaud - ok
14:34:34.0955 1368 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
14:34:34.0963 1368 DXGKrnl - ok
14:34:35.0060 1368 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
14:34:35.0073 1368 E1G60 - ok
14:34:35.0160 1368 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
14:34:35.0165 1368 Ecache - ok
14:34:35.0230 1368 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
14:34:35.0238 1368 elxstor - ok
14:34:35.0292 1368 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
14:34:35.0293 1368 ErrDev - ok
14:34:35.0330 1368 ETD (3c1d6b99320c64eb3423e229128d5182) C:\Windows\system32\DRIVERS\ETD.sys
14:34:35.0333 1368 ETD - ok
14:34:35.0379 1368 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
14:34:35.0384 1368 exfat - ok
14:34:35.0421 1368 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
14:34:35.0424 1368 fastfat - ok
14:34:35.0461 1368 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
14:34:35.0463 1368 fdc - ok
14:34:35.0494 1368 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
14:34:35.0497 1368 FileInfo - ok
14:34:35.0535 1368 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
14:34:35.0537 1368 Filetrace - ok
14:34:35.0585 1368 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
14:34:35.0586 1368 flpydisk - ok
14:34:35.0625 1368 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
14:34:35.0629 1368 FltMgr - ok
14:34:35.0703 1368 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
14:34:35.0706 1368 fssfltr - ok
14:34:35.0748 1368 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
14:34:35.0750 1368 Fs_Rec - ok
14:34:35.0777 1368 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
14:34:35.0780 1368 gagp30kx - ok
14:34:35.0899 1368 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
14:34:35.0906 1368 HdAudAddService - ok
14:34:35.0951 1368 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:34:35.0958 1368 HDAudBus - ok
14:34:35.0985 1368 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
14:34:35.0986 1368 HidBth - ok
14:34:36.0023 1368 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
14:34:36.0026 1368 HidIr - ok
14:34:36.0055 1368 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
14:34:36.0057 1368 HidUsb - ok
14:34:36.0098 1368 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
14:34:36.0101 1368 HpCISSs - ok
14:34:36.0155 1368 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
14:34:36.0160 1368 HTTP - ok
14:34:36.0182 1368 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
14:34:36.0184 1368 i2omp - ok
14:34:36.0240 1368 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
14:34:36.0242 1368 i8042prt - ok
14:34:36.0270 1368 iaStor (71ecc07bc7c5e24c3dd01d8a29a24054) C:\Windows\system32\DRIVERS\iaStor.sys
14:34:36.0274 1368 iaStor - ok
14:34:36.0304 1368 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
14:34:36.0310 1368 iaStorV - ok
14:34:36.0672 1368 igfx (dce0b53570703cce580d066f89ef58cd) C:\Windows\system32\DRIVERS\igdkmd32.sys
14:34:36.0757 1368 igfx - ok
14:34:36.0858 1368 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
14:34:36.0861 1368 iirsp - ok
14:34:36.0944 1368 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
14:34:36.0946 1368 intelide - ok
14:34:36.0978 1368 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
14:34:36.0980 1368 intelppm - ok
14:34:37.0028 1368 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:34:37.0032 1368 IpFilterDriver - ok
14:34:37.0045 1368 IpInIp - ok
14:34:37.0083 1368 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
14:34:37.0088 1368 IPMIDRV - ok
14:34:37.0117 1368 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
14:34:37.0119 1368 IPNAT - ok
14:34:37.0144 1368 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
14:34:37.0146 1368 IRENUM - ok
14:34:37.0165 1368 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
14:34:37.0169 1368 isapnp - ok
14:34:37.0209 1368 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
14:34:37.0212 1368 iScsiPrt - ok
14:34:37.0231 1368 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
14:34:37.0235 1368 iteatapi - ok
14:34:37.0259 1368 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
14:34:37.0262 1368 iteraid - ok
14:34:37.0309 1368 k750bus (fe8300320281d658a7854d5cfc02a63f) C:\Windows\system32\DRIVERS\k750bus.sys
14:34:37.0313 1368 k750bus - ok
14:34:37.0349 1368 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
14:34:37.0351 1368 kbdclass - ok
14:34:37.0395 1368 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
14:34:37.0397 1368 kbdhid - ok
14:34:37.0448 1368 kbfiltr (7f2b8d0b31fb4a797e5786ef124c5a80) C:\Windows\system32\DRIVERS\kbfiltr.sys
14:34:37.0451 1368 kbfiltr - ok
14:34:37.0517 1368 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
14:34:37.0521 1368 KSecDD - ok
14:34:37.0601 1368 L1E (24abddeb766c8459f9d562eb083b6cb8) C:\Windows\system32\DRIVERS\L1E60x86.sys
14:34:37.0603 1368 L1E - ok
14:34:37.0669 1368 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
14:34:37.0674 1368 lltdio - ok
14:34:37.0727 1368 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
14:34:37.0730 1368 LSI_FC - ok
14:34:37.0752 1368 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
14:34:37.0756 1368 LSI_SAS - ok
14:34:37.0797 1368 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
14:34:37.0801 1368 LSI_SCSI - ok
14:34:37.0855 1368 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
14:34:37.0858 1368 luafv - ok
14:34:37.0885 1368 lullaby (8039f480c192dd99fed4ebc71ffbf795) C:\Windows\system32\DRIVERS\lullaby.sys
14:34:37.0888 1368 lullaby - ok
14:34:37.0895 1368 Suspicious service (Hidden): lvupdtio
14:34:37.0979 1368 lvupdtio (fed822e9149e9159251cdc37dedf3ca8) C:\Program Files\ASUS\ASUS Live Update\SYS\lvupdtio.sys
14:34:37.0980 1368 lvupdtio ( HiddenService.Multi.Generic ) - warning
14:34:37.0980 1368 lvupdtio - detected HiddenService.Multi.Generic (1)
14:34:38.0093 1368 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
14:34:38.0095 1368 megasas - ok
14:34:38.0140 1368 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
14:34:38.0149 1368 MegaSR - ok
14:34:38.0172 1368 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
14:34:38.0174 1368 Modem - ok
14:34:38.0274 1368 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
14:34:38.0276 1368 monitor - ok
14:34:38.0339 1368 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
14:34:38.0341 1368 mouclass - ok
14:34:38.0382 1368 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
14:34:38.0385 1368 mouhid - ok
14:34:38.0419 1368 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
14:34:38.0421 1368 MountMgr - ok
14:34:38.0448 1368 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
14:34:38.0451 1368 mpio - ok
14:34:38.0475 1368 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
14:34:38.0480 1368 mpsdrv - ok
14:34:38.0545 1368 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
14:34:38.0549 1368 Mraid35x - ok
14:34:38.0581 1368 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
14:34:38.0584 1368 MRxDAV - ok
14:34:38.0655 1368 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:34:38.0658 1368 mrxsmb - ok
14:34:38.0727 1368 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:34:38.0733 1368 mrxsmb10 - ok
14:34:38.0794 1368 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:34:38.0799 1368 mrxsmb20 - ok
14:34:38.0840 1368 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
14:34:38.0843 1368 msahci - ok
14:34:38.0872 1368 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
14:34:38.0875 1368 msdsm - ok
14:34:38.0906 1368 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
14:34:38.0908 1368 Msfs - ok
14:34:38.0942 1368 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
14:34:38.0945 1368 msisadrv - ok
14:34:38.0986 1368 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
14:34:38.0988 1368 MSKSSRV - ok
14:34:39.0067 1368 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
14:34:39.0070 1368 MSPCLOCK - ok
14:34:39.0097 1368 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
14:34:39.0100 1368 MSPQM - ok
14:34:39.0181 1368 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
14:34:39.0185 1368 MsRPC - ok
14:34:39.0270 1368 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
14:34:39.0273 1368 mssmbios - ok
14:34:39.0311 1368 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
14:34:39.0314 1368 MSTEE - ok
14:34:39.0365 1368 MTsensor (bb16693616427eac1a436e106ea8d318) C:\Windows\system32\DRIVERS\ATKACPI.sys
14:34:39.0366 1368 MTsensor - ok
14:34:39.0411 1368 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
14:34:39.0414 1368 Mup - ok
14:34:39.0455 1368 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
14:34:39.0458 1368 NativeWifiP - ok
14:34:39.0482 1368 NAVENG - ok
14:34:39.0488 1368 NAVEX15 - ok
14:34:39.0676 1368 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
14:34:39.0684 1368 NDIS - ok
14:34:39.0727 1368 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
14:34:39.0729 1368 NdisTapi - ok
14:34:39.0755 1368 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
14:34:39.0758 1368 Ndisuio - ok
14:34:39.0799 1368 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
14:34:39.0802 1368 NdisWan - ok
14:34:39.0936 1368 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
14:34:39.0939 1368 NDProxy - ok
14:34:39.0991 1368 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
14:34:39.0994 1368 NetBIOS - ok
14:34:40.0020 1368 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
14:34:40.0023 1368 netbt - ok
14:34:40.0065 1368 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
14:34:40.0069 1368 nfrd960 - ok
14:34:40.0131 1368 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
14:34:40.0134 1368 Npfs - ok
14:34:40.0170 1368 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
14:34:40.0173 1368 nsiproxy - ok
14:34:40.0229 1368 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
14:34:40.0242 1368 Ntfs - ok
14:34:40.0274 1368 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
14:34:40.0277 1368 ntrigdigi - ok
14:34:40.0296 1368 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
14:34:40.0298 1368 Null - ok
14:34:40.0337 1368 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
14:34:40.0344 1368 nvraid - ok
14:34:40.0372 1368 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
14:34:40.0375 1368 nvstor - ok
14:34:40.0449 1368 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
14:34:40.0454 1368 nv_agp - ok
14:34:40.0484 1368 NwlnkFlt - ok
14:34:40.0506 1368 NwlnkFwd - ok
14:34:40.0570 1368 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
14:34:40.0573 1368 ohci1394 - ok
14:34:40.0670 1368 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
14:34:40.0674 1368 Parport - ok
14:34:40.0716 1368 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
14:34:40.0719 1368 partmgr - ok
14:34:40.0742 1368 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
14:34:40.0745 1368 Parvdm - ok
14:34:40.0797 1368 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
14:34:40.0800 1368 pci - ok
14:34:40.0854 1368 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
14:34:40.0857 1368 pciide - ok
14:34:40.0898 1368 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
14:34:40.0904 1368 pcmcia - ok
14:34:40.0970 1368 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
14:34:41.0001 1368 PEAUTH - ok
14:34:41.0139 1368 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
14:34:41.0142 1368 PptpMiniport - ok
14:34:41.0195 1368 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
14:34:41.0199 1368 Processor - ok
14:34:41.0245 1368 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
14:34:41.0248 1368 PSched - ok
14:34:41.0304 1368 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
14:34:41.0339 1368 ql2300 - ok
14:34:41.0369 1368 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
14:34:41.0374 1368 ql40xx - ok
14:34:41.0390 1368 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
14:34:41.0394 1368 QWAVEdrv - ok
14:34:41.0432 1368 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
14:34:41.0435 1368 RasAcd - ok
14:34:41.0459 1368 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:34:41.0462 1368 Rasl2tp - ok
14:34:41.0503 1368 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
14:34:41.0506 1368 RasPppoe - ok
14:34:41.0546 1368 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
14:34:41.0548 1368 RasSstp - ok
14:34:41.0583 1368 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
14:34:41.0590 1368 rdbss - ok
14:34:41.0628 1368 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:34:41.0630 1368 RDPCDD - ok
14:34:41.0689 1368 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
14:34:41.0696 1368 rdpdr - ok
14:34:41.0709 1368 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
14:34:41.0715 1368 RDPENCDD - ok
14:34:41.0763 1368 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
14:34:41.0767 1368 RDPWD - ok
14:34:41.0820 1368 RFCOMM (34cc78c06587718c2ad6d3aa83b1f072) C:\Windows\system32\DRIVERS\rfcomm.sys
14:34:41.0825 1368 RFCOMM - ok
14:34:41.0868 1368 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
14:34:41.0872 1368 rspndr - ok
14:34:41.0912 1368 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
14:34:41.0918 1368 sbp2port - ok
14:34:41.0990 1368 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
14:34:41.0994 1368 sdbus - ok
14:34:42.0027 1368 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
14:34:42.0030 1368 secdrv - ok
14:34:42.0061 1368 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
14:34:42.0064 1368 Serenum - ok
14:34:42.0084 1368 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
14:34:42.0088 1368 Serial - ok
14:34:42.0108 1368 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
14:34:42.0111 1368 sermouse - ok
14:34:42.0141 1368 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
14:34:42.0146 1368 sffdisk - ok
14:34:42.0167 1368 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
14:34:42.0170 1368 sffp_mmc - ok
14:34:42.0184 1368 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
14:34:42.0188 1368 sffp_sd - ok
14:34:42.0238 1368 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
14:34:42.0241 1368 sfloppy - ok
14:34:42.0288 1368 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
14:34:42.0291 1368 sisagp - ok
14:34:42.0315 1368 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
14:34:42.0319 1368 SiSRaid2 - ok
14:34:42.0336 1368 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
14:34:42.0341 1368 SiSRaid4 - ok
14:34:42.0387 1368 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
14:34:42.0390 1368 Smb - ok
14:34:42.0470 1368 smserial (c8a58fc905c9184fa70e37f71060c64d) C:\Windows\system32\DRIVERS\smserial.sys
14:34:42.0504 1368 smserial - ok
14:34:42.0610 1368 SNP2UVC (060f51141b20b8156804446a04ab8b2a) C:\Windows\system32\DRIVERS\snp2uvc.sys
14:34:42.0630 1368 SNP2UVC - ok
14:34:42.0664 1368 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
14:34:42.0667 1368 spldr - ok
14:34:42.0714 1368 SRS_PremiumSound_Service (43e8e8238ff52a807d5c17f1ae5cc49c) C:\Windows\system32\drivers\srs_PremiumSound_i386.sys
14:34:42.0718 1368 SRS_PremiumSound_Service - ok
14:34:42.0737 1368 SRTSP - ok
14:34:42.0751 1368 SRTSPX - ok
14:34:42.0816 1368 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
14:34:42.0824 1368 srv - ok
14:34:42.0877 1368 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
14:34:42.0883 1368 srv2 - ok
14:34:42.0904 1368 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
14:34:42.0910 1368 srvnet - ok
14:34:42.0975 1368 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
14:34:42.0979 1368 swenum - ok
14:34:43.0009 1368 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
14:34:43.0014 1368 Symc8xx - ok
14:34:43.0034 1368 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
14:34:43.0037 1368 Sym_hi - ok
14:34:43.0050 1368 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
14:34:43.0055 1368 Sym_u3 - ok
14:34:43.0130 1368 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
14:34:43.0141 1368 Tcpip - ok
14:34:43.0196 1368 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
14:34:43.0207 1368 Tcpip6 - ok
14:34:43.0255 1368 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
14:34:43.0258 1368 tcpipreg - ok
14:34:43.0284 1368 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
14:34:43.0287 1368 TDPIPE - ok
14:34:43.0313 1368 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
14:34:43.0316 1368 TDTCP - ok
14:34:43.0363 1368 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
14:34:43.0366 1368 tdx - ok
14:34:43.0441 1368 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
14:34:43.0444 1368 TermDD - ok
14:34:43.0530 1368 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:34:43.0533 1368 tssecsrv - ok
14:34:43.0642 1368 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
14:34:43.0646 1368 tunnel - ok
14:34:43.0696 1368 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
14:34:43.0700 1368 uagp35 - ok
14:34:43.0738 1368 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
14:34:43.0745 1368 udfs - ok
14:34:43.0796 1368 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
14:34:43.0800 1368 uliagpkx - ok
14:34:43.0824 1368 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
14:34:43.0832 1368 uliahci - ok
14:34:43.0858 1368 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
14:34:43.0864 1368 UlSata - ok
14:34:43.0908 1368 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
14:34:43.0913 1368 ulsata2 - ok
14:34:43.0945 1368 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
14:34:43.0949 1368 umbus - ok
14:34:43.0998 1368 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
14:34:44.0003 1368 usbaudio - ok
14:34:44.0035 1368 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
14:34:44.0038 1368 usbccgp - ok
14:34:44.0073 1368 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
14:34:44.0079 1368 usbcir - ok
14:34:44.0136 1368 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
14:34:44.0139 1368 usbehci - ok
14:34:44.0161 1368 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
14:34:44.0165 1368 usbhub - ok
14:34:44.0194 1368 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
14:34:44.0197 1368 usbohci - ok
14:34:44.0298 1368 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
14:34:44.0301 1368 usbprint - ok
14:34:44.0347 1368 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
14:34:44.0351 1368 usbscan - ok
14:34:44.0397 1368 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:34:44.0402 1368 USBSTOR - ok
14:34:44.0446 1368 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
14:34:44.0449 1368 usbuhci - ok
14:34:44.0525 1368 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
14:34:44.0531 1368 usbvideo - ok
14:34:44.0571 1368 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
14:34:44.0574 1368 vga - ok
14:34:44.0589 1368 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
14:34:44.0593 1368 VgaSave - ok
14:34:44.0633 1368 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
14:34:44.0637 1368 viaagp - ok
14:34:44.0663 1368 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
14:34:44.0668 1368 ViaC7 - ok
14:34:44.0722 1368 VIAHdAudAddService (6970bc9f9316d3a61d8e0dfd0f2d4cec) C:\Windows\system32\drivers\viahduaa.sys
14:34:44.0734 1368 VIAHdAudAddService - ok
14:34:44.0776 1368 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
14:34:44.0780 1368 viaide - ok
14:34:44.0805 1368 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
14:34:44.0809 1368 volmgr - ok
14:34:44.0849 1368 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
14:34:44.0856 1368 volmgrx - ok
14:34:44.0897 1368 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
14:34:44.0902 1368 volsnap - ok
14:34:44.0967 1368 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
14:34:44.0973 1368 vsmraid - ok
14:34:45.0029 1368 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
14:34:45.0032 1368 WacomPen - ok
14:34:45.0060 1368 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:34:45.0063 1368 Wanarp - ok
14:34:45.0071 1368 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:34:45.0075 1368 Wanarpv6 - ok
14:34:45.0105 1368 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
14:34:45.0108 1368 Wd - ok
14:34:45.0173 1368 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
14:34:45.0181 1368 Wdf01000 - ok
14:34:45.0286 1368 WimFltr (090a2b8f055343815556a01f725f6c35) C:\Windows\system32\DRIVERS\wimfltr.sys
14:34:45.0292 1368 WimFltr - ok
14:34:45.0370 1368 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
14:34:45.0374 1368 WmiAcpi - ok
14:34:45.0440 1368 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
14:34:45.0444 1368 WpdUsb - ok
14:34:45.0484 1368 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
14:34:45.0487 1368 ws2ifsl - ok
14:34:45.0532 1368 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:34:45.0537 1368 WUDFRd - ok
14:34:45.0583 1368 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
14:34:45.0591 1368 yukonwlh - ok
14:34:45.0634 1368 MBR (0x1B8) (64b1e91c5c6c2157642651010728f90f) \Device\Harddisk0\DR0
14:34:45.0702 1368 \Device\Harddisk0\DR0 - ok
14:34:45.0713 1368 Boot (0x1200) (322a99767cf0c5d1949972adb6459210) \Device\Harddisk0\DR0\Partition0
14:34:45.0722 1368 \Device\Harddisk0\DR0\Partition0 - ok
14:34:45.0746 1368 Boot (0x1200) (ebde561e4fbd056bb01741e673a2b267) \Device\Harddisk0\DR0\Partition1
14:34:45.0749 1368 \Device\Harddisk0\DR0\Partition1 - ok
14:34:45.0749 1368 ============================================================
14:34:45.0749 1368 Scan finished
14:34:45.0749 1368 ============================================================
14:34:45.0764 2084 Detected object count: 1
14:34:45.0764 2084 Actual detected object count: 1
14:35:40.0861 2084 lvupdtio ( HiddenService.Multi.Generic ) - skipped by user
14:35:40.0861 2084 lvupdtio ( HiddenService.Multi.Generic ) - User select action: Skip


aswMBR.txt:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-14 14:39:41
-----------------------------
14:39:41.715 OS Version: Windows 6.0.6002 Service Pack 2
14:39:41.715 Number of processors: 2 586 0x170A
14:39:41.717 ComputerName: LOTTAS-DATOR UserName: Lotta
14:39:53.475 Initialize success
14:39:53.588 AVAST engine defs: 12031400
14:41:07.159 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:41:07.162 Disk 0 Vendor: ST925031 0002 Size: 238475MB BusType: 3
14:41:07.222 Disk 0 MBR read successfully
14:41:07.225 Disk 0 MBR scan
14:41:07.229 Disk 0 unknown MBR code
14:41:07.233 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 12001 MB offset 63
14:41:07.244 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 119232 MB offset 24579450
14:41:07.249 Disk 0 Partition - 00 0F Extended LBA 107238 MB offset 268767450
14:41:07.288 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 107238 MB offset 268767513
14:41:07.295 Disk 0 scanning sectors +488392065
14:41:07.375 Disk 0 scanning C:\Windows\system32\drivers
14:41:18.167 Service scanning
14:41:39.217 Modules scanning
14:41:48.637 Disk 0 trace - called modules:
14:41:48.662 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
14:41:48.668 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86e279d8]
14:41:48.674 3 CLASSPNP.SYS[8b1aa8b3] -> nt!IofCallDriver -> [0x85d2ff08]
14:41:48.682 5 acpi.sys[8069b6bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85d3f028]
14:41:49.331 AVAST engine scan C:\Windows
14:41:52.917 AVAST engine scan C:\Windows\system32
14:44:43.225 AVAST engine scan C:\Windows\system32\drivers
14:45:00.906 AVAST engine scan C:\Users\Lotta
15:10:28.376 AVAST engine scan C:\ProgramData
15:12:27.862 Scan finished successfully
15:14:58.576 Disk 0 MBR has been saved successfully to "C:\Users\Lotta\Desktop\MBR.dat"
15:14:58.583 The log file has been saved successfully to "C:\Users\Lotta\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:23 AM

Posted 14 March 2012 - 12:52 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 nille1

nille1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:23 AM

Posted 14 March 2012 - 02:39 PM

Hi,

I've had no problem running combofix and the computer seems to be doing fine after running the script.
I have not experienced much problems at all except for the outlook e-mail not working so it is quite hard to tell any differences.
The same problems have remained regarding the network during the day. It has been going on and off.

Here's the log


ComboFix 12-03-12.03 - Lotta 2012-03-14 19:37:46.2.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.46.1053.18.3036.1775 [GMT 1:00]
Körs från: c:\users\Lotta\Desktop\ComboFix.exe
Kommandoväxlar som använts :: c:\users\Lotta\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts.ics
.
.
(((((((((((((((((((((((( Filer skapade från 2012-02-14 till 2012-03-14 ))))))))))))))))))))))))))))))
.
.
2012-03-14 19:06 . 2012-03-14 19:07 -------- d-----w- c:\users\Lotta\AppData\Local\temp
2012-03-14 19:06 . 2012-03-14 19:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-13 14:19 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D1AF2CE8-B81C-452C-BDFC-F199C1C9A89A}\mpengine.dll
2012-03-10 11:07 . 2012-03-10 11:07 -------- d-----w- c:\users\Lotta\AppData\Local\CrashDumps
2012-03-09 17:08 . 2012-03-09 19:27 -------- d-----w- c:\users\Lotta\AppData\Local\NPE
2012-02-15 13:21 . 2011-12-14 16:17 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 13:21 . 2012-01-12 19:52 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 13:21 . 2011-12-20 10:56 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-10 10:36 . 2009-06-18 00:07 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-03-07 00:15 . 2011-09-29 19:56 41184 ----a-w- c:\windows\avastSS.scr
2012-03-07 00:15 . 2011-09-29 19:56 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-07 00:03 . 2011-09-29 19:57 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-07 00:03 . 2011-09-29 19:57 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-07 00:02 . 2011-09-29 19:57 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-03-07 00:01 . 2011-09-29 19:57 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-07 00:01 . 2011-09-29 19:57 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-07 00:01 . 2011-09-29 19:57 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-23 08:18 . 2009-10-03 07:30 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-16 15:30 . 2012-01-16 15:30 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-01-08 13:40 . 2011-06-02 06:15 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2008-12-23 20:36 . 2008-12-23 20:36 106496 ----a-w- c:\program files\Common Files\CPInstallAction.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-13_15.03.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2012-03-14 13:26 56806 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:02 . 2012-03-14 13:26 84422 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-08-18 17:07 . 2012-03-13 13:59 12462 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1168732761-2237585906-3172119488-1000_UserData.bin
+ 2009-08-18 17:07 . 2012-03-14 13:26 12462 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1168732761-2237585906-3172119488-1000_UserData.bin
+ 2009-08-18 17:03 . 2012-03-14 18:33 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-08-18 17:03 . 2012-03-13 14:14 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-08-18 17:03 . 2012-03-13 14:14 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-08-18 17:03 . 2012-03-14 18:33 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-08-18 17:03 . 2012-03-13 14:14 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-18 17:03 . 2012-03-14 18:33 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-03-14 13:24 . 2012-03-14 13:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-13 13:57 . 2012-03-13 13:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-14 13:24 . 2012-03-14 13:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-13 13:57 . 2012-03-13 13:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-02-09 15:34 . 2011-01-20 16:03 219648 c:\windows\winsxs\x86_microsoft-windows-directx-direct3d10.1_31bf3856ad364e35_7.0.6002.18582_none_432bfbf731de105b\d3d10_1core.dll
- 2010-10-22 21:59 . 2012-03-10 23:09 372036 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-10-22 21:59 . 2012-03-13 23:09 372036 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2006-11-02 10:22 . 2012-03-14 13:30 6291456 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2006-11-02 10:22 . 2012-02-16 20:59 6291456 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2010-10-22 21:59 . 2012-03-10 23:09 2868901 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1168732761-2237585906-3172119488-1000-8192.dat
+ 2010-10-22 21:59 . 2012-03-13 23:09 2868901 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1168732761-2237585906-3172119488-1000-8192.dat
- 2011-05-29 20:18 . 2012-01-16 21:59 1355456 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1168732761-2237585906-3172119488-1000-12288.dat
+ 2011-05-29 20:18 . 2012-03-13 23:09 1355456 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1168732761-2237585906-3172119488-1000-12288.dat
+ 2012-03-14 18:36 . 2012-03-14 18:36 6230016 c:\windows\ERDNT\Hiv-backup\schema.dat
+ 2009-08-23 09:45 . 2012-03-14 13:40 288729196 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* tomma poster & legitima standardposter visas inte.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Lotta\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Lotta\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Lotta\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-21 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl8"="c:\program files\ASUSTek\ASUSDVD 8\PDVD8Serv.exe" [2009-04-16 91432]
"PDVD8LanguageShortcut"="c:\program files\ASUSTek\ASUSDVD 8\Language\Language.exe" [2009-04-16 50472]
"CLMLServer"="c:\program files\Cyberlink\Power2Go\CLMLSvc.exe" [2008-07-19 104936]
"P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-03-23 17149952]
"AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2008-09-30 237568]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304]
"ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2009-03-04 8392704]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2008-12-29 159744]
"ADSMTray"="c:\program files\ASUS\ASUS Data Security Manager\ADSMTray.exe" [2008-04-01 266240]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2008-10-01 851968]
"Wireless Console 3"="c:\program files\ASUS\Wireless Console 3\wcourier.exe" [2009-02-06 1593344]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2009-06-18 3054136]
"ASUS Camera ScreenSaver"="c:\windows\AsScrProlog.exe" [2009-06-18 47672]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-03-06 424352]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-03-24 599328]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\users\Lotta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Lotta\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BankID säkerhetsprogram.lnk - c:\program files\Personal\bin\Personal.exe [2011-9-1 1087896]
FancyStart daemon.lnk - c:\windows\Installer\{567C654B-7FE9-4970-8323-56E8191D1941}\_71A97E24F422AA49EDBF39.exe [2009-6-18 12862]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT
.
--- Övriga tjänster/drivrutiner i minnet ---
.
*NewlyCreated* - 08324393
*NewlyCreated* - ASWMBR
*Deregistered* - 08324393
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Innehåll i mappen 'Schemalagda aktiviteter':
.
2012-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 11:20]
.
2012-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-29 11:20]
.
.
------- Extra genomsökning -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportera till Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-14 20:07
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\VDeck\VDeck.exe -r???????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- DLL'er som "laddats" under processer som körs ---------------------
.
- - - - - - - > 'lsass.exe'(704)
c:\program files\ASUS\ASUS Data Security Manager\ASPWDFLT.dll
.
Sluttid: 2012-03-14 20:19:27
ComboFix-quarantined-files.txt 2012-03-14 19:19
ComboFix2.txt 2012-03-13 15:18
.
Före genomsökningen: 59 462 356 992 byte ledigt
Efter genomsökningen: 59 523 993 600 byte ledigt
.
- - End Of File - - C3B8AA9CC20B9D27080893472ED189FF

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:23 AM

Posted 14 March 2012 - 03:13 PM

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Adobe Reader 9.5.0 - Svenska
Bing Bar
Java™ 6 Update 26
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]
Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close


: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 nille1

nille1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:23 AM

Posted 15 March 2012 - 07:47 AM

Hi, while I was uninstalling bing bar using revo I received à warning from avast saying that a rootkit was found. I choosed the delete option but avast is not even on so it made me wonder.. Should I allow it to restart "in order to complete the removalprocess it is recomended to run a startup scan.... So that avast! can scan your files before Windows have started etc" (translated by myself so maybe not precisly accurate). Sorry if the writing is bad I'm using my phone

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:23 AM

Posted 15 March 2012 - 08:03 AM

I would rather not - I would like to know the location

Most rootkits cannot be removed by antiviruses and it may be an infected system file, if avast was to remove it - it could mean trouble for us



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 nille1

nille1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:23 AM

Posted 15 March 2012 - 09:01 AM

Ok.

Filename: SVC: SeaPor
Name of rootkit: Rootkit:

I made à copy of the screen and that was basicly all it said.

Edited by nille1, 15 March 2012 - 10:33 AM.


#12 nille1

nille1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:23 AM

Posted 15 March 2012 - 11:05 AM

I ran mbam and hijackthis.

mbam didn't find anything and the log is exclusivly in swedish. Let me know if you need something translated.


Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Databasversion: v2012.03.15.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Lotta :: LOTTAS-DATOR [administratör]

2012-03-15 16:44:04
mbam-log-2012-03-15 (16-44-04).txt

Skanningstyp: Snabbskanning
Aktiverade skanningsalternativ: Minne | Start | Register | Filsystem | Heuristik/Extra | Heuristik/Shuriken | PUP | PUM
Inaktiverade skanningsalternativ: P2P
Antal skannade objekt: 182556
Förfluten tid: 5 minut(er), 4 sekund(er)

Upptäckta minnesprocesser: 0
(Inga skadliga poster hittades)

Upptäckta minnesmoduler: 0
(Inga skadliga poster hittades)

Upptäckta registernycklar: 0
(Inga skadliga poster hittades)

Upptäckta registervärden: 0
(Inga skadliga poster hittades)

Upptäckta registerdataposter: 0
(Inga skadliga poster hittades)

Upptäckta mappar: 0
(Inga skadliga poster hittades)

Upptäckta filer: 0
(Inga skadliga poster hittades)

(klar)



Hijackthis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:00:34, on 2012-03-15
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program files\P4G\BatteryLife.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\ASUSTek\ASUSDVD 8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe
C:\Program Files\VIA\VIAudioi\VDeck\VDECK.EXE
C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Windows\AsScrPro.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\FirewallControlPanel.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\notepad.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\ASUSTek\ASUSDVD 8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\ASUSTek\ASUSDVD 8\Language\Language.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [P2Go_Menu] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [AmIcoSinglun] C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [ADSMTray] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe
O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files\ASUS\Wireless Console 3\wcourier.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe
O4 - HKLM\..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe -update activex
O4 - Startup: Dropbox.lnk = C:\Users\Lotta\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: BankID säkerhetsprogram.lnk = C:\Program Files\Personal\bin\Personal.exe
O4 - Global Startup: FancyStart daemon.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - http://service.futuremark.com/gom/receiver/tc/FMSI.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: ADSM Service (ADSMService) - ASUSTek Computer Inc. - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Tjänsten Google Update (gupdate1ca8879228d050) (gupdate1ca8879228d050) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Tjänsten Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe

--
End of file - 11302 bytes

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:23 AM

Posted 15 March 2012 - 03:01 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe"
      O4 - HKLM\..\Run: [P2Go_Menu] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
      O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
      O4 - HKLM\..\Run: [AmIcoSinglun] C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
      O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
      O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe
      O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe
      O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
      O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
      O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
      O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe -update activex
      O4 - Startup: Dropbox.lnk = C:\Users\Lotta\AppData\Roaming\Dropbox\bin\Dropbox.exe
      O4 - Global Startup: BankID säkerhetsprogram.lnk = C:\Program Files\Personal\bin\Personal.exe
      O4 - Global Startup: FancyStart daemon.lnk = ?
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 nille1

nille1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:23 AM

Posted 16 March 2012 - 01:57 PM

Hi,

The first time I ran it a family member accidently stopped it, not sure if it scanned the same files again when I ran it the second time or not but it did not find anything that first time either.

Here is the log I found in C:\Program Files\ESET\ESET Online Scanner (couldn't find a way to "Click on copy to clipboard or copy and paste")


ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=bb08fb893e242d498e0e937610b9ff6b
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-03-16 05:39:21
# local_time=2012-03-16 06:39:21 (+0100, Västeuropa, normaltid)
# country="Sweden"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 94982 94982 0 0
# compatibility_mode=5892 16776574 100 100 273662 169451185 0 0
# compatibility_mode=8192 67108863 100 0 3851 3851 0 0
# scanned=30273
# found=0
# cleaned=0
# scan_time=1148
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=bb08fb893e242d498e0e937610b9ff6b
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-03-16 06:45:10
# local_time=2012-03-16 07:45:10 (+0100, Västeuropa, normaltid)
# country="Sweden"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 96204 96204 0 0
# compatibility_mode=5892 16776574 100 100 274884 169452407 0 0
# compatibility_mode=8192 67108863 100 0 5073 5073 0 0
# scanned=146784
# found=0
# cleaned=0
# scan_time=3875

Edited by nille1, 16 March 2012 - 04:51 PM.


#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:23 AM

Posted 16 March 2012 - 09:04 PM

Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.

Any programs and logs that are left over you can just be deleted from the desktop.

:DeFogger:

Note** This only needs to be run if it was run before - If not then skip it.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
Your Emulation drivers are now re-enabled.


:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image


:remove tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.


:Make your Internet Explorer more secure:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialise and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.


:Make Firefox more secure:

please visit this page to explain how to make Firefox more secure - How to Secure Firefox


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector


:Turn On Automatic Updates:

Turn On Automatic Updates
1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

or visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

:antispyware programs:

I would reccomend the download and installation of some or all of the following programs (all free), and the updating of them regularly:

  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machines.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often.

Here is some great reading about how to be safer online:

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum
and
COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users