Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DOS/alureon.a


  • This topic is locked This topic is locked
2 replies to this topic

#1 heatherd83

heatherd83

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:18 AM

Posted 12 March 2012 - 04:59 PM

This virus is KILLING me. I am posting below as per the preparation guide. Anything you guys can do to help would be much appreciated.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Star Wars at 16:42:21 on 2012-03-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5611.3985 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\Launch Manager\LMutilps32.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Windows\System32\rundll32.exe
C:\ProgramData\Adapterplay.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11f_ActiveX.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 5\DelayLoad.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?ilc=1
uDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW
mDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW
mStart Page = hxxp://www.bing.com/?pc=MAGW
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\IPS\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll
uRun: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
uRun: [Update] rundll32.exe "C:\Users\Star Wars\AppData\Roaming\Adobe\Adobe\klzgc.dll",DllRegisterServer
uRun: [Adapterplay] C:\ProgramData\Adapterplay.exe
uRun: [mshmsi] C:\Users\Star Wars\AppData\Roaming\mshmsi.exe
mRun: [BackupManagerTray] "C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adapterplay] C:\ProgramData\Adapterplay.exe
mRun: [mshmsi] C:\Windows\system32\config\systemprofile\AppData\Roaming\mshmsi.exe
mRun: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
dRun: [Adapterplay] C:\ProgramData\Adapterplay.exe
dRun: [mshmsi] C:\Windows\system32\config\systemprofile\AppData\Roaming\mshmsi.exe
dRun: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{36B05D5B-7893-46BB-9581-A4E9E6779471} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adapterplay] C:\ProgramData\Adapterplay.exe
mRun-x64: [mshmsi] C:\Windows\system32\config\systemprofile\AppData\Roaming\mshmsi.exe
mRun-x64: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
Hosts: 94.63.147.17 www.bing.com
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1207000.00D\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1207000.00D\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1207000.00D\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1207000.00D\SYMEFA64.SYS [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1207000.00D\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1207000.00D\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-1-17 497496]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-5-4 352848]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2011-6-13 873064]
R2 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2010-1-8 23584]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2011-5-4 244624]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [2011-3-9 257344]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 b57xdbd;Broadcom xD Picture Bus Driver Service;C:\Windows\system32\drivers\b57xdbd.sys --> C:\Windows\system32\drivers\b57xdbd.sys [?]
R3 b57xdmp;Broadcom xD Picture vstorp client drv;C:\Windows\system32\drivers\b57xdmp.sys --> C:\Windows\system32\drivers\b57xdmp.sys [?]
R3 bScsiMSa;bScsiMSa;C:\Windows\system32\drivers\bScsiMSa.sys --> C:\Windows\system32\drivers\bScsiMSa.sys [?]
R3 bScsiSDa;bScsiSDa;C:\Windows\system32\DRIVERS\bScsiSDa.sys --> C:\Windows\system32\DRIVERS\bScsiSDa.sys [?]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1207000.00D\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1207000.00D\Ironx64.SYS [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccsvchst.exe [2012-1-31 130008]
S2 SpyroService;Spyro Portal Service;"C:\Program Files (x86)\FS\Spyro Portal\FlashPortal.exe" --> C:\Program Files (x86)\FS\Spyro Portal\FlashPortal.exe [?]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-10 4925184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-03-12 21:37:07 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D7BA23F5-7086-41B3-82D1-AA7EF886CAC3}\offreg.dll
2012-03-12 02:42:45 72728 ----a-w- C:\Users\Star Wars\AppData\Roaming\mshmsi.exe
2012-03-12 01:18:58 72728 ----a-w- C:\ProgramData\Adapterplay.exe
2012-03-12 00:39:44 20480 ----a-w- C:\Windows\svchost.exe
2012-03-12 00:37:20 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\2A29.tmp
2012-03-12 00:37:20 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\2A28.tmp
2012-03-11 23:01:37 8643640 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-03-11 23:01:25 8643640 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D7BA23F5-7086-41B3-82D1-AA7EF886CAC3}\mpengine.dll
2012-03-10 16:53:37 -------- d-----w- C:\Program Files (x86)\Free Window Registry Repair
2012-03-10 14:56:13 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D05BA3E1-24A0-4611-97D6-2E8A15221F8F}\gapaengine.dll
2012-03-10 14:55:35 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-03-10 14:00:50 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{ADCCD04C-1D40-4D9A-9C2C-C64CB1983945}\mpengine.dll
2012-03-10 04:38:05 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\8556.tmp
2012-03-10 04:38:05 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\8555.tmp
2012-03-09 01:51:11 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-03-09 01:48:17 -------- d-----w- C:\b677d01e97a6a7cddbe6e9b2430123
2012-03-08 23:03:44 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\74DC.tmp
2012-03-08 23:03:44 6656 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\74DB.tmp
2012-03-08 15:32:56 -------- d-----w- C:\Windows\Microsoft Antimalware
2012-03-08 15:12:39 -------- d-----w- C:\Windows\Windows Defender Offline
2012-03-08 14:09:58 -------- d-----w- C:\4f5985ca2f07a8ad1cd1bd18009c2675
2012-03-08 00:40:40 -------- d-----w- C:\ProgramData\Recovery
2012-03-04 03:36:55 -------- d-----w- C:\Users\Star Wars\AppData\Local\Akamai
2012-03-03 01:19:25 -------- d-----w- C:\Program Files (x86)\VideoLAN
2012-03-01 06:42:22 -------- d-----w- C:\Windows\SysWow64\C2MP
2012-02-29 05:50:28 -------- d-----w- C:\Users\Star Wars\AppData\Local\{E409E419-E207-492C-BE29-C1D9C9C6EF74}
2012-02-29 05:50:28 -------- d-----w- C:\Users\Star Wars\AppData\Local\{54E312F1-2BE7-4BCD-878C-9419489506DC}
2012-02-28 05:32:48 -------- d-----w- C:\Users\Star Wars\FrostWire
2012-02-28 05:32:46 -------- d-----w- C:\Users\Star Wars\.frostwire5
2012-02-28 05:32:29 -------- d-----w- C:\Program Files (x86)\FrostWire 5
2012-02-28 05:32:21 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-02-28 02:30:24 -------- d-----w- C:\Users\Star Wars\AppData\Local\ElevatedDiagnostics
2012-02-18 12:05:52 33516 ----a-w- C:\Windows\SysWow64\dischandler.exe
2012-02-16 03:34:57 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-02-16 03:34:57 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-02-16 03:34:55 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-02-16 03:34:55 515584 ----a-w- C:\Windows\System32\timedate(7872).cpl
2012-02-16 03:34:55 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-02-16 03:34:54 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-02-16 03:34:53 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-02-16 03:34:47 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-02-16 03:34:47 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2012-02-15 12:09:40 1576448 ----a-w- C:\Windows\System32\VSFilter.dll
2012-02-15 12:08:52 1288192 ----a-w- C:\Windows\SysWow64\VSFilter.dll
2012-02-13 22:26:46 4207616 ----a-w- C:\Windows\System32\ffdshow.ax
2012-02-13 22:26:30 3350528 ----a-w- C:\Windows\SysWow64\ffdshow.ax
2012-02-13 22:26:08 4491776 ----a-w- C:\Windows\System32\ffmpeg.dll
2012-02-13 22:24:56 4407808 ----a-w- C:\Windows\SysWow64\ffmpeg.dll
2012-02-12 14:21:02 553984 ----a-w- C:\Windows\System32\LAVSplitter.ax
2012-02-12 14:21:00 717312 ----a-w- C:\Windows\System32\LAVVideo.ax
2012-02-12 14:20:56 246272 ----a-w- C:\Windows\System32\LAVAudio.ax
2012-02-12 14:20:54 202240 ----a-w- C:\Windows\System32\libbluray.dll
2012-02-12 14:20:46 461824 ----a-w- C:\Windows\SysWow64\LAVSplitter.ax
2012-02-12 14:20:42 562176 ----a-w- C:\Windows\SysWow64\LAVVideo.ax
2012-02-12 14:20:38 215040 ----a-w- C:\Windows\SysWow64\LAVAudio.ax
2012-02-12 14:20:36 172032 ----a-w- C:\Windows\SysWow64\libbluray.dll
2012-02-12 12:35:38 6600253 ----a-w- C:\Windows\System32\avcodec-lav-53.dll
2012-02-12 12:35:38 386864 ----a-w- C:\Windows\System32\swscale-lav-2.dll
2012-02-12 12:35:38 209331 ----a-w- C:\Windows\System32\avutil-lav-51.dll
2012-02-12 12:35:38 126340 ----a-w- C:\Windows\System32\avfilter-lav-2.dll
2012-02-12 12:35:38 1023331 ----a-w- C:\Windows\System32\avformat-lav-53.dll
2012-02-12 12:33:30 360729 ----a-w- C:\Windows\SysWow64\swscale-lav-2.dll
2012-02-12 12:33:30 203818 ----a-w- C:\Windows\SysWow64\avutil-lav-51.dll
2012-02-12 12:33:30 1143059 ----a-w- C:\Windows\SysWow64\avformat-lav-53.dll
2012-02-12 12:33:28 6414616 ----a-w- C:\Windows\SysWow64\avcodec-lav-53.dll
2012-02-12 12:33:28 138774 ----a-w- C:\Windows\SysWow64\avfilter-lav-2.dll
2012-02-12 12:17:06 181760 ----a-w- C:\Windows\System32\IntelQuickSyncDecoder.dll
2012-02-12 12:16:48 147456 ----a-w- C:\Windows\SysWow64\IntelQuickSyncDecoder.dll
.
==================== Find3M ====================
.
2012-02-27 07:07:31 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-08 22:55:46 474624 ----a-w- C:\Windows\System32\ff_kernelDeint.dll
2012-02-08 22:55:30 92160 ----a-w- C:\Windows\System32\ff_vfw.dll
2012-02-08 22:54:58 631296 ----a-w- C:\Windows\System32\TomsMoComp_ff.dll
2012-02-08 22:54:28 183808 ----a-w- C:\Windows\System32\ff_unrar.dll
2012-02-08 22:54:28 114688 ----a-w- C:\Windows\System32\ff_wmv9.dll
2012-02-08 22:54:26 359424 ----a-w- C:\Windows\System32\ff_libfaad2.dll
2012-02-08 22:54:26 156672 ----a-w- C:\Windows\System32\ff_libmad.dll
2012-02-08 22:54:24 1532928 ----a-w- C:\Windows\System32\ff_samplerate.dll
2012-02-08 22:54:24 116224 ----a-w- C:\Windows\System32\ff_liba52.dll
2012-02-08 22:54:22 222720 ----a-w- C:\Windows\System32\ff_libdts.dll
2012-02-08 22:54:20 190464 ----a-w- C:\Windows\System32\libmpeg2_ff.dll
2012-02-08 22:53:06 79360 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
2012-02-08 22:52:02 260608 ----a-w- C:\Windows\SysWow64\TomsMoComp_ff.dll
2012-02-08 22:51:54 99840 ----a-w- C:\Windows\SysWow64\ff_wmv9.dll
2012-02-08 22:51:54 158720 ----a-w- C:\Windows\SysWow64\ff_unrar.dll
2012-02-08 22:51:52 1525248 ----a-w- C:\Windows\SysWow64\ff_samplerate.dll
2012-02-08 22:51:52 146944 ----a-w- C:\Windows\SysWow64\ff_libmad.dll
2012-02-08 22:51:50 212480 ----a-w- C:\Windows\SysWow64\ff_libdts.dll
2012-02-08 22:51:50 115200 ----a-w- C:\Windows\SysWow64\ff_liba52.dll
2012-02-08 22:51:48 328704 ----a-w- C:\Windows\SysWow64\ff_libfaad2.dll
2012-02-08 22:51:48 137728 ----a-w- C:\Windows\SysWow64\libmpeg2_ff.dll
2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-30 22:30:22 424960 ----a-w- C:\Windows\System32\cdxareader.ax
2012-01-30 22:30:08 500224 ----a-w- C:\Windows\System32\FLVSplitter.ax
2012-01-30 22:29:24 381440 ----a-w- C:\Windows\SysWow64\cdxareader.ax
2012-01-30 22:29:08 445440 ----a-w- C:\Windows\SysWow64\FLVSplitter.ax
2012-01-15 05:44:28 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2011-12-31 01:02:52 23896 ----a-w- C:\Windows\System32\RegistryDefragBootTime.exe
2011-12-14 07:11:03 2308096 ----a-w- C:\Windows\System32\jscript9.dll
2011-12-14 07:04:30 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-12-14 07:03:38 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-12-14 06:57:28 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-12-14 03:04:54 1798656 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 16:44:46.64 ===============

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:18 AM

Posted 12 March 2012 - 05:02 PM

Hi,

Please do the following:

  • Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool.
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click Scan

  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:06:18 AM

Posted 20 March 2012 - 07:20 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users