Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Olmasco.O trojan / svchost.exe (1412)


  • This topic is locked This topic is locked
31 replies to this topic

#16 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:56 PM

Posted 30 July 2012 - 01:27 AM

Move tdsskiller.exe and aswMBR.exe to this folder:

C:\Program Files\Malwarebytes' Anti-Malware\Chameleon

Install the Chameleon driver by doing the following:

Press the Windows key + R and in the Run box, copy and paste the following command then press Enter.

"C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe" /o

A black DOS prompt will appear with a prompt to press any key to continue, please do so.

Run aswMBR.exe and tdsskiller.exe as per the previous instructions.

Obviously, you will have to navigate to their new location to run them. Let me know if you have trouble.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

BC AdBot (Login to Remove)

 


#17 dajoker

dajoker
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:56 PM

Posted 30 July 2012 - 03:03 AM

Ok! Worked perfectly...

09:27:30.0328 0404 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
09:27:30.0546 0404 ============================================================
09:27:30.0546 0404 Current date / time: 2012/07/30 09:27:30.0546
09:27:30.0546 0404 SystemInfo:
09:27:30.0546 0404
09:27:30.0546 0404 OS Version: 5.1.2600 ServicePack: 3.0
09:27:30.0546 0404 Product type: Workstation
09:27:30.0546 0404 ComputerName: BOJ
09:27:30.0546 0404 Windows directory: C:\WINDOWS
09:27:30.0546 0404 System windows directory: C:\WINDOWS
09:27:30.0546 0404 Processor architecture: Intel x86
09:27:30.0546 0404 Number of processors: 2
09:27:30.0546 0404 Page size: 0x1000
09:27:30.0546 0404 Boot type: Normal boot
09:27:30.0546 0404 ============================================================
09:27:32.0000 0404 Drive \Device\Harddisk0\DR0 - Size: 0x4A85C4DE00 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
09:27:32.0015 0404 ============================================================
09:27:32.0015 0404 \Device\Harddisk0\DR0:
09:27:32.0015 0404 MBR partitions:
09:27:32.0015 0404 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x7530462
09:27:32.0015 0404 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x75304A1, BlocksNum 0x1DEFD220
09:27:32.0015 0404 ============================================================
09:27:32.0046 0404 C: <-> \Device\Harddisk0\DR0\Partition0
09:27:32.0078 0404 I: <-> \Device\Harddisk0\DR0\Partition1
09:27:32.0078 0404 ============================================================
09:27:32.0078 0404 Initialize success
09:27:32.0078 0404 ============================================================
09:27:34.0843 3500 ============================================================
09:27:34.0843 3500 Scan started
09:27:34.0843 3500 Mode: Manual;
09:27:34.0843 3500 ============================================================
09:27:35.0421 3500 Abiosdsk - ok
09:27:35.0437 3500 abp480n5 - ok
09:27:35.0468 3500 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:27:35.0468 3500 ACPI - ok
09:27:35.0500 3500 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
09:27:35.0515 3500 ACPIEC - ok
09:27:35.0562 3500 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:27:35.0562 3500 AdobeFlashPlayerUpdateSvc - ok
09:27:35.0578 3500 adpu160m - ok
09:27:35.0593 3500 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:27:35.0625 3500 aec - ok
09:27:35.0656 3500 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
09:27:35.0656 3500 AFD - ok
09:27:35.0671 3500 Aha154x - ok
09:27:35.0671 3500 aic78u2 - ok
09:27:35.0671 3500 aic78xx - ok
09:27:35.0703 3500 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
09:27:35.0703 3500 Alerter - ok
09:27:35.0718 3500 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
09:27:35.0734 3500 ALG - ok
09:27:35.0734 3500 AliIde - ok
09:27:35.0734 3500 amsint - ok
09:27:35.0765 3500 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
09:27:35.0765 3500 AppMgmt - ok
09:27:35.0781 3500 asc - ok
09:27:35.0781 3500 asc3350p - ok
09:27:35.0781 3500 asc3550 - ok
09:27:35.0859 3500 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
09:27:35.0859 3500 aspnet_state - ok
09:27:35.0890 3500 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:27:35.0906 3500 AsyncMac - ok
09:27:35.0921 3500 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:27:35.0921 3500 atapi - ok
09:27:35.0921 3500 Atdisk - ok
09:27:35.0953 3500 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:27:35.0968 3500 Atmarpc - ok
09:27:35.0984 3500 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
09:27:35.0984 3500 AudioSrv - ok
09:27:36.0015 3500 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:27:36.0031 3500 audstub - ok
09:27:36.0093 3500 Autodesk Licensing Service (ea2d28bbe98256654397cd1f6eaebdd8) C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
09:27:36.0109 3500 Autodesk Licensing Service - ok
09:27:36.0125 3500 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:27:36.0156 3500 Beep - ok
09:27:36.0187 3500 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
09:27:36.0187 3500 BITS - ok
09:27:36.0218 3500 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
09:27:36.0234 3500 Browser - ok
09:27:36.0296 3500 catchme - ok
09:27:36.0328 3500 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:27:36.0359 3500 cbidf2k - ok
09:27:36.0359 3500 cd20xrnt - ok
09:27:36.0375 3500 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:27:36.0406 3500 Cdaudio - ok
09:27:36.0421 3500 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:27:36.0453 3500 Cdfs - ok
09:27:36.0531 3500 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:27:36.0578 3500 Cdrom - ok
09:27:36.0578 3500 Changer - ok
09:27:36.0625 3500 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
09:27:36.0625 3500 CiSvc - ok
09:27:36.0734 3500 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
09:27:36.0734 3500 ClipSrv - ok
09:27:36.0781 3500 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:27:36.0796 3500 clr_optimization_v2.0.50727_32 - ok
09:27:36.0796 3500 CmdIde - ok
09:27:36.0796 3500 COMSysApp - ok
09:27:36.0812 3500 Cpqarray - ok
09:27:36.0828 3500 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
09:27:36.0843 3500 CryptSvc - ok
09:27:36.0843 3500 dac2w2k - ok
09:27:36.0843 3500 dac960nt - ok
09:27:36.0890 3500 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
09:27:36.0890 3500 DcomLaunch - ok
09:27:36.0906 3500 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
09:27:36.0906 3500 Dhcp - ok
09:27:36.0921 3500 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:27:36.0937 3500 Disk - ok
09:27:37.0046 3500 Diskeeper (d5dd4633fad3e2cdc4d7e7353ae6d61d) C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
09:27:37.0062 3500 Diskeeper - ok
09:27:37.0062 3500 dmadmin - ok
09:27:37.0109 3500 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:27:37.0156 3500 dmboot - ok
09:27:37.0187 3500 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
09:27:37.0218 3500 dmio - ok
09:27:37.0218 3500 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:27:37.0250 3500 dmload - ok
09:27:37.0281 3500 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
09:27:37.0281 3500 dmserver - ok
09:27:37.0281 3500 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:27:37.0296 3500 DMusic - ok
09:27:37.0312 3500 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
09:27:37.0328 3500 Dnscache - ok
09:27:37.0359 3500 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
09:27:37.0359 3500 Dot3svc - ok
09:27:37.0359 3500 dpti2o - ok
09:27:37.0359 3500 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:27:37.0390 3500 drmkaud - ok
09:27:37.0406 3500 eamon (23a6e5a600d3743be536161e9c6f2043) C:\WINDOWS\system32\DRIVERS\eamon.sys
09:27:37.0406 3500 eamon - ok
09:27:37.0421 3500 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
09:27:37.0421 3500 EapHost - ok
09:27:37.0437 3500 easdrv (0ed4fa004a79e44df4dbdc85f44fc1fd) C:\WINDOWS\system32\DRIVERS\easdrv.sys
09:27:37.0437 3500 easdrv - ok
09:27:37.0484 3500 EhttpSrv (70f11ce0d141c7642f38853c71f68227) C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
09:27:37.0484 3500 EhttpSrv - ok
09:27:37.0515 3500 ekrn (f5179458b21780a88056c142f395406f) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
09:27:37.0515 3500 ekrn - ok
09:27:37.0531 3500 epfwtdir (ccfb3bb29c08fcab134f237743bb0311) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
09:27:37.0562 3500 epfwtdir - ok
09:27:37.0562 3500 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
09:27:37.0562 3500 ERSvc - ok
09:27:37.0593 3500 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
09:27:37.0609 3500 Eventlog - ok
09:27:37.0640 3500 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
09:27:37.0640 3500 EventSystem - ok
09:27:37.0671 3500 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:27:37.0703 3500 Fastfat - ok
09:27:37.0734 3500 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:27:37.0734 3500 FastUserSwitchingCompatibility - ok
09:27:37.0750 3500 FaxLffv2 (fadc2b2461c04663d1eda750b9b846f4) C:\WINDOWS\system32\Drivers\FaxLffv2.sys
09:27:37.0781 3500 FaxLffv2 - ok
09:27:37.0781 3500 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
09:27:37.0812 3500 Fdc - ok
09:27:37.0812 3500 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:27:37.0843 3500 Fips - ok
09:27:37.0890 3500 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
09:27:37.0906 3500 FLEXnet Licensing Service - ok
09:27:37.0906 3500 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
09:27:37.0937 3500 Flpydisk - ok
09:27:37.0968 3500 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
09:27:37.0984 3500 FltMgr - ok
09:27:38.0046 3500 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
09:27:38.0046 3500 FontCache3.0.0.0 - ok
09:27:38.0062 3500 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:27:38.0093 3500 Fs_Rec - ok
09:27:38.0093 3500 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:27:38.0125 3500 Ftdisk - ok
09:27:38.0140 3500 FUSServices (0e427f5b65cded2271222a655b836605) C:\WINDOWS\system32\FUSServices.exe
09:27:38.0156 3500 FUSServices - ok
09:27:38.0171 3500 gdrv (ad6bd6bdc97bede8a5507ee01220c00f) C:\WINDOWS\gdrv.sys
09:27:38.0203 3500 gdrv - ok
09:27:38.0218 3500 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:27:38.0234 3500 Gpc - ok
09:27:38.0296 3500 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
09:27:38.0296 3500 gupdate - ok
09:27:38.0296 3500 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
09:27:38.0296 3500 gupdatem - ok
09:27:38.0328 3500 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
09:27:38.0328 3500 HDAudBus - ok
09:27:38.0359 3500 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:27:38.0359 3500 helpsvc - ok
09:27:38.0390 3500 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
09:27:38.0390 3500 HidServ - ok
09:27:38.0406 3500 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:27:38.0421 3500 HidUsb - ok
09:27:38.0453 3500 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
09:27:38.0453 3500 hkmsvc - ok
09:27:38.0453 3500 hpn - ok
09:27:38.0484 3500 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:27:38.0484 3500 HTTP - ok
09:27:38.0484 3500 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
09:27:38.0500 3500 HTTPFilter - ok
09:27:38.0500 3500 i2omgmt - ok
09:27:38.0500 3500 i2omp - ok
09:27:38.0515 3500 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
09:27:38.0562 3500 i8042prt - ok
09:27:38.0625 3500 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:27:38.0640 3500 idsvc - ok
09:27:38.0640 3500 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:27:38.0671 3500 Imapi - ok
09:27:38.0687 3500 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
09:27:38.0703 3500 ImapiService - ok
09:27:38.0703 3500 ini910u - ok
09:27:38.0890 3500 IntcAzAudAddService (60d7460b07012d364ced11dd9fd83e1f) C:\WINDOWS\system32\drivers\RtkHDAud.sys
09:27:38.0921 3500 IntcAzAudAddService - ok
09:27:38.0984 3500 IntelIde - ok
09:27:39.0000 3500 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
09:27:39.0031 3500 intelppm - ok
09:27:39.0046 3500 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
09:27:39.0093 3500 Ip6Fw - ok
09:27:39.0109 3500 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:27:39.0156 3500 IpFilterDriver - ok
09:27:39.0171 3500 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:27:39.0187 3500 IpInIp - ok
09:27:39.0218 3500 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:27:39.0218 3500 IpNat - ok
09:27:39.0265 3500 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:27:39.0296 3500 IPSec - ok
09:27:39.0312 3500 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:27:39.0343 3500 IRENUM - ok
09:27:39.0359 3500 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:27:39.0375 3500 isapnp - ok
09:27:39.0468 3500 JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Program Files\Java\jre6\bin\jqs.exe
09:27:39.0484 3500 JavaQuickStarterService - ok
09:27:39.0484 3500 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:27:39.0515 3500 Kbdclass - ok
09:27:39.0515 3500 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:27:39.0546 3500 kbdhid - ok
09:27:39.0562 3500 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:27:39.0562 3500 kmixer - ok
09:27:39.0593 3500 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:27:39.0609 3500 KSecDD - ok
09:27:39.0640 3500 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
09:27:39.0640 3500 lanmanserver - ok
09:27:39.0656 3500 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
09:27:39.0671 3500 lanmanworkstation - ok
09:27:39.0671 3500 lbrtfdc - ok
09:27:39.0687 3500 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
09:27:39.0687 3500 LmHosts - ok
09:27:39.0718 3500 mbamchameleon (6c1b3c47915a8bf6bd752c9d476b1ca5) C:\WINDOWS\system32\drivers\mbamchameleon.sys
09:27:39.0718 3500 mbamchameleon - ok
09:27:39.0750 3500 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\WINDOWS\system32\drivers\mbam.sys
09:27:39.0750 3500 MBAMProtector - ok
09:27:39.0781 3500 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
09:27:39.0781 3500 MBAMService - ok
09:27:39.0812 3500 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
09:27:39.0812 3500 Messenger - ok
09:27:39.0859 3500 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
09:27:39.0875 3500 Microsoft Office Groove Audit Service - ok
09:27:39.0890 3500 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:27:39.0906 3500 mnmdd - ok
09:27:39.0937 3500 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
09:27:39.0937 3500 mnmsrvc - ok
09:27:39.0953 3500 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:27:39.0984 3500 Modem - ok
09:27:40.0000 3500 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:27:40.0015 3500 Mouclass - ok
09:27:40.0046 3500 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:27:40.0062 3500 mouhid - ok
09:27:40.0078 3500 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:27:40.0093 3500 MountMgr - ok
09:27:40.0125 3500 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
09:27:40.0125 3500 MozillaMaintenance - ok
09:27:40.0140 3500 mraid35x - ok
09:27:40.0140 3500 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:27:40.0187 3500 MRxDAV - ok
09:27:40.0250 3500 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:27:40.0281 3500 MRxSmb - ok
09:27:40.0296 3500 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
09:27:40.0296 3500 MSDTC - ok
09:27:40.0296 3500 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:27:40.0328 3500 Msfs - ok
09:27:40.0328 3500 MSIServer - ok
09:27:40.0343 3500 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:27:40.0359 3500 MSKSSRV - ok
09:27:40.0375 3500 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:27:40.0406 3500 MSPCLOCK - ok
09:27:40.0421 3500 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:27:40.0437 3500 MSPQM - ok
09:27:40.0453 3500 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:27:40.0453 3500 mssmbios - ok
09:27:40.0468 3500 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
09:27:40.0484 3500 Mup - ok
09:27:40.0515 3500 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
09:27:40.0531 3500 napagent - ok
09:27:40.0531 3500 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:27:40.0546 3500 NDIS - ok
09:27:40.0562 3500 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:27:40.0593 3500 NdisTapi - ok
09:27:40.0609 3500 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:27:40.0625 3500 Ndisuio - ok
09:27:40.0640 3500 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:27:40.0656 3500 NdisWan - ok
09:27:40.0687 3500 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
09:27:40.0703 3500 NDProxy - ok
09:27:40.0718 3500 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:27:40.0750 3500 NetBIOS - ok
09:27:40.0765 3500 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:27:40.0781 3500 NetBT - ok
09:27:40.0812 3500 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
09:27:40.0812 3500 NetDDE - ok
09:27:40.0828 3500 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
09:27:40.0828 3500 NetDDEdsdm - ok
09:27:40.0843 3500 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:27:40.0859 3500 Netlogon - ok
09:27:40.0875 3500 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
09:27:40.0890 3500 Netman - ok
09:27:40.0937 3500 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:27:40.0953 3500 NetTcpPortSharing - ok
09:27:40.0968 3500 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
09:27:40.0984 3500 Nla - ok
09:27:41.0000 3500 nmwcd (b0a67de1a128389aea4d42c5a56215fd) C:\WINDOWS\system32\drivers\ccdcmb.sys
09:27:41.0015 3500 nmwcd - ok
09:27:41.0031 3500 nmwcdc (025c54f9f8c8bc1894ea38529c742c54) C:\WINDOWS\system32\drivers\ccdcmbo.sys
09:27:41.0031 3500 nmwcdc - ok
09:27:41.0062 3500 nmwcdnsu (4f0de685a96dc843ccc8a861b3fac12d) C:\WINDOWS\system32\drivers\nmwcdnsu.sys
09:27:41.0062 3500 nmwcdnsu - ok
09:27:41.0093 3500 nmwcdnsuc (578117c0c0cf10d99c8853e83c4bc63c) C:\WINDOWS\system32\drivers\nmwcdnsuc.sys
09:27:41.0093 3500 nmwcdnsuc - ok
09:27:41.0109 3500 nmwcdsa (a579a2cc4768b4b3f7e4f86808ea8206) C:\WINDOWS\system32\drivers\nmwcdsa.sys
09:27:41.0125 3500 nmwcdsa - ok
09:27:41.0125 3500 nmwcdsac (0a6436274d5cdb33b6ac2fc304037d82) C:\WINDOWS\system32\drivers\nmwcdsac.sys
09:27:41.0140 3500 nmwcdsac - ok
09:27:41.0140 3500 nmwcdsacj (23ca32dec0f1e68448c9c3c1f2e1deee) C:\WINDOWS\system32\drivers\nmwcdsacj.sys
09:27:41.0171 3500 nmwcdsacj - ok
09:27:41.0187 3500 nmwcdsacm (23ca32dec0f1e68448c9c3c1f2e1deee) C:\WINDOWS\system32\drivers\nmwcdsacm.sys
09:27:41.0203 3500 nmwcdsacm - ok
09:27:41.0218 3500 NOD32FiXTemDono - ok
09:27:41.0265 3500 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:27:41.0281 3500 Npfs - ok
09:27:41.0328 3500 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:27:41.0359 3500 Ntfs - ok
09:27:41.0390 3500 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:27:41.0390 3500 NtLmSsp - ok
09:27:41.0421 3500 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
09:27:41.0421 3500 NtmsSvc - ok
09:27:41.0453 3500 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:27:41.0468 3500 Null - ok
09:27:41.0750 3500 nv (ceab17ba3e0f7de96a4649f896b35131) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
09:27:41.0890 3500 nv - ok
09:27:41.0968 3500 NVSvc (df6fd57d6807ae459b3463fbfda02d49) C:\WINDOWS\system32\nvsvc32.exe
09:27:41.0968 3500 NVSvc - ok
09:27:42.0000 3500 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:27:42.0015 3500 NwlnkFlt - ok
09:27:42.0031 3500 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:27:42.0062 3500 NwlnkFwd - ok
09:27:42.0140 3500 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:27:42.0156 3500 odserv - ok
09:27:42.0187 3500 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:27:42.0187 3500 ose - ok
09:27:42.0234 3500 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
09:27:42.0265 3500 Parport - ok
09:27:42.0281 3500 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:27:42.0296 3500 PartMgr - ok
09:27:42.0328 3500 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:27:42.0343 3500 ParVdm - ok
09:27:42.0359 3500 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
09:27:42.0375 3500 pccsmcfd - ok
09:27:42.0375 3500 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
09:27:42.0406 3500 PCI - ok
09:27:42.0406 3500 PCIDump - ok
09:27:42.0406 3500 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:27:42.0437 3500 PCIIde - ok
09:27:42.0453 3500 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
09:27:42.0500 3500 Pcmcia - ok
09:27:42.0500 3500 PDCOMP - ok
09:27:42.0500 3500 PDFRAME - ok
09:27:42.0515 3500 PDRELI - ok
09:27:42.0515 3500 PDRFRAME - ok
09:27:42.0515 3500 perc2 - ok
09:27:42.0531 3500 perc2hib - ok
09:27:42.0578 3500 PEVSystemStart (f042ee4c8d66248d9b86dcf52abae416) C:\ComboFix\pev.3XE
09:27:42.0578 3500 PEVSystemStart - ok
09:27:42.0593 3500 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
09:27:42.0609 3500 PlugPlay - ok
09:27:42.0609 3500 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:27:42.0625 3500 PolicyAgent - ok
09:27:42.0625 3500 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:27:42.0656 3500 PptpMiniport - ok
09:27:42.0656 3500 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:27:42.0656 3500 ProtectedStorage - ok
09:27:42.0671 3500 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:27:42.0718 3500 PSched - ok
09:27:42.0718 3500 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:27:42.0734 3500 Ptilink - ok
09:27:42.0750 3500 ql1080 - ok
09:27:42.0750 3500 Ql10wnt - ok
09:27:42.0750 3500 ql12160 - ok
09:27:42.0765 3500 ql1240 - ok
09:27:42.0765 3500 ql1280 - ok
09:27:42.0765 3500 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:27:42.0796 3500 RasAcd - ok
09:27:42.0828 3500 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
09:27:42.0828 3500 RasAuto - ok
09:27:42.0859 3500 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:27:42.0875 3500 Rasl2tp - ok
09:27:42.0906 3500 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
09:27:42.0921 3500 RasMan - ok
09:27:42.0921 3500 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:27:42.0953 3500 RasPppoe - ok
09:27:42.0953 3500 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:27:42.0968 3500 Raspti - ok
09:27:42.0984 3500 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:27:43.0062 3500 Rdbss - ok
09:27:43.0093 3500 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:27:43.0125 3500 RDPCDD - ok
09:27:43.0125 3500 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:27:43.0156 3500 rdpdr - ok
09:27:43.0187 3500 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
09:27:43.0218 3500 RDPWD - ok
09:27:43.0234 3500 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
09:27:43.0250 3500 RDSessMgr - ok
09:27:43.0265 3500 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:27:43.0281 3500 redbook - ok
09:27:43.0312 3500 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
09:27:43.0312 3500 RemoteAccess - ok
09:27:43.0328 3500 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
09:27:43.0343 3500 RemoteRegistry - ok
09:27:43.0359 3500 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
09:27:43.0359 3500 RpcLocator - ok
09:27:43.0390 3500 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
09:27:43.0406 3500 RpcSs - ok
09:27:43.0437 3500 rspndr (0e11b35e972796042044bc27ce13b065) C:\WINDOWS\system32\DRIVERS\rspndr.sys
09:27:43.0468 3500 rspndr - ok
09:27:43.0500 3500 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
09:27:43.0500 3500 RSVP - ok
09:27:43.0531 3500 RTLE8023xp (25be98c05808c57e4d8d26477dc12d39) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
09:27:43.0578 3500 RTLE8023xp - ok
09:27:43.0593 3500 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:27:43.0593 3500 SamSs - ok
09:27:43.0609 3500 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
09:27:43.0625 3500 SCardSvr - ok
09:27:43.0656 3500 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
09:27:43.0656 3500 Schedule - ok
09:27:43.0687 3500 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:27:43.0718 3500 Secdrv - ok
09:27:43.0718 3500 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
09:27:43.0718 3500 seclogon - ok
09:27:43.0734 3500 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
09:27:43.0734 3500 SENS - ok
09:27:43.0734 3500 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
09:27:43.0765 3500 serenum - ok
09:27:43.0765 3500 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
09:27:43.0812 3500 Serial - ok
09:27:43.0890 3500 ServiceLayer (668043f192ab9659761a349a4703600d) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
09:27:43.0906 3500 ServiceLayer - ok
09:27:43.0921 3500 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
09:27:43.0937 3500 Sfloppy - ok
09:27:43.0984 3500 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
09:27:43.0984 3500 SharedAccess - ok
09:27:44.0015 3500 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:27:44.0015 3500 ShellHWDetection - ok
09:27:44.0031 3500 Simbad - ok
09:27:44.0031 3500 Sparrow - ok
09:27:44.0046 3500 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:27:44.0062 3500 splitter - ok
09:27:44.0093 3500 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
09:27:44.0109 3500 Spooler - ok
09:27:44.0156 3500 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\system32\Drivers\sptd.sys
09:27:44.0156 3500 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
09:27:44.0156 3500 sptd ( LockedFile.Multi.Generic ) - warning
09:27:44.0156 3500 sptd - detected LockedFile.Multi.Generic (1)
09:27:44.0171 3500 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
09:27:44.0203 3500 sr - ok
09:27:44.0250 3500 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
09:27:44.0250 3500 srservice - ok
09:27:44.0296 3500 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
09:27:44.0328 3500 Srv - ok
09:27:44.0343 3500 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
09:27:44.0359 3500 SSDPSRV - ok
09:27:44.0375 3500 SSUSBDownload (45190901f75aa3353dee12837c5e1769) C:\WINDOWS\system32\DRIVERS\SSUSBDownload.sys
09:27:44.0390 3500 SSUSBDownload - ok
09:27:44.0421 3500 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
09:27:44.0437 3500 stisvc - ok
09:27:44.0468 3500 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:27:44.0484 3500 swenum - ok
09:27:44.0500 3500 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:27:44.0546 3500 swmidi - ok
09:27:44.0546 3500 SwPrv - ok
09:27:44.0562 3500 symc810 - ok
09:27:44.0562 3500 symc8xx - ok
09:27:44.0562 3500 sym_hi - ok
09:27:44.0578 3500 sym_u3 - ok
09:27:44.0578 3500 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:27:44.0593 3500 sysaudio - ok
09:27:44.0609 3500 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
09:27:44.0625 3500 SysmonLog - ok
09:27:44.0640 3500 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
09:27:44.0656 3500 TapiSrv - ok
09:27:44.0687 3500 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:27:44.0718 3500 Tcpip - ok
09:27:44.0734 3500 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:27:44.0750 3500 TDPIPE - ok
09:27:44.0765 3500 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:27:44.0781 3500 TDTCP - ok
09:27:44.0796 3500 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:27:44.0843 3500 TermDD - ok
09:27:44.0875 3500 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
09:27:44.0890 3500 TermService - ok
09:27:44.0906 3500 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:27:44.0906 3500 Themes - ok
09:27:44.0937 3500 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
09:27:44.0953 3500 TlntSvr - ok
09:27:44.0953 3500 TosIde - ok
09:27:44.0968 3500 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
09:27:44.0984 3500 TrkWks - ok
09:27:45.0000 3500 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:27:45.0031 3500 Udfs - ok
09:27:45.0031 3500 ultra - ok
09:27:45.0062 3500 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:27:45.0109 3500 Update - ok
09:27:45.0140 3500 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
09:27:45.0140 3500 upnphost - ok
09:27:45.0156 3500 upperdev (78b74af8727a28c128e164e9b53a5413) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
09:27:45.0171 3500 upperdev - ok
09:27:45.0171 3500 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
09:27:45.0187 3500 UPS - ok
09:27:45.0203 3500 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:27:45.0234 3500 usbccgp - ok
09:27:45.0250 3500 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:27:45.0265 3500 usbehci - ok
09:27:45.0281 3500 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:27:45.0312 3500 usbhub - ok
09:27:45.0312 3500 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:27:45.0343 3500 usbprint - ok
09:27:45.0359 3500 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:27:45.0375 3500 usbscan - ok
09:27:45.0390 3500 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
09:27:45.0406 3500 usbser - ok
09:27:45.0421 3500 UsbserFilt (4f8fbc51a1c0a17310846b417a447f91) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
09:27:45.0437 3500 UsbserFilt - ok
09:27:45.0437 3500 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:27:45.0453 3500 usbstor - ok
09:27:45.0468 3500 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
09:27:45.0500 3500 usbuhci - ok
09:27:45.0500 3500 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:27:45.0531 3500 VgaSave - ok
09:27:45.0531 3500 ViaIde - ok
09:27:45.0546 3500 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
09:27:45.0578 3500 VolSnap - ok
09:27:45.0593 3500 vsbus (1c8a783e90c34d205596f1ab4a97e261) C:\WINDOWS\system32\DRIVERS\vsb.sys
09:27:45.0625 3500 vsbus - ok
09:27:45.0640 3500 vserial (3377daa1cb8cac46a538c236f5f3d58f) C:\WINDOWS\system32\DRIVERS\vserial.sys
09:27:45.0687 3500 vserial - ok
09:27:45.0703 3500 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
09:27:45.0718 3500 VSS - ok
09:27:45.0734 3500 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
09:27:45.0750 3500 W32Time - ok
09:27:45.0765 3500 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:27:45.0781 3500 Wanarp - ok
09:27:45.0828 3500 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
09:27:45.0828 3500 Wdf01000 - ok
09:27:45.0843 3500 WDICA - ok
09:27:45.0875 3500 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:27:45.0890 3500 wdmaud - ok
09:27:45.0906 3500 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
09:27:45.0921 3500 WebClient - ok
09:27:45.0968 3500 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
09:27:45.0968 3500 winmgmt - ok
09:27:46.0000 3500 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\mspmsnsv.dll
09:27:46.0015 3500 WmdmPmSN - ok
09:27:46.0062 3500 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
09:27:46.0062 3500 Wmi - ok
09:27:46.0078 3500 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
09:27:46.0093 3500 WmiApSrv - ok
09:27:46.0171 3500 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
09:27:46.0187 3500 WMPNetworkSvc - ok
09:27:46.0265 3500 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
09:27:46.0281 3500 WpdUsb - ok
09:27:46.0312 3500 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
09:27:46.0328 3500 WS2IFSL - ok
09:27:46.0375 3500 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
09:27:46.0375 3500 wscsvc - ok
09:27:46.0406 3500 wuauserv (d29ad7484b98279ed21877de051a180f) C:\WINDOWS\system32\wuauserv.dll
09:27:46.0406 3500 wuauserv - ok
09:27:46.0437 3500 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:27:46.0437 3500 WudfPf - ok
09:27:46.0453 3500 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:27:46.0468 3500 WudfRd - ok
09:27:46.0484 3500 WudfSvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\WINDOWS\System32\WUDFSvc.dll
09:27:46.0484 3500 WudfSvc - ok
09:27:46.0531 3500 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
09:27:46.0531 3500 WZCSVC - ok
09:27:46.0562 3500 XMLDIUSB (2882b6fd4297219e2319e899dfc48a39) C:\WINDOWS\system32\Drivers\XMLDIUSB.sys
09:27:46.0593 3500 XMLDIUSB - ok
09:27:46.0609 3500 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
09:27:46.0609 3500 xmlprov - ok
09:27:46.0671 3500 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} (5867ce254625645345c833510d24f124) C:\Program Files\CyberLink\PowerDVD8\000.fcl
09:27:46.0687 3500 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} - ok
09:27:46.0703 3500 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
09:27:46.0734 3500 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
09:27:46.0734 3500 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
09:27:46.0734 3500 Boot (0x1200) (31cd89a401f5a67e66534cbf792cb8cc) \Device\Harddisk0\DR0\Partition0
09:27:46.0734 3500 \Device\Harddisk0\DR0\Partition0 - ok
09:27:46.0750 3500 Boot (0x1200) (05ac73eee8960b6652ea133c5cac4c96) \Device\Harddisk0\DR0\Partition1
09:27:46.0750 3500 \Device\Harddisk0\DR0\Partition1 - ok
09:27:46.0750 3500 ============================================================
09:27:46.0750 3500 Scan finished
09:27:46.0750 3500 ============================================================
09:27:46.0765 2460 Detected object count: 2
09:27:46.0765 2460 Actual detected object count: 2
09:29:08.0531 2460 sptd ( LockedFile.Multi.Generic ) - skipped by user
09:29:08.0531 2460 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
09:29:09.0031 2460 \Device\Harddisk0\DR0\# - copied to quarantine
09:29:09.0031 2460 \Device\Harddisk0\DR0 - copied to quarantine
09:29:09.0125 2460 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
09:29:09.0125 2460 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
09:29:09.0125 2460 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
09:29:09.0140 2460 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
09:29:09.0140 2460 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
09:29:09.0156 2460 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
09:29:11.0875 2460 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
09:29:13.0265 2460 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
09:29:14.0625 2460 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
09:29:15.0968 2460 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
09:29:17.0343 2460 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
09:29:18.0703 2460 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
09:29:20.0109 2460 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
09:29:21.0515 2460 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
09:29:21.0531 2460 \Device\Harddisk0\DR0\TDLFS\tdi32 - copied to quarantine
09:29:22.0921 2460 \Device\Harddisk0\DR0\TDLFS\tdi64 - copied to quarantine
09:29:24.0359 2460 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
09:29:24.0375 2460 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine
09:29:24.0406 2460 \Device\Harddisk0\DR0\TDLFS\com32 - copied to quarantine
09:29:24.0531 2460 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine
09:29:24.0593 2460 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine
09:29:24.0640 2460 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine
09:29:24.0656 2460 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
09:29:24.0875 2460 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine
09:29:24.0953 2460 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot
09:29:24.0953 2460 \Device\Harddisk0\DR0 - ok
09:29:24.0984 2460 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure
09:29:44.0234 2980 Deinitialize success



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-30 09:45:39
-----------------------------
09:45:39.953 OS Version: Windows 5.1.2600 Service Pack 3
09:45:39.953 Number of processors: 2 586 0xF02
09:45:39.953 ComputerName: BOJ UserName:
09:45:40.640 Initialize success
09:46:48.171 AVAST engine defs: 12072901
09:46:54.421 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
09:46:54.421 Disk 0 Vendor: Hitachi_HDT725032VLA360 V54OA7EA Size: 305244MB BusType: 3
09:46:54.421 Disk 0 MBR read successfully
09:46:54.421 Disk 0 MBR scan
09:46:54.421 Disk 0 Windows XP default MBR code
09:46:54.421 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 60000 MB offset 63
09:46:54.453 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 245242 MB offset 122881185
09:46:54.453 Disk 0 scanning sectors +625137345
09:46:54.531 Disk 0 scanning C:\WINDOWS\system32\drivers
09:47:10.078 Service scanning
09:47:24.421 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
09:47:27.984 Modules scanning
09:47:32.281 Disk 0 trace - called modules:
09:47:32.296 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sprc.sys >>UNKNOWN [0x8a846938]<<
09:47:32.296 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a807ab8]
09:47:32.296 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000064[0x8a7ce310]
09:47:32.296 5 ACPI.sys[b9e66620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a80b940]
09:47:32.593 AVAST engine scan C:\WINDOWS
09:47:45.468 AVAST engine scan C:\WINDOWS\system32
09:50:36.796 AVAST engine scan C:\WINDOWS\system32\drivers
09:50:55.156 AVAST engine scan C:\Documents and Settings\JURKO
09:54:23.781 AVAST engine scan C:\Documents and Settings\All Users
09:55:23.968 Scan finished successfully
10:01:48.812 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\JURKO\My Documents\MBR.dat"
10:01:48.812 The log file has been saved successfully to "C:\Documents and Settings\JURKO\My Documents\aswMBRlog.txt"

#18 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:56 PM

Posted 30 July 2012 - 12:28 PM

GREAT!! now lets see if combofix will now run


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#19 dajoker

dajoker
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:56 PM

Posted 31 July 2012 - 12:10 AM

ComboFix LOG:

ComboFix 12-07-30.03 - JURKO 31.07.2012 7:02.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.386.1033.18.2047.1350 [GMT 2:00]
Running from: c:\documents and settings\JURKO\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\ywiZALkI2i6SFk
C:\Thumbs.db
c:\windows\dasetup.log
c:\windows\system32\MUI\0424\tourstart.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-31 )))))))))))))))))))))))))))))))
.
.
2012-07-30 07:29 . 2012-07-30 07:29 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-27 08:35 . 2012-07-27 08:35 9821896 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-07-19 06:30 . 2012-07-19 06:30 -------- d-----w- c:\documents and settings\Administrator
2012-07-19 06:04 . 2012-07-19 06:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-19 06:04 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-16 07:22 . 2012-07-19 05:28 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-07-16 07:22 . 2012-07-19 05:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-07-16 06:20 . 2012-07-16 06:20 -------- d-----w- c:\documents and settings\JURKO\Application Data\Malwarebytes
2012-07-16 06:20 . 2012-07-16 06:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-07-10 11:01 . 2012-07-10 11:01 -------- d-----w- c:\documents and settings\JURKO\Application Data\Garmin
2012-07-10 11:00 . 2012-07-10 11:00 -------- d-----w- c:\program files\Garmin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 08:35 . 2012-04-02 04:59 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-27 08:35 . 2011-05-16 04:59 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 13:19 . 2007-09-20 04:49 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2009-09-08 11:12 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2009-09-08 11:12 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2009-09-08 11:12 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2007-09-20 04:49 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2009-09-08 11:12 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2009-09-08 11:12 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2007-09-20 04:49 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2007-09-20 04:49 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2007-09-20 04:48 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2007-09-20 04:49 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2009-09-08 11:12 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2009-09-08 11:12 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:18 . 2007-09-20 04:49 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 13:18 . 2007-09-20 04:49 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2007-09-20 04:49 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-07-31 04:58 . 2011-04-08 05:47 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-03-21 91432]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 16270848]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-10 8429568]
"nwiz"="nwiz.exe" [2007-05-10 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-10 81920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2011-08-30 624056]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-18 1848648]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"MFFSum_Pro_LL2"="c:\program files\Xerox Companion Suite\MFFSUM.exe" [2008-08-27 24576]
"MFPrintServer_Pro_LL2"="c:\program files\Xerox Companion Suite\MFPrintServer.exe" [2008-08-27 73728]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-11-13 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-11-13 46368]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"NSU_agent"="c:\program files\Nokia\Nokia Software Updater\nsu3ui_agent.exe" [2011-12-13 190768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Samsung.PCSync"="c:\program files\Samsung\Samsung PC Studio 7\PcSync2.exe" [2008-09-18 1294336]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\ODEON\\JAF\\JCOP.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8.9.2009 13:35 721904]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [20.2.2008 11:11 33800]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [1.2.2008 17:24 41456]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [20.2.2008 11:08 472320]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [19.7.2012 8:04 655944]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [19.7.2012 8:04 22344]
S2 FUSServices;Session Launcher Service;c:\windows\system32\FUSServices.exe [27.8.2008 4:53 10752]
S2 gupdate;Storitev Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [14.5.2010 14:39 136176]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [23.8.2001 14:00 3584]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2.4.2012 6:59 250056]
S3 FaxLffv2;Companion Suite Pro LL2 Modem Driver;c:\windows\system32\drivers\FaxLffv2.sys [3.12.2009 11:38 18944]
S3 gupdatem;Storitev Posodobitve za Google (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [14.5.2010 14:39 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [17.5.2012 7:01 113120]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [16.11.2011 10:00 137472]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [16.11.2011 10:00 8576]
S3 nmwcdsa;Samsung USB Phone Parent;c:\windows\system32\drivers\nmwcdsa.sys [21.12.2010 9:45 135680]
S3 nmwcdsac;Samsung USB Generic;c:\windows\system32\drivers\nmwcdsac.sys [21.12.2010 9:45 8320]
S3 nmwcdsacj;Samsung USB Port;c:\windows\system32\drivers\nmwcdsacj.sys [21.12.2010 9:45 12288]
S3 nmwcdsacm;Samsung USB Modem;c:\windows\system32\drivers\nmwcdsacm.sys [21.12.2010 9:45 12288]
S3 SSUSBDownload;SAMSUNG SYMBIAN USB Downloader Driver;c:\windows\system32\drivers\SSUSBDownload.sys [21.12.2010 9:45 17920]
S3 XMLDIUSB;XML USB Device Interface;c:\windows\system32\drivers\XMLDIUSB.sys [3.12.2009 11:38 33152]
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 08:35]
.
2012-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-14 12:39]
.
2012-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-14 12:39]
.
2012-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-879983540-725345543-1003Core.job
- c:\documents and settings\JURKO\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-17 06:59]
.
2012-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-879983540-725345543-1003UA.job
- c:\documents and settings\JURKO\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-17 06:59]
.
2012-07-31 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-10-23 20:18]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: Interfaces\{6A0A72F2-2A54-4389-9022-D6DD1388ACF5}: NameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\JURKO\Application Data\Mozilla\Firefox\Profiles\16q3jnbc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.si/
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-c4TkxD6ICpj7rN - c:\documents and settings\All Users\Application Data\c4TkxD6ICpj7rN.exe
HKCU-Run-ywiZALkI2i6SFk - c:\documents and settings\All Users\Application Data\ywiZALkI2i6SFk.exe
HKLM-Run-jMKcDoHSJxHTokD.exe - c:\documents and settings\All Users\Application Data\jMKcDoHSJxHTokD.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-31 07:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
Completion time: 2012-07-31 07:08:27
ComboFix-quarantined-files.txt 2012-07-31 05:08
.
Pre-Run: 28.164.546.560 bytes free
Post-Run: 28.480.221.184 prosto bajtov
.
- - End Of File - - 6667CAAD1C2B17D7ADEC7F206355F5C2

#20 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:56 PM

Posted 31 July 2012 - 12:15 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#21 dajoker

dajoker
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:56 PM

Posted 31 July 2012 - 12:37 AM

ComboFix 12-07-30.03 - JURKO 31.07.2012 7:30.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.386.1033.18.2047.1273 [GMT 2:00]
Running from: c:\documents and settings\JURKO\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\JURKO\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-31 )))))))))))))))))))))))))))))))
.
.
2012-07-30 07:29 . 2012-07-30 07:29 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-27 08:35 . 2012-07-27 08:35 9821896 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-07-19 06:30 . 2012-07-19 06:30 -------- d-----w- c:\documents and settings\Administrator
2012-07-19 06:04 . 2012-07-19 06:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-19 06:04 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-16 07:22 . 2012-07-19 05:28 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-07-16 07:22 . 2012-07-19 05:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-07-16 06:20 . 2012-07-16 06:20 -------- d-----w- c:\documents and settings\JURKO\Application Data\Malwarebytes
2012-07-16 06:20 . 2012-07-16 06:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-07-10 11:01 . 2012-07-10 11:01 -------- d-----w- c:\documents and settings\JURKO\Application Data\Garmin
2012-07-10 11:00 . 2012-07-10 11:00 -------- d-----w- c:\program files\Garmin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 08:35 . 2012-04-02 04:59 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-27 08:35 . 2011-05-16 04:59 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 13:19 . 2007-09-20 04:49 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2009-09-08 11:12 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2009-09-08 11:12 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2009-09-08 11:12 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2007-09-20 04:49 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2009-09-08 11:12 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2009-09-08 11:12 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2007-09-20 04:49 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2007-09-20 04:49 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2007-09-20 04:48 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2007-09-20 04:49 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2009-09-08 11:12 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2009-09-08 11:12 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:18 . 2007-09-20 04:49 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 13:18 . 2007-09-20 04:49 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2007-09-20 04:49 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-07-31 04:58 . 2011-04-08 05:47 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-03-21 91432]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 16270848]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-10 8429568]
"nwiz"="nwiz.exe" [2007-05-10 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-10 81920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2011-08-30 624056]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-18 1848648]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"MFFSum_Pro_LL2"="c:\program files\Xerox Companion Suite\MFFSUM.exe" [2008-08-27 24576]
"MFPrintServer_Pro_LL2"="c:\program files\Xerox Companion Suite\MFPrintServer.exe" [2008-08-27 73728]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-11-13 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-11-13 46368]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"NSU_agent"="c:\program files\Nokia\Nokia Software Updater\nsu3ui_agent.exe" [2011-12-13 190768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Samsung.PCSync"="c:\program files\Samsung\Samsung PC Studio 7\PcSync2.exe" [2008-09-18 1294336]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\ODEON\\JAF\\JCOP.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8.9.2009 13:35 721904]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [20.2.2008 11:11 33800]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [1.2.2008 17:24 41456]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [20.2.2008 11:08 472320]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [19.7.2012 8:04 655944]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [19.7.2012 8:04 22344]
S2 FUSServices;Session Launcher Service;c:\windows\system32\FUSServices.exe [27.8.2008 4:53 10752]
S2 gupdate;Storitev Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [14.5.2010 14:39 136176]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [23.8.2001 14:00 3584]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2.4.2012 6:59 250056]
S3 FaxLffv2;Companion Suite Pro LL2 Modem Driver;c:\windows\system32\drivers\FaxLffv2.sys [3.12.2009 11:38 18944]
S3 gupdatem;Storitev Posodobitve za Google (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [14.5.2010 14:39 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [17.5.2012 7:01 113120]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [16.11.2011 10:00 137472]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [16.11.2011 10:00 8576]
S3 nmwcdsa;Samsung USB Phone Parent;c:\windows\system32\drivers\nmwcdsa.sys [21.12.2010 9:45 135680]
S3 nmwcdsac;Samsung USB Generic;c:\windows\system32\drivers\nmwcdsac.sys [21.12.2010 9:45 8320]
S3 nmwcdsacj;Samsung USB Port;c:\windows\system32\drivers\nmwcdsacj.sys [21.12.2010 9:45 12288]
S3 nmwcdsacm;Samsung USB Modem;c:\windows\system32\drivers\nmwcdsacm.sys [21.12.2010 9:45 12288]
S3 SSUSBDownload;SAMSUNG SYMBIAN USB Downloader Driver;c:\windows\system32\drivers\SSUSBDownload.sys [21.12.2010 9:45 17920]
S3 XMLDIUSB;XML USB Device Interface;c:\windows\system32\drivers\XMLDIUSB.sys [3.12.2009 11:38 33152]
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 08:35]
.
2012-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-14 12:39]
.
2012-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-14 12:39]
.
2012-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-879983540-725345543-1003Core.job
- c:\documents and settings\JURKO\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-17 06:59]
.
2012-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-879983540-725345543-1003UA.job
- c:\documents and settings\JURKO\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-17 06:59]
.
2012-07-31 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-10-23 20:18]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: Interfaces\{6A0A72F2-2A54-4389-9022-D6DD1388ACF5}: NameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\JURKO\Application Data\Mozilla\Firefox\Profiles\16q3jnbc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.si/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-31 07:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2776)
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Completion time: 2012-07-31 07:35:00
ComboFix-quarantined-files.txt 2012-07-31 05:34
ComboFix2.txt 2012-07-31 05:08
.
Pre-Run: 28.489.949.184 bytes free
Post-Run: 28.497.743.872 prosto bajtov
.
- - End Of File - - B30B8938E941E4490139E364C861B236



There was no problems, I'll restart PC now and I'll let you know how is working.

#22 dajoker

dajoker
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:56 PM

Posted 31 July 2012 - 12:40 AM

Well it's faster, starts sooner. There's no more warnings or blocked connections... Feels good :)

#23 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:56 PM

Posted 31 July 2012 - 12:56 AM

Hello

And the reports are looking good!!

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#24 dajoker

dajoker
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:56 PM

Posted 31 July 2012 - 01:04 AM

ABBYY FineReader 8.0 Professional Edition
AC3Filter (remove only)
Adobe Acrobat 8 Professional - English, Français, Deutsch
Adobe Acrobat 8.3.1 - CPSID_83708
Adobe Acrobat 8.3.1 Professional
Adobe Flash Player 11 Plugin
Adobe Flash Player 9 ActiveX
Adobe Photoshop 7.0
Adobe Shockwave Player 11.5
µTorrent
AutoCAD 2008 - English
Autodesk DWF Viewer 7
Canon iP4600 series Printer Driver
Canon iP4600 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
CD-LabelPrint
CorelDRAW Graphics Suite X3
CyberLink PowerDVD 8
Deluxe Ski Jump 3 v1.7.0
Deluxe Ski Jump 4 Beta-2
Diskeeper 2008 Pro Premier
DLSBox2000eng
Electronics Workbench V5.12
EN
ESET NOD32 Antivirus
ffdshow [rev 3055] [2009-08-16]
FontNav
FormatFactory 2.70
Garmin POI Loader
Garmin USB Drivers
Google Chrome
Google SketchUp Pro 8
Google Update Helper
Google Zemlja
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
JAF Setup
Java Auto Updater
Java™ 6 Update 31
K-Lite Codec Pack 4.7.5 (Basic)
Lexmark Software Uninstall
Malwarebytes Anti-Malware različica 1.62.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access MUI (Slovenian) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel MUI (Slovenian) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove MUI (Slovenian) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office InfoPath MUI (Slovenian) 2007
Microsoft Office Language Pack 2007 - Slovenian/slovenščina
Microsoft Office O MUI (Slovenian) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office OneNote MUI (Slovenian) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office Outlook MUI (Slovenian) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (Slovenian) 2007
Microsoft Office Proof (Croatian) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proof (Slovenian) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (Slovenian) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Publisher MUI (Slovenian) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (Slovenian) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office Word MUI (Slovenian) 2007
Microsoft Office X MUI (Slovenian) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Software Update for Web Folders (Slovenian) 12
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft_VC100_CRT_SP1_x86
Mozilla Firefox 14.0.1 (x86 sl)
Mozilla Maintenance Service
MSVC80_x86
MSVC80_x86_v2
MSVC90_x86
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
MSXML 6 Service Pack 2 (KB973686)
Nero 8 Lite 8.3.6.0
NOD32 v3.0.642 FiX1.2 by TemDono (31 days remaining forever up
Nokia Connectivity Cable Driver
Nokia Software Updater
Nokia Suite
NVIDIA Drivers
PC Connectivity Solution
Photomatix Pro version 3.2.6
PhotoScape
QLink
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Recover My Files
Samsung PC Studio 7
SAMSUNG SYMBIAN USB Download Driver
SamsungConnectivityCableDriver
ScanSoft PaperPort 11
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Ski Challenge 2010 (zurnal24.si)
Skype™ 5.3
Software Update for Web Folders
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Manager
VBA
VBA (2627.01)
VLC media player 1.0.5
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Internet Explorer 7 Language Interface Pack (SLV)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows XP Service Pack 3
WinRAR archiver
Xerox Phaser 3100MFP
Xerox Phaser 3100MFP Drivers
Xvid 1.2.2 final uninstall
Your Uninstaller! 2008 Version 6.0
YouTube Downloader 3.4

#25 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:56 PM

Posted 31 July 2012 - 01:06 AM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

µTorrent
Java™ 6 Update 31
NOD32 v3.0.642 FiX1.2 by TemDono (31 days remaining forever up
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#26 dajoker

dajoker
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:56 PM

Posted 31 July 2012 - 01:42 AM

Well I did everything;

Malwarebytes Anti-Malware (Preskusna različica.) 1.62.0.1300
www.malwarebytes.org

Različica baze: v2012.07.31.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.11
JURKO :: BOJ [skrbnik]

Zaščita: Omogočena

31.7.2012 8:33:24
mbam-log-2012-07-31 (08-33-24).txt

Tip pregleda: Hitri pregled
Možnosti pregleda omogočene: Spomin | Zagon | Register | Datotečni sistem | Hevristika/Dodatno | Hevristika/Shuriken | PUP | PUM
Možnosti pregleda onemogočene: P2P
Preverjenih objektov: 208797
Pretečen čas: 3 minut, 45 sekund

Odkritih spominskih procesov: 0
(Ni bilo najdenih zlonamernih objektov)

Odkritih spominskih modulov: 0
(Ni bilo najdenih zlonamernih objektov)

Odkritih ključev registra: 0
(Ni bilo najdenih zlonamernih objektov)

Odkritih vrednosti registra: 0
(Ni bilo najdenih zlonamernih objektov)

Odkritih vnosov v register: 0
(Ni bilo najdenih zlonamernih objektov)

Odkritih map: 0
(Ni bilo najdenih zlonamernih objektov)

Odkritih datotek: 0
(Ni bilo najdenih zlonamernih objektov)

(konec)






Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:39:27, on 31.7.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20583)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Xerox Companion Suite\MFFSUM.exe
C:\Program Files\Xerox Companion Suite\MFPrintServer.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Xerox Companion Suite\MFServices.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\LF2GRPOW.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\FUSServices.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\JURKO\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MFFSum_Pro_LL2] "C:\Program Files\Xerox Companion Suite\MFFSUM.exe"
O4 - HKLM\..\Run: [MFPrintServer_Pro_LL2] "C:\Program Files\Xerox Companion Suite\MFPrintServer.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NSU_agent] "C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Samsung.PCSync] "C:\Program Files\Samsung\Samsung PC Studio 7\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{6A0A72F2-2A54-4389-9022-D6DD1388ACF5}: NameServer = 192.168.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Session Launcher Service (FUSServices) - Unknown owner - C:\WINDOWS\system32\FUSServices.exe
O23 - Service: Storitev Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Storitev Posodobitve za Google (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 10707 bytes

#27 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:56 PM

Posted 31 July 2012 - 01:46 AM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
      O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
      O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
      O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
      O4 - HKLM\..\Run: [NSU_agent] "C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKUS\S-1-5-18\..\Run: [Samsung.PCSync] "C:\Program Files\Samsung\Samsung PC Studio 7\PcSync2.exe" /NoDialog (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#28 dajoker

dajoker
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:56 PM

Posted 31 July 2012 - 03:14 AM

C:\Documents and Settings\JURKO\My Documents\Prenosi\YouTubeDownloaderSetup271.exe a variant of Win32/Toolbar.Widgi application
C:\Documents and Settings\JURKO\My Documents\Prenosi\YouTubeDownloaderSetup33.exe a variant of Win32/Toolbar.Widgi application
I:\Prenosi\YouTubeDownloaderSetup265.exe a variant of Win32/Toolbar.Widgi application

#29 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:56 PM

Posted 31 July 2012 - 03:30 AM

Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    del /f /s /q "C:\Documents and Settings\JURKO\My Documents\Prenosi\YouTubeDownloaderSetup271.exe"
    del /f /s /q "C:\Documents and Settings\JURKO\My Documents\Prenosi\YouTubeDownloaderSetup33.exe"
    del /f /s /q "I:\Prenosi\YouTubeDownloaderSetup265.exe"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.




Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)


    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#30 dajoker

dajoker
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:56 PM

Posted 31 July 2012 - 04:00 AM

Great! I was about to format PC and reinstall it, but this worked. Thanks! You know your way around those programs and I'm glad you helped me. It's very nice what you guys do here!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users