Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Laptop infected: ZAccess.V, ATRAPS.Gen, ATRAPS.Gen2


  • This topic is locked This topic is locked
14 replies to this topic

#1 Evewup

Evewup

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:20 AM

Posted 13 August 2012 - 01:26 PM

Hello,

my fiancée's laptop has been infected by ZAccess.V, ATRAPS.Gen and ATRAPS.Gen2 after activating an Adobe Add-In for IE9. I tried to remove them with AVIRA but didn't succeed. So I would appreciate any help. :-)

As explained in the preparation guide I tried to make the required logs, but GMER always failes after a few minutes - sometimes followed by a Windows bluescreen (which changes to black within 2-3 secs, so I sadly cannot tell you the text).

Here's the DDS.txt log:

=================================================================================================================

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Eva at 18:36:47 on 2012-08-13
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2045.1278 [GMT 2:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\LEXBCES.EXE
C:\Windows\System32\LEXPPS.EXE
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\System32\vds.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.de/
uWindow Title = Internet Explorer bereitgestellt von Dell
uDefault_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=3080713
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
uRun: [DATE37C.tmp.exe] c:\users\eva\appdata\local\temp\DATE37C.tmp.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [<NO NAME>]
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [Launcher] c:\program files\dell datasafe local backup\components\scheduler\Launcher.exe
StartupFolder: c:\users\eva\appdata\roaming\micros~1\windows\startm~1\programs\startup\yahoo!~1.lnk - c:\program files\yahoo!\widgets\YahooWidgets.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{60A7EA07-06FC-4607-9EBA-85209AF9DABE} : DhcpNameServer = 192.168.1.1
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-10-16 36000]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_f6ef8056\AEstSrv.exe [2012-2-17 81920]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-26 176128]
R2 AntiVirSchedulerService;Avira Planer;c:\program files\avira\antivir desktop\sched.exe [2011-10-16 86224]
R2 AntiVirService;Avira Echtzeit Scanner;c:\program files\avira\antivir desktop\avguard.exe [2011-10-16 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-10-16 83392]
R2 FontCache;Windows-Dienst für Schriftartencache;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 SftService;SoftThinks Agent Service;c:\program files\dell datasafe local backup\SftService.exe [2010-12-12 689472]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-11-26 6650368]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-11-26 231936]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2008-7-13 54784]
R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2008-7-13 203264]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2009-3-6 133632]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2009-3-8 280096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-3 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-4 250056]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-7-13 30192]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-3 135664]
S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2008-1-21 987648]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2008-1-21 251904]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-08-08 16:47:12 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f90d1d27-e6a7-45f9-9e0f-83face4e4fdc}\mpengine.dll
2012-08-05 06:36:34 -------- d-----w- c:\program files\iPod
2012-08-05 06:36:31 -------- d-----w- c:\program files\iTunes
.
==================== Find3M ====================
.
2012-08-12 07:42:07 279552 ----a-w- c:\windows\system32\services.exe
2012-08-02 18:24:53 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-02 18:24:53 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-13 13:40:21 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 16:47:28 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47:27 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:26:04 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 00:04:25 278528 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:03:42 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-31 10:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 18:39:02,52 ===============

Attached Files


Edited by Evewup, 13 August 2012 - 01:28 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:20 AM

Posted 14 August 2012 - 01:21 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Evewup

Evewup
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:20 AM

Posted 14 August 2012 - 11:05 AM

Hello Gringo,
many thanks in advance for your help!

Problems:
Combofix wanted me to deactivate Avira, so I first deactivated the realtime scan and then (Combofix still complaining) I took Avira out of the autostart and restarted the computer. Even now combofix kept complaining about Avira, but as it was definitely not running anymore I started the Combofix scan.
Shortly before closing the last window, Combofix wrote the following warning twice: "SED: can't read catchlog: No such file or directory".

Computer doing now:
Working fine, no virus warnings from Avira, Firewall working again.

Log from Combofix:
(the laptop language is set to German, so most of the log comments are in German as well)
==========================================================================================


ComboFix 12-08-14.01 - Eva 14.08.2012 17:23:41.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2045.1026 [GMT 2:00]
ausgeführt von:: c:\users\Eva\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Eva\AppData\Local\{940ece40-c7ca-1720-e8f6-87aab5237d71}
c:\users\Eva\AppData\Local\{940ece40-c7ca-1720-e8f6-87aab5237d71}\@
c:\users\Eva\AppData\Local\{940ece40-c7ca-1720-e8f6-87aab5237d71}\n
c:\users\Eva\AppData\Local\{940ece40-c7ca-1720-e8f6-87aab5237d71}\U\00000001.@
c:\users\Eva\AppData\Local\{940ece40-c7ca-1720-e8f6-87aab5237d71}\U\80000000.@
c:\users\Eva\AppData\Local\{940ece40-c7ca-1720-e8f6-87aab5237d71}\U\800000cb.@
c:\users\Eva\AppData\Local\Temp\DATE37C.tmp.exe
c:\windows\Installer\{940ece40-c7ca-1720-e8f6-87aab5237d71}
c:\windows\Installer\{940ece40-c7ca-1720-e8f6-87aab5237d71}\@
c:\windows\Installer\{940ece40-c7ca-1720-e8f6-87aab5237d71}\n
c:\windows\IsUn0407.exe
c:\windows\security\Database\tmp.edb
c:\windows\system32\
c:\windows\system32\spool\prtprocs\w32x86\LXAIPP5C.DLL
D:\AUTORUN.INF
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-07-14 bis 2012-08-14 ))))))))))))))))))))))))))))))
.
.
2012-08-14 15:37 . 2012-08-14 15:37 9310 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2012-08-14 15:37 . 2012-08-14 15:37 8646 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2012-08-14 15:37 . 2012-08-14 15:37 6429 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2012-08-14 15:37 . 2012-08-14 15:37 63115 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2012-08-14 15:37 . 2012-08-14 15:37 5927 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2012-08-14 15:35 . 2012-08-14 15:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-08 16:47 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F90D1D27-E6A7-45F9-9E0F-83FACE4E4FDC}\mpengine.dll
2012-08-05 06:36 . 2012-08-05 06:36 -------- d-----w- c:\program files\iPod
2012-08-05 06:36 . 2012-08-05 06:38 -------- d-----w- c:\program files\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-12 07:42 . 2009-09-27 13:20 279552 ----a-w- c:\windows\system32\services.exe
2012-08-02 18:24 . 2012-04-04 18:02 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-02 18:24 . 2011-06-10 11:52 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-13 13:40 . 2012-07-12 17:28 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 16:47 . 2012-07-12 16:27 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47 . 2012-07-12 16:27 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:26 . 2012-07-12 16:27 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:19 . 2012-06-22 11:28 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 11:28 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 11:28 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 11:28 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-22 11:28 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-22 11:28 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-22 11:28 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-22 11:27 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-22 11:27 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 08:33 . 2012-07-12 17:24 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25 . 2012-07-12 17:24 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25 . 2012-07-12 17:24 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20 . 2012-07-12 17:24 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16 . 2012-07-12 17:24 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 00:04 . 2012-07-12 16:27 278528 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:03 . 2012-07-12 16:27 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-31 10:25 . 2009-10-03 15:36 237072 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-03-11 163840]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-03-12 3563520]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-16 483428]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-07-20 165184]
.
c:\users\Eva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-19 4742184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-07-13 13:01 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKLM\~\startupfolder\C:^Users^Eva^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Yahoo! Widgets.lnk]
path=c:\users\Eva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widgets.lnk
backup=c:\windows\pss\Yahoo! Widgets.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-14 23:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-05-30 18:06 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2012-08-08 16:41 348664 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-10-01 15:13 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-06-09 18:55 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2009-03-25 11:30 1840424 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-07 17:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OA001Cfg.exe]
2008-09-23 15:01 32768 ----a-w- c:\windows\OA001Cfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2008-01-14 09:13 132392 ------w- c:\program files\Dell\MediaDirect\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PE2CKFNT]
1998-07-03 10:51 25088 ----a-w- c:\program files\Ulead Systems\Ulead Photo Express 2\ChkFont.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-18 18:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 12:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-01-12 21:41 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 18:25]
.
2012-08-12 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-21 16:03]
.
2012-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-03 19:49]
.
2012-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-03 19:49]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-Wdf01000.sys
MSConfigStartUp-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
MSConfigStartUp-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
AddRemove-Pharaoh - c:\windows\IsUn0407.exe
AddRemove-SCHLECKER Foto Digital Service - c:\users\Eva\Desktop\Schlecker Fotobuch\SCHLECKER Foto Digital Service\uninstall.exe
AddRemove-Ulead Photo Express 2.0 - c:\windows\IsUn0407.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
.
.
.
**************************************************************************
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien:
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(4636)
c:\program files\Sony Ericsson\Mobile\File Manager\fmgrgui.dll
c:\program files\Sony Ericsson\Mobile\File Manager\fmgrguil.dll
c:\program files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
c:\program files\ATI Technologies\ATI.ACE\Core-Static\atiamDEU.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\atiesrxx.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
c:\windows\system32\atieclxx.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\System32\LEXBCES.EXE
c:\windows\System32\LEXPPS.EXE
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Dell DataSafe Local Backup\sftservice.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conime.exe
c:\program files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
c:\windows\System32\vds.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Apple\Apple Application Support\distnoted.exe
c:\windows\ehome\mcupdate.EXE
c:\windows\servicing\TrustedInstaller.exe
c:\windows\System32\mspaint.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-08-14 17:48:36 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-08-14 15:46
.
Vor Suchlauf: 31 Verzeichnis(se), 88.048.017.408 Bytes frei
Nach Suchlauf: 38 Verzeichnis(se), 87.941.132.288 Bytes frei
.
- - End Of File - - 2D4752E0D24D674D28F5DE176F183F41

Edited by Evewup, 14 August 2012 - 11:23 AM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:20 AM

Posted 14 August 2012 - 12:47 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Evewup

Evewup
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:20 AM

Posted 14 August 2012 - 11:12 PM

Good morning Gringo,
here are the logs you wanted:


tdsskiller:
======================================================================================================================================

22:52:26.0072 4012 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
22:52:26.0196 4012 ============================================================
22:52:26.0196 4012 Current date / time: 2012/08/14 22:52:26.0196
22:52:26.0196 4012 SystemInfo:
22:52:26.0196 4012
22:52:26.0196 4012 OS Version: 6.0.6002 ServicePack: 2.0
22:52:26.0196 4012 Product type: Workstation
22:52:26.0196 4012 ComputerName: EVA-PC
22:52:26.0196 4012 UserName: Eva
22:52:26.0196 4012 Windows directory: C:\Windows
22:52:26.0196 4012 System windows directory: C:\Windows
22:52:26.0196 4012 Processor architecture: Intel x86
22:52:26.0196 4012 Number of processors: 2
22:52:26.0196 4012 Page size: 0x1000
22:52:26.0196 4012 Boot type: Normal boot
22:52:26.0196 4012 ============================================================
22:52:27.0569 4012 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:52:27.0585 4012 ============================================================
22:52:27.0585 4012 \Device\Harddisk0\DR0:
22:52:27.0585 4012 MBR partitions:
22:52:27.0585 4012 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x43000, BlocksNum 0x1400000
22:52:27.0585 4012 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1443000, BlocksNum 0x1BD82000
22:52:27.0585 4012 ============================================================
22:52:27.0663 4012 C: <-> \Device\Harddisk0\DR0\Partition2
22:52:27.0803 4012 D: <-> \Device\Harddisk0\DR0\Partition1
22:52:27.0803 4012 ============================================================
22:52:27.0803 4012 Initialize success
22:52:27.0803 4012 ============================================================
22:52:37.0539 4184 ============================================================
22:52:37.0539 4184 Scan started
22:52:37.0539 4184 Mode: Manual;
22:52:37.0539 4184 ============================================================
22:52:43.0201 4572 ============================================================
22:52:43.0201 4572 Scan started
22:52:43.0201 4572 Mode: Manual;
22:52:43.0201 4572 ============================================================
22:52:44.0668 4572 ================ Scan services =============================
22:52:44.0793 4572 ACPI - ok
22:52:44.0808 4572 AdobeFlashPlayerUpdateSvc - ok
22:52:44.0824 4572 adp94xx - ok
22:52:44.0855 4572 adpahci - ok
22:52:44.0855 4572 adpu160m - ok
22:52:44.0871 4572 adpu320 - ok
22:52:44.0902 4572 AeLookupSvc - ok
22:52:44.0917 4572 AESTFilters - ok
22:52:44.0949 4572 AFD - ok
22:52:44.0964 4572 agp440 - ok
22:52:44.0980 4572 aic78xx - ok
22:52:44.0980 4572 ALG - ok
22:52:44.0995 4572 aliide - ok
22:52:45.0167 4572 AMD External Events Utility - ok
22:52:45.0198 4572 amdagp - ok
22:52:45.0198 4572 amdide - ok
22:52:45.0214 4572 AmdK7 - ok
22:52:45.0229 4572 AmdK8 - ok
22:52:45.0229 4572 amdkmdag - ok
22:52:45.0245 4572 amdkmdap - ok
22:52:45.0401 4572 [ 466a0d95960dad3222c896d2cea99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
22:52:45.0417 4572 AntiVirSchedulerService - ok
22:52:45.0541 4572 [ a489be6bb0aa1ff406b488b60542314b ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
22:52:45.0557 4572 AntiVirService - ok
22:52:45.0557 4572 ApfiltrService - ok
22:52:45.0635 4572 Appinfo - ok
22:52:45.0729 4572 [ f401929ee0cc92bfe7f15161ca535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:52:45.0744 4572 Apple Mobile Device - ok
22:52:45.0900 4572 arc - ok
22:52:45.0916 4572 arcsas - ok
22:52:45.0931 4572 AsyncMac - ok
22:52:45.0947 4572 atapi - ok
22:52:45.0963 4572 atikmdag - ok
22:52:46.0041 4572 atksgt - ok
22:52:46.0181 4572 AudioEndpointBuilder - ok
22:52:46.0181 4572 Audiosrv - ok
22:52:46.0197 4572 avgntflt - ok
22:52:46.0197 4572 avipbb - ok
22:52:46.0212 4572 avkmgr - ok
22:52:46.0275 4572 BCM42RLY - ok
22:52:46.0368 4572 BCM43XX - ok
22:52:46.0446 4572 Beep - ok
22:52:46.0524 4572 BFE - ok
22:52:46.0540 4572 blbdrive - ok
22:52:46.0665 4572 [ db5bea73edaf19ac68b2c0fad0f92b1a ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:52:46.0727 4572 Bonjour Service - ok
22:52:46.0774 4572 bowser - ok
22:52:46.0821 4572 BrFiltLo - ok
22:52:46.0836 4572 BrFiltUp - ok
22:52:46.0852 4572 Browser - ok
22:52:46.0914 4572 Brserid - ok
22:52:46.0930 4572 BrSerWdm - ok
22:52:46.0930 4572 BrUsbMdm - ok
22:52:46.0945 4572 BrUsbSer - ok
22:52:46.0961 4572 BTHMODEM - ok
22:52:47.0008 4572 BVRPMPR5 - ok
22:52:47.0039 4572 catchme - ok
22:52:47.0070 4572 cdfs - ok
22:52:47.0101 4572 cdrom - ok
22:52:47.0133 4572 CertPropSvc - ok
22:52:47.0148 4572 circlass - ok
22:52:47.0148 4572 CLFS - ok
22:52:47.0164 4572 clr_optimization_v2.0.50727_32 - ok
22:52:47.0179 4572 clr_optimization_v4.0.30319_32 - ok
22:52:47.0320 4572 CmBatt - ok
22:52:47.0335 4572 cmdide - ok
22:52:47.0335 4572 Compbatt - ok
22:52:47.0523 4572 COMSysApp - ok
22:52:47.0523 4572 crcdisk - ok
22:52:47.0538 4572 Crusoe - ok
22:52:47.0554 4572 CryptSvc - ok
22:52:47.0585 4572 DcomLaunch - ok
22:52:47.0601 4572 DfsC - ok
22:52:47.0663 4572 DFSR - ok
22:52:47.0772 4572 Dhcp - ok
22:52:47.0803 4572 disk - ok
22:52:47.0819 4572 Dnscache - ok
22:52:47.0835 4572 dot3svc - ok
22:52:47.0944 4572 Dot4 - ok
22:52:47.0944 4572 Dot4Print - ok
22:52:47.0959 4572 dot4usb - ok
22:52:48.0053 4572 DPS - ok
22:52:48.0069 4572 drmkaud - ok
22:52:48.0069 4572 DXGKrnl - ok
22:52:48.0147 4572 e1express - ok
22:52:48.0178 4572 E1G60 - ok
22:52:48.0178 4572 EapHost - ok
22:52:48.0240 4572 Ecache - ok
22:52:48.0256 4572 ehRecvr - ok
22:52:48.0256 4572 ehSched - ok
22:52:48.0271 4572 ehstart - ok
22:52:48.0303 4572 elxstor - ok
22:52:48.0318 4572 EMDMgmt - ok
22:52:48.0318 4572 ErrDev - ok
22:52:48.0334 4572 EventSystem - ok
22:52:48.0365 4572 exfat - ok
22:52:48.0365 4572 fastfat - ok
22:52:48.0396 4572 fdc - ok
22:52:48.0412 4572 fdPHost - ok
22:52:48.0412 4572 FDResPub - ok
22:52:48.0427 4572 FileInfo - ok
22:52:48.0427 4572 Filetrace - ok
22:52:48.0443 4572 flpydisk - ok
22:52:48.0443 4572 FltMgr - ok
22:52:48.0474 4572 FontCache - ok
22:52:48.0490 4572 FontCache3.0.0.0 - ok
22:52:48.0505 4572 Fs_Rec - ok
22:52:48.0521 4572 gagp30kx - ok
22:52:48.0537 4572 GEARAspiWDM - ok
22:52:48.0724 4572 [ 9f5f2f0fb0a7f5aa9f16b9a7b6dad89f ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
22:52:48.0786 4572 GoogleDesktopManager-051210-111108 - ok
22:52:48.0864 4572 [ d3316f6e3c011435f36e3d6e49b3196c ] GoToAssist C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
22:52:48.0880 4572 GoToAssist - ok
22:52:48.0880 4572 gpsvc - ok
22:52:48.0973 4572 [ 8f0de4fef8201e306f9938b0905ac96a ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
22:52:49.0005 4572 gupdate - ok
22:52:49.0067 4572 [ 8f0de4fef8201e306f9938b0905ac96a ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
22:52:49.0067 4572 gupdatem - ok
22:52:49.0223 4572 [ 408ddd80eede47175f6844817b90213e ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
22:52:49.0317 4572 gusvc - ok
22:52:49.0379 4572 HdAudAddService - ok
22:52:49.0379 4572 HDAudBus - ok
22:52:49.0395 4572 HidBth - ok
22:52:49.0410 4572 HidIr - ok
22:52:49.0410 4572 hidserv - ok
22:52:49.0426 4572 HidUsb - ok
22:52:49.0426 4572 hkmsvc - ok
22:52:49.0441 4572 HpCISSs - ok
22:52:49.0785 4572 [ 0a3c6aa4a9fc38c20ba4eac2c3351c05 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
22:52:49.0785 4572 hpqcxs08 - ok
22:52:49.0878 4572 [ 7da3211ac63edd90b8eca1ca1abfd43b ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
22:52:49.0894 4572 hpqddsvc - ok
22:52:50.0175 4572 [ 14229263aa19c704e0d6d2e7404a8455 ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
22:52:50.0206 4572 HPSLPSVC - ok
22:52:50.0206 4572 HTTP - ok
22:52:50.0221 4572 i2omp - ok
22:52:50.0268 4572 i8042prt - ok
22:52:50.0331 4572 [ 72b53e9c8924949dec8f3799bcba2251 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
22:52:50.0362 4572 IAANTMON - ok
22:52:50.0362 4572 iaStor - ok
22:52:50.0377 4572 iaStorV - ok
22:52:50.0596 4572 [ 1cf03c69b49acb70c722df92755c0c8c ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
22:52:50.0830 4572 IDriverT - ok
22:52:50.0830 4572 idsvc - ok
22:52:50.0845 4572 iirsp - ok
22:52:50.0877 4572 IKEEXT - ok
22:52:50.0955 4572 intelide - ok
22:52:50.0970 4572 intelppm - ok
22:52:50.0970 4572 IPBusEnum - ok
22:52:51.0048 4572 IpFilterDriver - ok
22:52:51.0064 4572 iphlpsvc - ok
22:52:51.0064 4572 IpInIp - ok
22:52:51.0079 4572 IPMIDRV - ok
22:52:51.0095 4572 IPNAT - ok
22:52:51.0189 4572 [ e6be7a41a28d8f2db174957454d32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
22:52:51.0220 4572 iPod Service - ok
22:52:51.0220 4572 IRENUM - ok
22:52:51.0235 4572 isapnp - ok
22:52:51.0282 4572 iScsiPrt - ok
22:52:51.0298 4572 iteatapi - ok
22:52:51.0298 4572 itecir - ok
22:52:51.0313 4572 iteraid - ok
22:52:51.0313 4572 k57nd60x - ok
22:52:51.0360 4572 k750bus - ok
22:52:51.0360 4572 kbdclass - ok
22:52:51.0376 4572 kbdhid - ok
22:52:51.0376 4572 KeyIso - ok
22:52:51.0391 4572 KSecDD - ok
22:52:51.0407 4572 KtmRm - ok
22:52:51.0423 4572 LanmanServer - ok
22:52:51.0438 4572 LanmanWorkstation - ok
22:52:51.0454 4572 LexBceS - ok
22:52:51.0485 4572 lirsgt - ok
22:52:51.0501 4572 lltdio - ok
22:52:51.0516 4572 lltdsvc - ok
22:52:51.0516 4572 lmhosts - ok
22:52:51.0532 4572 LSI_FC - ok
22:52:51.0547 4572 LSI_SAS - ok
22:52:51.0547 4572 LSI_SCSI - ok
22:52:51.0563 4572 luafv - ok
22:52:51.0563 4572 Mcx2Svc - ok
22:52:51.0641 4572 megasas - ok
22:52:51.0641 4572 MegaSR - ok
22:52:51.0657 4572 MMCSS - ok
22:52:51.0657 4572 Modem - ok
22:52:51.0672 4572 monitor - ok
22:52:51.0688 4572 mouclass - ok
22:52:51.0688 4572 mouhid - ok
22:52:51.0703 4572 MountMgr - ok
22:52:51.0719 4572 mpio - ok
22:52:51.0735 4572 mpsdrv - ok
22:52:51.0828 4572 MpsSvc - ok
22:52:51.0828 4572 Mraid35x - ok
22:52:51.0844 4572 MRxDAV - ok
22:52:51.0859 4572 mrxsmb - ok
22:52:51.0859 4572 mrxsmb10 - ok
22:52:51.0875 4572 mrxsmb20 - ok
22:52:51.0875 4572 msahci - ok
22:52:51.0891 4572 msdsm - ok
22:52:51.0906 4572 MSDTC - ok
22:52:51.0922 4572 Msfs - ok
22:52:51.0922 4572 msisadrv - ok
22:52:51.0937 4572 MSiSCSI - ok
22:52:51.0953 4572 msiserver - ok
22:52:52.0000 4572 MSKSSRV - ok
22:52:52.0015 4572 MSPCLOCK - ok
22:52:52.0031 4572 MSPQM - ok
22:52:52.0031 4572 MsRPC - ok
22:52:52.0047 4572 mssmbios - ok
22:52:52.0078 4572 MSTEE - ok
22:52:52.0078 4572 Mup - ok
22:52:52.0093 4572 napagent - ok
22:52:52.0171 4572 NativeWifiP - ok
22:52:52.0171 4572 NDIS - ok
22:52:52.0187 4572 NdisTapi - ok
22:52:52.0203 4572 Ndisuio - ok
22:52:52.0218 4572 NdisWan - ok
22:52:52.0234 4572 NDProxy - ok
22:52:52.0296 4572 Net Driver HPZ12 - ok
22:52:52.0312 4572 NetBIOS - ok
22:52:52.0327 4572 netbt - ok
22:52:52.0327 4572 Netlogon - ok
22:52:52.0343 4572 Netman - ok
22:52:52.0343 4572 netprofm - ok
22:52:52.0359 4572 NetTcpPortSharing - ok
22:52:52.0374 4572 nfrd960 - ok
22:52:52.0374 4572 NlaSvc - ok
22:52:52.0671 4572 [ 37a39e3271842bae754540fe004d9cb5 ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
22:52:52.0780 4572 NMIndexingService - ok
22:52:52.0827 4572 Npfs - ok
22:52:52.0842 4572 nsi - ok
22:52:52.0842 4572 nsiproxy - ok
22:52:52.0873 4572 Ntfs - ok
22:52:52.0889 4572 ntrigdigi - ok
22:52:52.0905 4572 Null - ok
22:52:52.0905 4572 nvraid - ok
22:52:52.0920 4572 nvstor - ok
22:52:52.0920 4572 nv_agp - ok
22:52:52.0936 4572 NwlnkFlt - ok
22:52:52.0951 4572 NwlnkFwd - ok
22:52:52.0983 4572 OA001Ufd - ok
22:52:52.0998 4572 OA001Vid - ok
22:52:52.0998 4572 ohci1394 - ok
22:52:53.0092 4572 [ 7a56cf3e3f12e8af599963b16f50fb6a ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:52:53.0170 4572 ose - ok
22:52:53.0201 4572 p2pimsvc - ok
22:52:53.0201 4572 p2psvc - ok
22:52:53.0217 4572 Parport - ok
22:52:53.0232 4572 partmgr - ok
22:52:53.0232 4572 Parvdm - ok
22:52:53.0248 4572 PcaSvc - ok
22:52:53.0248 4572 pci - ok
22:52:53.0263 4572 pciide - ok
22:52:53.0279 4572 pcmcia - ok
22:52:53.0326 4572 PEAUTH - ok
22:52:53.0357 4572 pla - ok
22:52:53.0373 4572 PlugPlay - ok
22:52:53.0388 4572 Pml Driver HPZ12 - ok
22:52:53.0388 4572 PNRPAutoReg - ok
22:52:53.0404 4572 PNRPsvc - ok
22:52:53.0419 4572 PolicyAgent - ok
22:52:53.0435 4572 PptpMiniport - ok
22:52:53.0435 4572 Processor - ok
22:52:53.0451 4572 ProfSvc - ok
22:52:53.0451 4572 ProtectedStorage - ok
22:52:53.0466 4572 PSched - ok
22:52:53.0560 4572 PxHelp20 - ok
22:52:53.0560 4572 ql2300 - ok
22:52:53.0575 4572 ql40xx - ok
22:52:53.0575 4572 QWAVE - ok
22:52:53.0591 4572 QWAVEdrv - ok
22:52:53.0607 4572 R300 - ok
22:52:53.0607 4572 RasAcd - ok
22:52:53.0622 4572 RasAuto - ok
22:52:53.0638 4572 Rasl2tp - ok
22:52:53.0653 4572 RasMan - ok
22:52:53.0653 4572 RasPppoe - ok
22:52:53.0669 4572 RasSstp - ok
22:52:53.0685 4572 rdbss - ok
22:52:53.0685 4572 RDPCDD - ok
22:52:53.0700 4572 rdpdr - ok
22:52:53.0716 4572 RDPENCDD - ok
22:52:53.0731 4572 RDPWD - ok
22:52:53.0763 4572 RemoteAccess - ok
22:52:53.0763 4572 RemoteRegistry - ok
22:52:53.0778 4572 rimmptsk - ok
22:52:53.0809 4572 rimsptsk - ok
22:52:53.0825 4572 rismxdp - ok
22:52:53.0825 4572 RpcLocator - ok
22:52:53.0841 4572 RpcSs - ok
22:52:53.0856 4572 rspndr - ok
22:52:53.0856 4572 SamSs - ok
22:52:53.0872 4572 sbp2port - ok
22:52:53.0887 4572 SCardSvr - ok
22:52:53.0903 4572 Schedule - ok
22:52:53.0903 4572 SCPolicySvc - ok
22:52:53.0919 4572 sdbus - ok
22:52:53.0934 4572 SDRSVC - ok
22:52:53.0950 4572 seclogon - ok
22:52:53.0950 4572 SENS - ok
22:52:53.0965 4572 Serenum - ok
22:52:53.0981 4572 Serial - ok
22:52:53.0997 4572 sermouse - ok
22:52:54.0028 4572 SessionEnv - ok
22:52:54.0043 4572 sffdisk - ok
22:52:54.0059 4572 sffp_mmc - ok
22:52:54.0059 4572 sffp_sd - ok
22:52:54.0075 4572 sfloppy - ok
22:52:54.0277 4572 [ e1974a92ac0914a3859359a0a8c82c68 ] SftService C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE
22:52:54.0293 4572 SftService - ok
22:52:54.0309 4572 SharedAccess - ok
22:52:54.0324 4572 ShellHWDetection - ok
22:52:54.0324 4572 sisagp - ok
22:52:54.0340 4572 SiSRaid2 - ok
22:52:54.0355 4572 SiSRaid4 - ok
22:52:54.0355 4572 slsvc - ok
22:52:54.0371 4572 SLUINotify - ok
22:52:54.0387 4572 Smb - ok
22:52:54.0418 4572 SNMPTRAP - ok
22:52:54.0418 4572 spldr - ok
22:52:54.0433 4572 Spooler - ok
22:52:54.0465 4572 sprtsvc_dellsupportcenter - ok
22:52:54.0480 4572 srv - ok
22:52:54.0496 4572 srv2 - ok
22:52:54.0496 4572 srvnet - ok
22:52:54.0511 4572 SSDPSRV - ok
22:52:54.0527 4572 ssmdrv - ok
22:52:54.0543 4572 SstpSvc - ok
22:52:54.0558 4572 STacSV - ok
22:52:54.0574 4572 Steam Client Service - ok
22:52:54.0589 4572 STHDA - ok
22:52:54.0605 4572 stisvc - ok
22:52:54.0948 4572 [ 7489520e98a119b5a9a00857f4f87d16 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
22:52:55.0042 4572 stllssvr - ok
22:52:55.0042 4572 swenum - ok
22:52:55.0057 4572 swprv - ok
22:52:55.0073 4572 Symc8xx - ok
22:52:55.0073 4572 Sym_hi - ok
22:52:55.0089 4572 Sym_u3 - ok
22:52:55.0104 4572 SysMain - ok
22:52:55.0120 4572 TabletInputService - ok
22:52:55.0120 4572 TapiSrv - ok
22:52:55.0135 4572 TBS - ok
22:52:55.0151 4572 Tcpip - ok
22:52:55.0167 4572 Tcpip6 - ok
22:52:55.0167 4572 tcpipreg - ok
22:52:55.0182 4572 TDPIPE - ok
22:52:55.0198 4572 TDTCP - ok
22:52:55.0198 4572 tdx - ok
22:52:55.0213 4572 TermDD - ok
22:52:55.0229 4572 TermService - ok
22:52:55.0245 4572 Themes - ok
22:52:55.0245 4572 THREADORDER - ok
22:52:55.0260 4572 TrkWks - ok
22:52:55.0260 4572 TrustedInstaller - ok
22:52:55.0276 4572 tssecsrv - ok
22:52:55.0401 4572 tunmp - ok
22:52:55.0416 4572 tunnel - ok
22:52:55.0432 4572 uagp35 - ok
22:52:55.0432 4572 udfs - ok
22:52:55.0463 4572 UI0Detect - ok
22:52:55.0479 4572 uliagpkx - ok
22:52:55.0494 4572 uliahci - ok
22:52:55.0510 4572 UlSata - ok
22:52:55.0510 4572 ulsata2 - ok
22:52:55.0525 4572 umbus - ok
22:52:55.0541 4572 upnphost - ok
22:52:55.0588 4572 USBAAPL - ok
22:52:55.0603 4572 usbccgp - ok
22:52:55.0619 4572 usbcir - ok
22:52:55.0650 4572 usbehci - ok
22:52:55.0650 4572 usbhub - ok
22:52:55.0666 4572 usbohci - ok
22:52:55.0681 4572 usbprint - ok
22:52:55.0697 4572 usbscan - ok
22:52:55.0697 4572 USBSTOR - ok
22:52:55.0713 4572 usbuhci - ok
22:52:55.0728 4572 UxSms - ok
22:52:55.0744 4572 vds - ok
22:52:55.0744 4572 vga - ok
22:52:55.0759 4572 VgaSave - ok
22:52:55.0775 4572 viaagp - ok
22:52:55.0791 4572 ViaC7 - ok
22:52:55.0791 4572 viaide - ok
22:52:55.0806 4572 volmgr - ok
22:52:55.0822 4572 volmgrx - ok
22:52:55.0837 4572 volsnap - ok
22:52:55.0853 4572 vsmraid - ok
22:52:55.0853 4572 VSS - ok
22:52:55.0915 4572 VSTHWBS2 - ok
22:52:55.0931 4572 VST_DPV - ok
22:52:55.0947 4572 W32Time - ok
22:52:55.0962 4572 WacomPen - ok
22:52:55.0978 4572 Wanarp - ok
22:52:55.0993 4572 Wanarpv6 - ok
22:52:56.0009 4572 wcncsvc - ok
22:52:56.0025 4572 WcsPlugInService - ok
22:52:56.0025 4572 Wd - ok
22:52:56.0040 4572 Wdf01000 - ok
22:52:56.0056 4572 WdiServiceHost - ok
22:52:56.0071 4572 WdiSystemHost - ok
22:52:56.0087 4572 WebClient - ok
22:52:56.0087 4572 Wecsvc - ok
22:52:56.0103 4572 wercplsupport - ok
22:52:56.0118 4572 WerSvc - ok
22:52:56.0134 4572 WimFltr - ok
22:52:56.0149 4572 winachsf - ok
22:52:56.0243 4572 [ 4575aa12561c5648483403541d0d7f2b ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
22:52:56.0321 4572 WinDefend - ok
22:52:56.0337 4572 WinHttpAutoProxySvc - ok
22:52:56.0352 4572 Winmgmt - ok
22:52:56.0352 4572 WinRM - ok
22:52:56.0383 4572 Wlansvc - ok
22:52:56.0493 4572 [ 5144ae67d60ec653f97ddf3feed29e77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:52:56.0586 4572 wlidsvc - ok
22:52:56.0602 4572 wltrysvc - ok
22:52:56.0617 4572 WmiAcpi - ok
22:52:56.0649 4572 wmiApSrv - ok
22:52:56.0789 4572 [ 3978704576a121a9204f8cc49a301a9b ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
22:52:56.0805 4572 WMPNetworkSvc - ok
22:52:56.0820 4572 WPCSvc - ok
22:52:56.0836 4572 WPDBusEnum - ok
22:52:56.0867 4572 WpdUsb - ok
22:52:56.0883 4572 WPFFontCache_v0400 - ok
22:52:56.0898 4572 ws2ifsl - ok
22:52:56.0929 4572 wscsvc - ok
22:52:56.0945 4572 WSearch - ok
22:52:56.0961 4572 wuauserv - ok
22:52:56.0992 4572 WUDFRd - ok
22:52:57.0007 4572 wudfsvc - ok
22:52:57.0054 4572 ================ Scan global ===============================
22:52:57.0054 4572 [Global] - ok
22:52:57.0054 4572 ================ Scan MBR ==================================
22:52:57.0085 4572 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
22:52:57.0928 4572 \Device\Harddisk0\DR0 - ok
22:52:57.0928 4572 ================ Scan VBR ==================================
22:52:57.0959 4572 Boot (0x1200) (f7957d07cfe91347aabb1d87aa327a49) \Device\Harddisk0\DR0\Partition1
22:52:57.0959 4572 \Device\Harddisk0\DR0\Partition1 - ok
22:52:57.0990 4572 Boot (0x1200) (643881299b919de6adb8c6012312dc5a) \Device\Harddisk0\DR0\Partition2
22:52:57.0990 4572 \Device\Harddisk0\DR0\Partition2 - ok
22:52:57.0990 4572 ============================================================
22:52:57.0990 4572 Scan finished
22:52:57.0990 4572 ============================================================
22:52:58.0006 4564 Detected object count: 0
22:52:58.0006 4564 Actual detected object count: 0


======================================================================================================================================


aswMBR:
======================================================================================================================================

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-14 22:54:45
-----------------------------
22:54:45.879 OS Version: Windows 6.0.6002 Service Pack 2
22:54:45.879 Number of processors: 2 586 0xF0D
22:54:45.894 ComputerName: EVA-PC UserName: Eva
22:55:50.756 Initialize success
22:57:31.165 AVAST engine defs: 12081401
22:58:21.740 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:58:21.740 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3
22:58:21.771 Disk 0 MBR read successfully
22:58:21.771 Disk 0 MBR scan
22:58:21.833 Disk 0 Windows VISTA default MBR code
22:58:21.833 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 133 MB offset 63
22:58:21.865 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 274432
22:58:21.896 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 228100 MB offset 21245952
22:58:21.911 Disk 0 scanning sectors +488394752
22:58:22.005 Disk 0 scanning C:\Windows\system32\drivers
22:58:41.990 Service scanning
22:59:08.606 Service STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe **INFECTED** Win32:Crypt-NPM [Trj]
22:59:17.327 Modules scanning
22:59:22.662 Disk 0 trace - called modules:
22:59:22.693 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
22:59:22.709 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85e57478]
22:59:22.724 3 CLASSPNP.SYS[883a68b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x84e0d030]
22:59:26.000 AVAST engine scan C:\Windows
22:59:34.455 AVAST engine scan C:\Windows\system32
23:08:49.494 AVAST engine scan C:\Windows\system32\drivers
23:09:26.999 AVAST engine scan C:\Users\Eva
23:27:01.444 AVAST engine scan C:\ProgramData
23:30:45.418 Scan finished successfully
06:08:37.403 Disk 0 MBR has been saved successfully to "C:\Users\Eva\Desktop\MBR.dat"
06:08:37.418 The log file has been saved successfully to "C:\Users\Eva\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:20 AM

Posted 15 August 2012 - 08:19 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Evewup

Evewup
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:20 AM

Posted 15 August 2012 - 10:58 AM

Hello Gringo,


Problems:
Combofix still complains that Avira is running, even after deactivating it permanently and restarting the computer. Ignored it.
Otherwise the computer is running fine.


Log from Combofix:
=====================================================================================================================================
ComboFix 12-08-14.05 - Eva 15.08.2012 17:24:24.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2045.1289 [GMT 2:00]
ausgeführt von:: c:\users\Eva\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Eva\Desktop\CFScript.txt.txt
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-07-15 bis 2012-08-15 ))))))))))))))))))))))))))))))
.
.
2012-08-15 15:36 . 2012-08-15 15:36 -------- d-----w- c:\users\Eva\AppData\Local\temp
2012-08-15 15:36 . 2012-08-15 15:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-08 16:47 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F90D1D27-E6A7-45F9-9E0F-83FACE4E4FDC}\mpengine.dll
2012-08-05 06:36 . 2012-08-05 06:36 -------- d-----w- c:\program files\iPod
2012-08-05 06:36 . 2012-08-05 06:38 -------- d-----w- c:\program files\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-12 07:42 . 2009-09-27 13:20 279552 ----a-w- c:\windows\system32\services.exe
2012-08-02 18:24 . 2012-04-04 18:02 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-02 18:24 . 2011-06-10 11:52 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-13 13:40 . 2012-07-12 17:28 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 16:47 . 2012-07-12 16:27 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47 . 2012-07-12 16:27 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:26 . 2012-07-12 16:27 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:19 . 2012-06-22 11:28 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 11:28 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 11:28 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 11:28 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-22 11:28 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-22 11:28 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-22 11:28 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-22 11:27 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-22 11:27 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 08:33 . 2012-07-12 17:24 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25 . 2012-07-12 17:24 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25 . 2012-07-12 17:24 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20 . 2012-07-12 17:24 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16 . 2012-07-12 17:24 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 00:04 . 2012-07-12 16:27 278528 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:03 . 2012-07-12 16:27 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-05-31 10:25 . 2009-10-03 15:36 237072 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-03-11 163840]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-03-12 3563520]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-16 483428]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-07-20 165184]
.
c:\users\Eva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-19 4742184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-07-13 13:01 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKLM\~\startupfolder\C:^Users^Eva^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Yahoo! Widgets.lnk]
path=c:\users\Eva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widgets.lnk
backup=c:\windows\pss\Yahoo! Widgets.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-14 23:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-05-30 18:06 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2012-08-08 16:41 348664 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-10-01 15:13 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-06-09 18:55 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2009-03-25 11:30 1840424 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-07 17:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OA001Cfg.exe]
2008-09-23 15:01 32768 ----a-w- c:\windows\OA001Cfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2008-01-14 09:13 132392 ------w- c:\program files\Dell\MediaDirect\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PE2CKFNT]
1998-07-03 10:51 25088 ----a-w- c:\program files\Ulead Systems\Ulead Photo Express 2\ChkFont.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-18 18:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 12:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-01-12 21:41 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 18:25]
.
2012-08-12 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-21 16:03]
.
2012-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-03 19:49]
.
2012-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-03 19:49]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-15 17:36
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(4532)
c:\program files\Sony Ericsson\Mobile\File Manager\fmgrgui.dll
c:\program files\Sony Ericsson\Mobile\File Manager\fmgrguil.dll
.
Zeit der Fertigstellung: 2012-08-15 17:42:13
ComboFix-quarantined-files.txt 2012-08-15 15:42
.
Vor Suchlauf: 37 Verzeichnis(se), 93.469.954.048 Bytes frei
Nach Suchlauf: 38 Verzeichnis(se), 93.588.127.744 Bytes frei
.
- - End Of File - - 5DCC68956A06EE3C84587E4480FDDC9E

Edited by Evewup, 15 August 2012 - 10:58 AM.


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:20 AM

Posted 15 August 2012 - 11:10 AM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Adobe Reader 8.1.3 - Deutsch
Browser Address Error Redirector
Java™ 6 Update 29
Java™ 6 Update 5
Java™ 6 Update 7
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]
Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.


: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Evewup

Evewup
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:20 AM

Posted 15 August 2012 - 02:57 PM

Good evening Gringo,

weiter geht's... (let's go on...)


Problem:
No problems, computer still running fine :-)


Log of MBAM:
(sorry for German text, but even when I choose English during install, the program is installed in German)
========================================================================================================================


Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.15.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Eva :: EVA-PC [Administrator]

15.08.2012 21:47:04
mbam-log-2012-08-15 (21-47-04).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 199689
Laufzeit: 6 Minute(n), 20 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)



========================================================================================================================

Log of hijackthis:
========================================================================================================================

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:40:35, on 15.08.2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_271_ActiveX.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Eva\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Echtzeit Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - Unknown owner - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

--
End of file - 9281 bytes

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:20 AM

Posted 15 August 2012 - 03:17 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
      O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
      O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
      O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
      O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Evewup

Evewup
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:20 AM

Posted 16 August 2012 - 12:48 PM

Back again,
ESET scan took 2:20 hrs and found two threats.

Here's the log:
==========================================================================================================
C:\Program Files\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application
C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:20 AM

Posted 16 August 2012 - 12:52 PM

Hello

The Online scan looks very good!! These are false Positives

C:\Program Files (x86)\Dell DataSafe Local Backup\<-- Dell backup program


Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wrong time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.
:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standard today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.


  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Evewup

Evewup
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:20 AM

Posted 16 August 2012 - 11:44 PM

Hello Gringo,

everything seems to be fine again. Thank you very much for your help!
A small donation is on the way... :busy:

Bye,
Carsten & Eva

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:20 AM

Posted 17 August 2012 - 03:13 PM

thank you and you are more than welcome



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:20 AM

Posted 19 August 2012 - 11:27 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users