Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Some suspictious activity


  • Please log in to reply
1 reply to this topic

#1 Star Trotter

Star Trotter

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:41 AM

Posted 28 December 2012 - 05:14 AM

A week ago booting of my Win7-64 on AMD starts taking nearly a hour, than "Kasersky 2013 IS" we had
was blocked from start and Windows starts showing blue screen,
By using save mode we have deleted all antiviruses and also restored system to earlier point.
Nither Kaspersky, that we installed again, nor its virus removers were found nothing
But bit later it starts getting slower as it was before. Than we installed "Emsisoft"
which has blocked some activity like 7333455drv.sys and "conduit.com"
but we still unsure that everything is clean.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 1.6.0_38
Run by Dell at 11:45:33 on 2012-12-28
Microsoft Windows 7 Home Premium 6.1.7601.1.1251.7.1033.18.3068.1086 [GMT 2:00]
.
AV: Emsisoft Anti-Malware *Enabled/Updated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Emsisoft Anti-Malware *Enabled/Updated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
FW: Online Armor Firewall *Enabled* {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\Online Armor\OAcat.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files (x86)\Online Armor\oasrv.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Norton One\Engine\3.2.0.19\ccSvcHst.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\svchost.exe -k regsvc
C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Online Armor\oaui.exe
C:\Program Files (x86)\Online Armor\OAhlp.exe
C:\Users\Dell\Desktop\uTorrent.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files (x86)\Multimedia Card Reader(6366)\ShwiconXP6366.exe
C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\explorer.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Windows Sidebar\sidebar.exe
C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2start.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://www.searchya.com/?s=0&a=foxtab&chnl=ft-

100&cd=2XzuyEtN2Y1L1Qzu0CtD0C0BtAzzyE0B0ByC0FtByD0C0D0FtN0D0Tzu0CtBtCyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1158334292
uURLSearchHooks: <No Name>: {93a3111f-4f74-4ed8-895e-d9708497629e} -
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX

\AcroIEHelperShim.dll
BHO: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office

\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: {8984B388-A5BB-4DF7-B274-77B879E179DB} - <orphaned>
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft

Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer

\skypeieplugin.dll
BHO: Search Assistant BHO: {c547c6c2-561b-4169-a2a5-20ba771ca93b} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: VideoDownloadConverter: {48586425-6bb7-4f51-8dc6-38c88e3ebb58} -
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [uTorrent] "C:\Users\Dell\Desktop\uTorrent.exe" /MINIMIZED
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun: [ShwiconXP6366] C:\Program Files (x86)\Multimedia Card Reader(6366)\ShwiconXP6366.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [emsisoft anti-malware] "c:\program files (x86)\emsisoft anti-malware\a2guard.exe" /d=60
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD

AVT\bin\kdbsync.exe" aml
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [dslToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\ToasterLauncher.exe
dRun: [Norton Download Manager{N360P201102-SHPD-FSD31014}] C:\Program Files (x86)\Norton One\Engine\3.1.0.24\ccSvcHst.exe /m
dRun: [Norton Download Manager{N360P202019-SHPD-FSD31014}] C:\Program Files (x86)\Norton One\Engine\3.2.0.19\ccSvcHst.exe /m
StartupFolder: C:\Users\Dell\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files

(x86)\Microsoft Office\Office12\ONENOTEM.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Добавить к существующему PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX

\AcroIEFavClient.dll/AcroIEAppend.html
IE: Добавить содержимое по ссылке в существующий файл PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX

\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Преобразовать в Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX

\AcroIEFavClient.dll/AcroIECapture.html
IE: Преобразовать содержимое по ссылке в PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX

\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live

\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office

\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars

\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
TCP: NameServer = 192.168.10.254
TCP: Interfaces\{0FF90E5B-1D92-4B63-A7CA-B20D13E74C13} : DHCPNameServer = 192.168.10.254
TCP: Interfaces\{68E2BD61-A631-417D-A00F-928ED69E403C} : DHCPNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office

\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet

Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery

\AlbumDownloadProtocolHandler.dll
AppInit_DLLs=
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office

\Office12\GrooveShellExtensions.dll
x64-BHO: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft

Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars

\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
x64-Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
x64-Run: [@OnlineArmor GUI] "C:\Program Files (x86)\Online Armor\oaui.exe"
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype

\Toolbars\Internet Explorer x64\skypeieplugin.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet

Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 genuine.microsoft.com
Hosts: 127.0.0.1 mpa.one.microsoft.com
Hosts: 127.0.0.1 sls.microsoft.com
Hosts: 207.68.172.246 www.msnweather.com
Hosts: 198.78.215.126 blst.msn.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\5iu5lw6v.default\
FF - prefs.js: browser.search.defaulturl - hxxp://go.mail.ru/search?fr=fftb&utf8in&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.search.selectedengine - РџРѕРёСЃРє@Mail.Ru
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Dell\AppData\Roaming\Mozilla\Firefox\Profiles\5iu5lw6v.default\extensions\{687578b9-7132-4a7a-80e4-

30ee31099e03}\plugins\np-mswmp.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-12-28 09:24; {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}; C:\Program Files (x86)\Mozilla Firefox\extensions

\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112763&tt=010712_4
FF - user.js: extensions.BabylonToolbar_i.hardId - 40e95cdf000000000000c0cb384bb6f2
FF - user.js: extensions.BabylonToolbar_i.id - 40e95cdf000000000000c0cb384bb6f2
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15527
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1718:26:25
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.searchya.aflt - foxtab
FF - user.js: extensions.searchya.autoRvrt - false
FF - user.js: extensions.searchya.dfltLng -
FF - user.js: extensions.searchya.dfltSrch - true
FF - user.js: extensions.searchya.dnsErr - true
FF - user.js: extensions.searchya.envrmnt - production
FF - user.js: extensions.searchya.excTlbr - false
FF - user.js: extensions.searchya.hmpg - true
FF - user.js: extensions.searchya.hmpgUrl - hxxp://www.searchya.com/?s=0&a=foxtab&chnl=ft-

100&cd=2XzuyEtN2Y1L1Qzu0CtD0C0BtAzzyE0B0ByC0FtByD0C0D0FtN0D0Tzu0CtBtCyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1158334292
FF - user.js: extensions.searchya.id - C0CB384BB6F25CDF
FF - user.js: extensions.searchya.instlDay - 15555
FF - user.js: extensions.searchya.instlRef - ft-100
FF - user.js: extensions.searchya.isdcmntcmplt - true
FF - user.js: extensions.searchya.mntrvrsn - 1.3.0
FF - user.js: extensions.searchya.newTabUrl - hxxp://www.searchya.com/?s=2&a=foxtab&chnl=ft-

100&cd=2XzuyEtN2Y1L1Qzu0CtD0C0BtAzzyE0B0ByC0FtByD0C0D0FtN0D0Tzu0CtBtCyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1158334292
FF - user.js: extensions.searchya.prdct - searchya
FF - user.js: extensions.searchya.prtnrId - searchya
FF - user.js: extensions.searchya.srchPrvdr - Search
FF - user.js: extensions.searchya.tlbrId - base
FF - user.js: extensions.searchya.tlbrSrchUrl - hxxp://www.searchya.com/?s=3&a=foxtab&chnl=ft-

100&cd=2XzuyEtN2Y1L1Qzu0CtD0C0BtAzzyE0B0ByC0FtByD0C0D0FtN0D0Tzu0CtBtCyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1158334292&q=
FF - user.js: extensions.searchya.vrsn - 1.5.25.0
FF - user.js: extensions.searchya.vrsni - 1.5.25.0
FF - user.js: extensions.searchya_i.newTab - true
FF - user.js: extensions.searchya_i.smplGrp - none
FF - user.js: extensions.searchya_i.vrsnTs - 1.5.25.011:23:44
.
============= SERVICES / DRIVERS ===============
.
R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2012-12-28 23208]
R1 a2injectiondriver;a2injectiondriver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [2012-12-28 44688]
R1 a2util;a-squared Malware-IDS utility driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [2012-12-28 14720]
R1 ccSet_MCLIENT;Norton One Settings Manager;C:\Windows\System32\drivers\MCLIENTx64\0302000.013\ccsetx64.sys [2012-10-23

168096]
R1 OADevice;OADriver;C:\Windows\SysWOW64\drivers\OADriver.sys [2012-12-28 61632]
R1 oahlpXX;Online Armor helper driver;C:\Windows\SysWOW64\drivers\oahlp64.sys [2012-12-28 62016]
R1 OAmon;OAmon;C:\Windows\SysWOW64\drivers\OAmon.sys [2012-12-28 40520]
R2 a2AntiMalware;Emsisoft Anti-Malware 7.0 - Service;C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2012-12-28

3084688]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-7-4 238080]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-7-4 361984]
R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
R2 MCLIENT;Norton One;C:\Program Files (x86)\Norton One\Engine\3.2.0.19\ccsvchst.exe [2012-10-23 143928]
R2 OAcat;Online Armor Helper Service;C:\Program Files (x86)\Online Armor\oacat.exe [2012-12-28 216072]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-12-28 1695040]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
R2 SvcOnlineArmor;Online Armor;C:\Program Files (x86)\Online Armor\oasrv.exe [2012-12-28 4463864]
R3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2012-12-28 66320]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-12-28 46136]
R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\System32\drivers\bcmvwl64.sys [2011-10-13 20984]
R3 OAnet;OnlineArmor Service;C:\Windows\System32\drivers\OAnet.sys [2012-12-28 35376]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework

\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET

\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-9-10 57280]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-7-28 1511872]
S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;C:\Windows\System32\drivers\netr7364.sys [2010-2-24 726816]
S3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver;C:

\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2012-11-26 25584]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2012-12-27 31800]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-10-15 59392]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\System32\WScript.exe "%1" %* [UserChoice]
.
=============== Created Last 30 ================
.
2012-12-28 08:37:00 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C2F27C56-DD0C-

40EE-B188-FB4DC581D9BF}\offreg.dll
2012-12-28 08:02:15 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-28 08:02:15 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-28 08:02:14 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-28 08:02:13 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-28 07:24:38 477168 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-12-28 07:24:38 473072 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-12-28 07:20:51 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C2F27C56-DD0C-

40EE-B188-FB4DC581D9BF}\mpengine.dll
2012-12-27 23:40:51 -------- d-----w- C:\Users\Dell\AppData\Local\AMD
2012-12-27 23:40:33 -------- d-----w- C:\Users\Dell\AppData\Local\ATI
2012-12-27 23:40:29 -------- d-----w- C:\Program Files (x86)\AMD AVT
2012-12-27 23:40:25 -------- d-----w- C:\Program Files (x86)\AMD APP
2012-12-27 23:40:19 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2012-12-27 23:40:19 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2012-12-27 23:39:20 -------- d-----w- C:\ProgramData\AMD
2012-12-27 23:39:18 46136 ----a-w- C:\Windows\System32\drivers\amdiox64.sys
2012-12-27 23:38:09 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2012-12-27 23:26:44 -------- d-----w- C:\Users\Dell\AppData\Roaming\OnlineArmor
2012-12-27 23:26:44 -------- d-----w- C:\ProgramData\OnlineArmor
2012-12-27 23:25:34 62016 ----a-w- C:\Windows\SysWow64\drivers\oahlp64.sys
2012-12-27 23:25:34 61632 ----a-w- C:\Windows\SysWow64\drivers\OADriver.sys
2012-12-27 23:25:34 40520 ----a-w- C:\Windows\SysWow64\drivers\OAmon.sys
2012-12-27 23:25:34 35376 ----a-w- C:\Windows\System32\drivers\OAnet.sys
2012-12-27 23:25:27 -------- d-----w- C:\Program Files (x86)\Online Armor
2012-12-27 23:20:02 -------- d-----w- C:\Program Files (x86)\Emsisoft Anti-Malware
2012-12-27 23:07:00 -------- d-----w- C:\Temp
2012-12-27 23:06:35 -------- d-----w- C:\Program Files (x86)\Dell DataSafe Local Backup
2012-12-27 22:39:55 -------- d-----w- C:\Users\Dell\My Backup Files
2012-12-27 22:39:21 -------- d-----w- C:\Users\Dell\AppData\Local\SoftThinks
2012-12-27 22:26:20 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-12-27 22:19:38 -------- d-----w- C:\AMD
2012-12-27 22:16:55 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-12-27 22:16:55 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-12-27 21:42:11 -------- d-----w- C:\Users\Dell\AppData\Roaming\Dell
2012-12-27 21:41:48 -------- d-----w- C:\ProgramData\PCDr
2012-12-27 21:41:48 -------- d-----w- C:\ProgramData\PC-Doctor for Windows
2012-12-27 21:41:29 -------- d-----w- C:\Program Files\Dell Support Center
2012-12-27 18:03:16 0 ----a-w- C:\Windows\ativpsrm.bin
2012-12-27 15:19:28 -------- d-----w- C:\Users\Dell\AppData\Local\VS Revo Group
2012-12-27 15:19:25 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys
2012-12-27 15:19:23 -------- d-----w- C:\Program Files\VS Revo Group
2012-12-27 15:17:09 -------- d-----w- C:\Users\Dell\AppData\Roaming\PCDr
2012-12-25 22:07:08 455680 ----a-w- C:\Windows\System32\deploytk.dll
2012-12-21 21:24:09 -------- d-----w- C:\Users\Dell\AppData\Local\Microsoft Games
2012-12-13 12:30:28 5955856 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-

43525BDAD38A}\components\SkypeFfComponent.dll
2012-12-11 10:40:43 -------- d-----w- C:\Users\Dell\AppData\Local\Research In Motion
2012-12-11 10:40:40 -------- d-----w- C:\Users\Dell\AppData\Roaming\Research In Motion
2012-12-11 10:39:01 -------- d-----w- C:\ProgramData\Research In Motion
2012-12-11 10:38:50 -------- d-----w- C:\Program Files (x86)\Research In Motion
2012-12-11 10:38:50 -------- d-----w- C:\Program Files (x86)\Common Files\XCPCSync.OEM
2012-12-11 10:38:50 -------- d-----w- C:\Program Files (x86)\Common Files\Research In Motion
2012-12-04 09:14:44 -------- d-----w- C:\Users\Dell\AppData\Roaming\App Launcher Gadget
2012-12-04 07:29:03 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup

\mpengine.dll
2012-12-03 15:30:25 -------- d-----w- C:\Users\Dell\AppData\Local\Apple Computer
2012-12-03 15:13:05 -------- dc----w- C:\Users\Dell\AppData\Local\MigWiz
2012-12-03 13:03:49 -------- d-----w- C:\Windows\ELAMBKUP
2012-12-03 10:21:53 -------- d-----w- C:\Program Files (x86)\ESET
2012-12-03 08:27:02 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2012-12-03 08:27:02 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-12-03 08:27:02 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-12-03 08:27:02 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-12-03 08:01:16 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-12-03 08:01:16 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-12-03 08:01:16 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-12-03 08:01:16 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
.
==================== Find3M ====================
.
2012-12-27 22:35:15 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-27 22:35:15 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
2012-10-04 17:46:16 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-10-04 17:46:15 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-10-04 17:46:15 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-10-04 17:45:55 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-10-04 17:43:28 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-10-04 17:41:16 424960 ----a-w- C:\Windows\System32\KernelBase.dll
2012-10-04 16:47:41 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-10-04 16:47:41 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-10-04 15:21:55 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-10-04 14:46:46 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-10-04 14:46:46 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-10-04 14:46:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-10-04 14:46:43 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-10-04 14:41:50 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-10-04 14:41:50 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-04 14:41:50 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-04 14:41:50 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-10-04 01:19:14 168096 ----a-w- C:\Windows\System32\drivers\MCLIENTx64\0302000.013\ccsetx64.sys
2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
.
============= FINISH: 11:48:38.62 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:10:41 PM

Posted 28 December 2012 - 03:46 PM

one hour to boot up and blue screens? Not everything is malware related could be hardware/driver issue. Conduit isnt much to worry about.
Can you explain these: .ru is a Russian domain

РџРѕРёСЃРє@Mail.Ru
hxxp://go.mail.ru/search?

Did you add these to your host file;
Hosts: 127.0.0.1 genuine.microsoft.com
Hosts: 127.0.0.1 mpa.one.microsoft.com
Hosts: 127.0.0.1 sls.microsoft.com

Please download Adwcleaner by Xplode onto your desktop.
Double click on AdwCleaner.exe, select OK, then Run
Click on Search
A logfile will automatically open after the scan has finished
Copy and paste the contents in your reply
You can find the logfile at C:\AdwCleaner[R1].txt as well

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users