Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Protected Malware bothering MBAM


  • Please log in to reply
39 replies to this topic

#1 marija_peg

marija_peg

  • Members
  • 128 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:50 AM

Posted 26 January 2013 - 12:26 PM

Following the instructions of BoopMe in the "Am I infected" forum, I ran TDSS Killer, ADWCleaner and ESET Online Scanner. ESET detected Somoto in my backup files. It seems that I got rid of it, however there still could be a MalwareBytes interference, since it did not detect any infections while I had the Somoto and Bundled Installer. Also, during the time I was infected, CPU usage was rather high which is why I disabled indexing by Search Index. I also lost all icons in the start menu and was left only with empty folders. Also, maybe irrelevant, but when I run Sticky Notes, the font is not as it was by default and if I open another sticky note I cannot close it, not even the first one. I can only close them if I exit the program altogether.
Thank you!
Oh, and the topic was started because I often got MalwareBytes notifications that it successfully blocked access to a potentially malicious site, it just popped out, the site was 31.133.56.176


DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457
Run by XX at 17:25:25 on 2013-01-26
#Option MBR scan is disabled.
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.385.1033.18.2849.825 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ================
.
C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files\Bluetooth Suite\adminservice.exe
C:\Program Files\AVG\AVG2013\avgidsagent.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
C:\Program Files\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\AVG\AVG2013\avgnsx.exe
C:\Program Files\AVG\AVG2013\avgemcx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\tixati\tixati.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Program Files\Zune\Zune.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - c:\program files\bluetooth suite\IEPlugIn.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [ATKOSD2] c:\program files\asus\atk package\atkosd2\ATKOSD2.exe
mRun: [ATKMEDIA] c:\program files\asus\atk package\atk media\DMedia.exe
mRun: [HControlUser] c:\program files\asus\atk package\atk hotkey\HControlUser.exe
mRun: [AmIcoSinglun] c:\program files\amicosinglun\AmIcoSinglun.exe
mRun: [Wireless Console 3] c:\program files\asus\wireless console 3\wcourier.exe
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
StartupFolder: c:\users\XX\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\XX\appdata\roaming\dropbox\bin\Dropbox.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - c:\program files\bluetooth suite\IEPlugIn.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 150.254.65.22 150.254.65.21
TCP: Interfaces\{DF06DB91-312C-4232-9E58-DFF22D2C9FA9} : DHCPNameServer = 150.254.65.22 150.254.65.21
TCP: Interfaces\{FDAED5DF-EBEF-43C3-AFC9-35D150B621ED} : DHCPNameServer = 150.254.65.22 150.254.65.21
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.56\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-10-15 55776]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-11-15 94048]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 35552]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files\asus\atk package\atk wmiacpi\atkwmiacpi.sys [2011-5-25 15488]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-10-22 179936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-9-21 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 159712]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-21 164832]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files\bluetooth suite\Ath_CoexAgent.exe [2011-5-31 138400]
R2 AtherosSvc;AtherosSvc;c:\program files\bluetooth suite\AdminService.exe [2011-5-31 78496]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-11-15 5814904]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-10-22 196664]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-1-14 398184]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-1-14 682344]
R3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\drivers\asmthub3.sys [2011-6-2 101352]
R3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys [2011-6-2 317416]
R3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\drivers\btath_bus.sys [2011-5-31 25248]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [2011-4-13 119592]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-10-15 269824]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2011-4-19 69232]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-1-14 21104]
R3 MEI;Intel® Management Engine Interface ;c:\windows\system32\drivers\HECI.sys [2010-10-19 41088]
R3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2011-5-1 7513088]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.sys [2011-3-18 46680]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\drivers\btath_flt.sys [2011-5-31 35488]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-5-31 289440]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2011-5-31 97440]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\drivers\btath_hcrp.sys [2011-5-31 147616]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\drivers\btath_lwflt.sys [2011-5-31 60064]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\drivers\btath_rcp.sys [2011-5-31 263968]
S3 BTATH_VDP;Bluetooth VDP Driver;c:\windows\system32\drivers\btath_vdp.sys [2011-5-31 411936]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\intel\wifi\bin\PanDhcpDns.exe [2011-5-2 227600]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-1-16 14848]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-1-16 49664]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2013-1-15 1343400]
.
=============== Created Last 30 ================
.
2013-01-25 22:50:06 -------- d-----w- c:\windows\ERUNT
2013-01-25 22:49:38 -------- d-----w- C:\JRT
2013-01-24 20:12:54 -------- d-----w- c:\program files\ESET
2013-01-23 20:55:32 -------- d-----w- C:\New folder
2013-01-23 20:55:22 -------- d-----w- C:\Duplice
2013-01-21 13:19:14 388096 ----a-r- c:\users\XX\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2013-01-21 13:19:14 -------- d-----w- c:\program files\Trend Micro
2013-01-21 09:58:19 -------- d-----w- c:\programdata\AVG January 2013 Campaign
2013-01-20 23:10:14 -------- d-----w- c:\programdata\SUPERSetup
2013-01-20 18:41:29 -------- d-----r- c:\users\XX\Dropbox
2013-01-20 18:39:13 -------- d-----w- c:\users\XX\appdata\roaming\Dropbox
2013-01-20 16:46:03 -------- d-----w- c:\users\XX\.thumbnails
2013-01-20 16:43:49 -------- d-----w- c:\users\XX\appdata\local\fontconfig
2013-01-20 16:43:48 -------- d-----w- c:\users\XX\.gimp-2.8
2013-01-20 16:43:47 -------- d-----w- c:\users\XX\appdata\local\gegl-0.2
2013-01-20 16:41:33 -------- d-----w- c:\program files\GIMP 2
2013-01-20 12:36:03 -------- d-----w- c:\program files\ZAR
2013-01-20 12:31:27 -------- d-----w- c:\program files\Stellar Phoenix Photo Recovery
2013-01-20 12:22:10 -------- d-----w- c:\program files\EaseUS
2013-01-20 11:39:53 -------- d-----w- c:\users\XX\appdata\local\ElevatedDiagnostics
2013-01-19 01:36:41 -------- d-----w- c:\program files\VideoLAN
2013-01-17 01:05:30 -------- d-----w- c:\program files\Fast Duplicate File Finder
2013-01-16 15:02:31 -------- d-----w- c:\program files\Microsoft Synchronization Services
2013-01-16 14:59:27 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2013-01-16 14:56:59 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2013-01-16 14:54:42 -------- d-----w- c:\program files\Microsoft Analysis Services
2013-01-16 14:52:58 -------- d-----w- c:\users\XX\appdata\local\Adobe
2013-01-16 14:48:46 -------- d-----w- c:\users\XX\appdata\local\Microsoft Help
2013-01-16 10:32:58 -------- d-sh--w- c:\windows\system32\%APPDATA%
2013-01-16 10:31:58 247808 ----a-w- c:\windows\system32\schannel.dll
2013-01-16 10:31:56 369856 ----a-w- c:\windows\system32\drivers\cng.sys
2013-01-16 10:31:56 136560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-01-16 10:31:56 1039360 ----a-w- c:\windows\system32\lsasrv.dll
2013-01-16 10:31:51 514560 ----a-w- c:\windows\system32\qdvd.dll
2013-01-16 09:42:15 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2013-01-16 09:42:15 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2013-01-16 09:41:34 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2013-01-16 09:41:28 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2013-01-16 09:41:28 156672 ----a-w- c:\windows\system32\ncsi.dll
2013-01-16 09:41:28 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-16 09:41:27 52224 ----a-w- c:\windows\system32\nlaapi.dll
2013-01-16 09:41:27 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2013-01-16 09:41:27 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2013-01-16 09:41:27 242176 ----a-w- c:\windows\system32\nlasvc.dll
2013-01-16 09:41:27 18944 ----a-w- c:\windows\system32\netevent.dll
2013-01-16 09:41:27 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-01-16 09:41:27 175104 ----a-w- c:\windows\system32\netcorehc.dll
2013-01-16 09:40:37 49152 ----a-w- c:\windows\system32\taskhost.exe
2013-01-16 09:40:30 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2013-01-16 09:40:29 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2013-01-15 20:18:37 -------- d-----w- c:\users\XX\appdata\local\Diagnostics
2013-01-15 15:58:35 -------- d-----w- c:\users\XX\appdata\local\CrashDumps
2013-01-15 14:04:52 -------- d-----w- C:\5c961dd09cea7cb88de58a977a
2013-01-15 12:59:56 -------- d-----w- c:\windows\system32\SPReview
2013-01-15 12:58:03 -------- d-----w- c:\windows\system32\EventProviders
2013-01-15 12:54:16 -------- d-----w- c:\windows\system32\Wat
2013-01-15 12:51:05 805376 ----a-w- c:\windows\system32\FntCache.dll
2013-01-15 12:51:04 739840 ----a-w- c:\windows\system32\d2d1.dll
2013-01-15 12:41:59 51200 ----a-w- c:\windows\system32\PushPrinterConnections.exe
2013-01-15 12:40:58 630784 ----a-w- c:\windows\system32\DXPTaskRingtone.dll
2013-01-15 12:39:59 859648 ----a-w- c:\windows\system32\OobeFldr.dll
2013-01-15 12:38:57 44544 ----a-w- c:\windows\system32\vmbusres.dll
2013-01-15 12:37:02 189952 ----a-w- c:\windows\system32\wdscore.dll
2013-01-15 12:36:39 189952 ----a-w- c:\program files\windows portable devices\sqmapi.dll
2013-01-15 12:36:38 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2013-01-15 12:36:37 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2013-01-15 12:36:28 189952 ----a-w- c:\windows\system32\sqmapi.dll
2013-01-15 11:15:20 -------- d-----r- c:\users\XX\Podcasts
2013-01-15 00:45:59 -------- d-----w- c:\windows\system32\drivers\umdf\nl-NL
2013-01-15 00:45:56 -------- d-----w- c:\windows\system32\drivers\umdf\it-IT
2013-01-15 00:45:52 -------- d-----w- c:\windows\system32\drivers\umdf\de-DE
2013-01-15 00:45:50 -------- d-----w- c:\windows\system32\drivers\umdf\fr-FR
2013-01-15 00:45:48 -------- d-----w- c:\windows\system32\drivers\umdf\es-ES
2013-01-15 00:42:01 -------- d-----w- c:\windows\PCHEALTH
2013-01-15 00:36:54 -------- d-----w- c:\program files\Speccy
2013-01-15 00:35:56 -------- d-----w- c:\program files\CCleaner
2013-01-15 00:17:09 -------- d-----w- c:\users\XX\appdata\roaming\tixati
2013-01-15 00:15:36 -------- d-----w- c:\program files\tixati
2013-01-14 23:38:10 -------- d-----w- c:\users\XX\appdata\roaming\AVG
2013-01-14 23:36:25 -------- d-----w- c:\programdata\AVG
2013-01-14 23:31:45 -------- d-s---w- c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-01-14 22:03:36 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-01-14 20:06:10 -------- d-----r- c:\program files\Skype
2013-01-14 18:39:30 -------- d-----w- c:\windows\system32\XPSViewer
2013-01-14 18:39:30 -------- d-----w- c:\windows\system32\drivers\umdf\ru-RU
2013-01-14 18:39:29 -------- d-----w- c:\windows\system32\drivers\ru-RU
2013-01-14 18:39:25 -------- d-----w- c:\windows\system32\ru
2013-01-14 18:39:21 -------- d-----w- c:\windows\system32\wbem\ru-RU
2013-01-14 18:38:59 -------- d-----w- c:\windows\ru-RU
2013-01-14 18:38:19 -------- d-----w- c:\windows\hr-HR
2013-01-14 18:38:18 -------- d-----w- c:\windows\system32\drivers\hr-HR
2013-01-14 18:38:03 -------- d-----w- c:\windows\system32\wbem\hr-HR
2013-01-14 18:12:23 -------- d-----w- c:\programdata\AVAST Software
2013-01-14 18:12:23 -------- d-----w- c:\program files\AVAST Software
2013-01-14 18:10:08 -------- d-----w- c:\users\XX\appdata\roaming\BSplayer Pro
2013-01-14 18:10:08 -------- d-----w- c:\users\XX\appdata\roaming\BSplayer
2013-01-14 18:10:08 -------- d-----w- c:\program files\Webteh
2013-01-14 18:08:46 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-14 18:08:46 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-14 18:04:23 70656 ----a-w- c:\windows\system32\fontsub.dll
2013-01-14 18:04:23 295424 ----a-w- c:\windows\system32\atmfd.dll
2013-01-14 18:04:22 34304 ----a-w- c:\windows\system32\atmlib.dll
2013-01-14 17:45:49 -------- d-----w- c:\windows\Panther
2013-01-14 16:59:50 3584 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\ru-ru\LXKPTPRC.DLL.mui
2013-01-14 16:43:28 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-01-14 16:43:26 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-01-14 16:43:26 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-01-14 16:41:48 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-01-14 16:41:48 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-01-14 16:41:48 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-01-14 16:41:48 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-01-14 16:41:47 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-01-14 16:41:47 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2013-01-14 16:41:45 613888 ----a-w- c:\windows\system32\WUDFx.dll
2013-01-14 16:39:37 5120 ----a-w- c:\windows\system32\wmi.dll
2013-01-14 16:39:37 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-01-14 16:39:37 159232 ----a-w- c:\windows\system32\imagehlp.dll
2013-01-14 16:35:21 293376 ----a-w- c:\windows\system32\browserchoice.exe
2013-01-14 16:05:30 164352 ----a-w- c:\windows\system32\profsvc.dll
2013-01-14 16:05:29 28672 ----a-w- c:\windows\system32\profprov.dll
2013-01-14 16:04:55 1077248 ----a-w- c:\windows\system32\DWrite.dll
2013-01-14 16:04:18 741376 ----a-w- c:\windows\system32\inetcomm.dll
2013-01-14 16:04:14 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2013-01-14 16:04:07 376832 ----a-w- c:\windows\system32\dpnet.dll
2013-01-14 16:04:07 2560 ----a-w- c:\windows\system32\dpnaddr.dll
2013-01-14 16:04:05 708608 ----a-w- c:\program files\common files\system\wab32.dll
2013-01-14 16:03:53 75776 ----a-w- c:\windows\system32\psisrndr.ax
2013-01-14 16:03:53 465408 ----a-w- c:\windows\system32\psisdecd.dll
2013-01-14 16:03:53 204288 ----a-w- c:\windows\system32\MSNP.ax
2013-01-14 16:03:52 72704 ----a-w- c:\windows\system32\Mpeg2Data.ax
2013-01-14 16:03:52 59904 ----a-w- c:\windows\system32\MSDvbNP.ax
2013-01-14 16:02:58 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2013-01-14 16:02:58 310272 ----a-w- c:\windows\system32\drivers\srv2.sys
2013-01-14 16:02:58 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2013-01-14 16:02:17 805376 ----a-w- c:\windows\system32\cdosys.dll
2013-01-14 16:02:17 1019904 ----a-w- c:\program files\common files\system\ado\msado15.dll
2013-01-14 16:02:15 352256 ----a-w- c:\program files\common files\system\ado\msadomd.dll
2013-01-14 16:02:14 57344 ----a-w- c:\program files\common files\system\ado\msador15.dll
2013-01-14 16:02:14 372736 ----a-w- c:\program files\common files\system\ado\msadox.dll
2013-01-14 16:02:14 212992 ----a-w- c:\program files\common files\system\msadc\msadco.dll
2013-01-14 16:02:14 143360 ----a-w- c:\program files\common files\system\ado\msjro.dll
2013-01-14 16:00:59 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2013-01-14 15:59:46 2048 ----a-w- c:\windows\system32\msxml3r.dll
2013-01-14 15:58:59 492032 ----a-w- c:\windows\system32\win32spl.dll
2013-01-14 15:57:52 690688 ----a-w- c:\windows\system32\msvcrt.dll
2013-01-14 15:57:51 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
2013-01-14 15:57:51 145920 ----a-w- c:\windows\system32\cfgmgr32.dll
2013-01-14 15:57:49 233472 ----a-w- c:\windows\system32\oleacc.dll
2013-01-14 15:57:48 571904 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-14 15:57:46 478720 ----a-w- c:\windows\system32\timedate.cpl
2013-01-14 15:57:46 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2013-01-14 15:57:44 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-01-14 15:43:42 2048 ----a-w- c:\windows\system32\tzres.dll
2013-01-14 15:42:44 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-01-14 15:42:44 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-01-14 15:42:44 107520 ----a-w- c:\windows\system32\cdd.dll
2013-01-14 13:51:05 -------- d-----w- c:\users\XX\appdata\roaming\SUPERAntiSpyware.com
2013-01-14 13:51:05 -------- d-----w- c:\users\XX\appdata\local\Google
2013-01-14 13:51:00 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-01-14 13:51:00 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-01-14 13:50:19 -------- d-----w- c:\users\XX\appdata\roaming\Malwarebytes
2013-01-14 13:50:10 -------- d-----w- c:\programdata\Malwarebytes
2013-01-14 13:50:09 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-14 13:50:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-01-14 13:49:56 -------- d-----w- c:\users\XX\appdata\local\Programs
2013-01-14 13:48:11 -------- d-----w- c:\users\XX\appdata\roaming\AVG2013
2013-01-14 13:47:46 826880 ----a-w- c:\windows\system32\rdpcore.dll
2013-01-14 13:47:46 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2013-01-14 13:47:46 18432 ----a-w- c:\windows\system32\drivers\tdpipe.sys
2013-01-14 13:47:38 -------- d-----w- c:\users\XX\appdata\roaming\TuneUp Software
2013-01-14 13:47:14 -------- d-----w- c:\programdata\AVG2013
2013-01-14 13:47:14 -------- d-----w- C:\$AVG
2013-01-14 13:46:46 -------- d-----w- c:\program files\AVG
2013-01-14 13:43:25 2422272 ----a-w- c:\windows\system32\wucltux.dll
2013-01-14 13:43:20 88576 ----a-w- c:\windows\system32\wudriver.dll
2013-01-14 13:43:15 33792 ----a-w- c:\windows\system32\wuapp.exe
2013-01-14 13:43:15 171904 ----a-w- c:\windows\system32\wuwebv.dll
2013-01-14 13:40:59 -------- d-----w- c:\users\XX\appdata\roaming\LavasoftStatistics
2013-01-14 13:40:39 -------- d-----w- c:\users\XX\appdata\roaming\Ad-Aware Antivirus
2013-01-14 13:40:08 -------- d-----w- c:\users\XX\appdata\local\MFAData
2013-01-14 13:40:08 -------- d-----w- c:\users\XX\appdata\local\Avg2013
2013-01-14 13:40:08 -------- d-----w- c:\programdata\MFAData
2013-01-14 13:40:08 -------- d-----w- c:\programdata\Common Files
2013-01-14 13:35:04 164480 ----a-w- c:\program files\windows sidebar\shared gadgets\p4gupdate.gadget\P4GUpdate.dll
2013-01-14 13:35:00 -------- d-----w- c:\programdata\P4G
2013-01-14 13:35:00 -------- d-----w- c:\program files\P4G
2013-01-14 12:56:40 -------- d-----w- c:\program files\ASM104xUSB3
2013-01-14 12:51:16 -------- d-----w- c:\program files\Elantech
2013-01-14 12:40:19 -------- d-----w- c:\users\XX\appdata\roaming\Intel
2013-01-14 12:40:08 -------- d-----w- c:\users\XX\Roaming
2013-01-14 12:40:08 -------- d-----w- c:\programdata\Roaming
2013-01-14 12:28:48 -------- d-----w- c:\program files\Cisco
2013-01-14 12:28:35 999016 ----a-w- c:\windows\system32\drivers\rtl8192ce.sys
2013-01-14 12:28:32 451072 ----a-w- c:\windows\system32\ISSRemoveSP.exe
2013-01-14 12:28:32 -------- d-----w- c:\program files\REALTEK PCIE Wireless LAN Driver
2013-01-14 12:23:24 -------- d-----w- c:\users\XX\appdata\local\BMExplorer
2013-01-14 12:23:19 -------- d-----w- c:\programdata\Atheros
2013-01-14 12:21:21 -------- d-----w- c:\users\XX\appdata\roaming\Atheros
2013-01-14 12:20:29 -------- d-----w- c:\program files\common files\Atheros
2013-01-14 12:20:22 -------- d-----w- c:\program files\Bluetooth Suite
2013-01-14 12:06:00 -------- d-----w- c:\programdata\AmUStor
2013-01-14 12:05:59 -------- d-----w- c:\program files\AmIcoSingLun
2013-01-14 11:54:06 -------- d-----w- c:\program files\common files\Intel
2013-01-14 11:36:49 -------- d-----w- c:\program files\ASUS
2013-01-14 11:36:28 -------- d-sh--w- c:\windows\Installer
2013-01-14 11:33:23 53248 ----a-w- c:\windows\system32\CSVer.dll
2013-01-14 11:32:12 -------- d-----w- C:\Intel
2013-01-14 11:23:24 -------- d-----w- c:\windows\system32\wbem\Performance
2013-01-14 09:00:11 -------- d-sh--w- C:\Recovery
.
==================== Find3M ====================
.
2013-01-15 13:34:51 152576 ----a-w- c:\windows\system32\msclmd.dll
2013-01-14 12:21:22 246804 ----a-w- c:\windows\system32\drivers\AtherosBt.bin
2012-12-07 12:26:17 308736 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- c:\windows\system32\gameux.dll
2012-11-30 04:53:34 169984 ----a-w- c:\windows\system32\winsrv.dll
2012-11-30 04:47:45 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-11-30 02:55:25 271360 ----a-w- c:\windows\system32\conhost.exe
2012-11-30 02:38:59 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-23 02:56:23 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-11-22 04:45:03 626688 ----a-w- c:\windows\system32\usp10.dll
2012-11-20 04:51:09 220160 ----a-w- c:\windows\system32\ncrypt.dll
2012-11-01 04:47:54 1389568 ----a-w- c:\windows\system32\msxml6.dll
.
============= FINISH: 17:27:20,11 ===============

Edited by marija_peg, 26 January 2013 - 12:37 PM.


BC AdBot (Login to Remove)

 


#2 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:04:50 PM

Posted 31 January 2013 - 12:25 AM

Hello and welcome to BleepingComputer. I am The Dark Knight and will be assisting you. Please ask questions if anything is unclear. :welcome:

Please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please include the C:\ComboFix.txt in your next reply for further review.

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#3 marija_peg

marija_peg
  • Topic Starter

  • Members
  • 128 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:50 AM

Posted 31 January 2013 - 11:32 AM

The thing is that I forgot that you wrote to turn Antivirus and Antimalware off. I was reading the ComboFix Guide which didn't mention that those should be disabled, so I completely forgot. Actually, ComboFix prompted me to turn AVG off so I did turned it off, but MalwareBytes was turned on during the scan.. Is that a problem, should I do it one more time?

ComboFix 13-01-31.01 - XX 1.01.2013. 17:08:56.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.385.1033.18.2849.2066 [GMT 1:00]
Running from: c:\users\XX\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
.
.
((((((((((((((((((((((((( Files Created from 2012-12-28 to 2013-01-31 )))))))))))))))))))))))))))))))
.
.
2013-01-31 16:14 . 2013-01-31 16:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-25 22:50 . 2013-01-25 22:50 -------- d-----w- c:\windows\ERUNT
2013-01-25 22:49 . 2013-01-25 22:50 -------- d-----w- C:\JRT
2013-01-24 20:12 . 2013-01-24 20:12 -------- d-----w- c:\program files\ESET
2013-01-23 20:55 . 2013-01-23 21:00 -------- d-----w- C:\New folder
2013-01-23 20:55 . 2013-01-23 20:55 -------- d-----w- C:\Duplice
2013-01-21 13:19 . 2013-01-21 13:19 -------- d-----w- c:\program files\Trend Micro
2013-01-21 09:58 . 2013-01-21 10:00 -------- d-----w- c:\programdata\AVG January 2013 Campaign
2013-01-20 23:10 . 2013-01-23 20:54 -------- d-----w- c:\programdata\SUPERSetup
2013-01-20 16:41 . 2013-01-20 16:43 -------- d-----w- c:\program files\GIMP 2
2013-01-20 12:36 . 2013-01-20 12:36 -------- d-----w- c:\program files\ZAR
2013-01-20 12:33 . 2013-01-21 11:13 -------- d-----w- c:\program files\Recuva
2013-01-20 12:31 . 2013-01-20 14:05 -------- d-----w- c:\program files\Stellar Phoenix Photo Recovery
2013-01-20 12:22 . 2013-01-20 12:22 -------- d-----w- c:\program files\EaseUS
2013-01-19 01:36 . 2013-01-19 01:36 -------- d-----w- c:\program files\VideoLAN
2013-01-17 01:05 . 2013-01-17 01:05 -------- d-----w- c:\program files\Fast Duplicate File Finder
2013-01-16 15:21 . 2013-01-16 15:21 -------- d-----w- c:\program files\7-Zip
2013-01-16 15:02 . 2013-01-16 15:02 -------- d-----w- c:\program files\Microsoft Synchronization Services
2013-01-16 14:59 . 2013-01-16 14:59 -------- d-----w- c:\program files\Microsoft Sync Framework
2013-01-16 14:59 . 2013-01-16 14:59 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2013-01-16 14:56 . 2013-01-16 14:57 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2013-01-16 14:54 . 2013-01-16 14:54 -------- d-----w- c:\program files\Microsoft Analysis Services
2013-01-16 14:52 . 2013-01-16 14:52 -------- d-----r- C:\MSOCache
2013-01-16 14:49 . 2013-01-16 14:49 -------- d-----w- c:\program files\Common Files\Adobe
2013-01-16 14:48 . 2013-01-16 15:29 -------- d-----w- c:\programdata\Microsoft Help
2013-01-16 10:32 . 2013-01-16 10:32 -------- d-sh--w- c:\windows\system32\%APPDATA%
2013-01-16 10:31 . 2012-08-24 16:57 247808 ----a-w- c:\windows\system32\schannel.dll
2013-01-16 10:31 . 2012-08-24 17:05 136560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-01-16 10:31 . 2012-08-24 17:02 369856 ----a-w- c:\windows\system32\drivers\cng.sys
2013-01-16 10:31 . 2012-08-24 16:56 1039360 ----a-w- c:\windows\system32\lsasrv.dll
2013-01-16 10:31 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll
2013-01-16 09:42 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2013-01-16 09:42 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2013-01-16 09:41 . 2012-08-21 20:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2013-01-16 09:41 . 2012-10-03 16:58 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-16 09:41 . 2012-10-03 16:42 156672 ----a-w- c:\windows\system32\ncsi.dll
2013-01-16 09:41 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2013-01-16 09:41 . 2012-10-03 16:42 52224 ----a-w- c:\windows\system32\nlaapi.dll
2013-01-16 09:41 . 2012-10-03 16:42 242176 ----a-w- c:\windows\system32\nlasvc.dll
2013-01-16 09:41 . 2012-10-03 16:42 18944 ----a-w- c:\windows\system32\netevent.dll
2013-01-16 09:41 . 2012-10-03 16:42 175104 ----a-w- c:\windows\system32\netcorehc.dll
2013-01-16 09:41 . 2012-10-03 16:40 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2013-01-16 09:41 . 2012-10-03 15:21 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2013-01-16 09:41 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-01-16 09:40 . 2012-11-23 02:48 49152 ----a-w- c:\windows\system32\taskhost.exe
2013-01-16 09:40 . 2012-10-09 17:40 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2013-01-16 09:40 . 2012-10-09 17:40 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2013-01-15 16:49 . 2013-01-16 14:59 -------- d-----w- c:\program files\Microsoft.NET
2013-01-15 14:04 . 2013-01-20 20:52 -------- d-----w- C:\5c961dd09cea7cb88de58a977a
2013-01-15 12:59 . 2013-01-15 13:00 -------- d-----w- c:\windows\system32\SPReview
2013-01-15 12:58 . 2013-01-15 12:58 -------- d-----w- c:\windows\system32\EventProviders
2013-01-15 12:54 . 2013-01-15 12:54 -------- d-----w- c:\windows\system32\Wat
2013-01-15 12:51 . 2011-02-19 06:30 805376 ----a-w- c:\windows\system32\FntCache.dll
2013-01-15 12:51 . 2011-02-19 06:30 739840 ----a-w- c:\windows\system32\d2d1.dll
2013-01-15 12:41 . 2010-11-20 12:17 280576 ----a-w- c:\windows\system32\spreview.exe
2013-01-15 12:39 . 2010-11-20 12:21 151040 ----a-w- c:\windows\system32\vdsutil.dll
2013-01-15 12:38 . 2010-11-20 12:20 40960 ----a-w- c:\windows\system32\odbcconf.dll
2013-01-15 12:37 . 2010-11-20 12:21 189952 ----a-w- c:\windows\system32\wdscore.dll
2013-01-15 12:36 . 2010-11-20 12:21 189952 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2013-01-15 12:36 . 2010-11-20 12:21 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2013-01-15 12:36 . 2010-11-20 12:19 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2013-01-15 12:36 . 2010-11-20 12:21 189952 ----a-w- c:\windows\system32\sqmapi.dll
2013-01-15 00:46 . 2013-01-15 00:46 -------- d-----w- c:\windows\system32\drivers\UMDF\ko-KR
2013-01-15 00:45 . 2013-01-15 00:45 -------- d-----w- c:\windows\system32\drivers\UMDF\nl-NL
2013-01-15 00:45 . 2013-01-15 00:45 -------- d-----w- c:\windows\system32\drivers\UMDF\it-IT
2013-01-15 00:45 . 2013-01-15 00:45 -------- d-----w- c:\windows\system32\drivers\UMDF\de-DE
2013-01-15 00:45 . 2013-01-15 00:45 -------- d-----w- c:\windows\system32\drivers\UMDF\fr-FR
2013-01-15 00:45 . 2013-01-15 00:45 -------- d-----w- c:\windows\system32\drivers\UMDF\es-ES
2013-01-15 00:43 . 2013-01-15 00:46 -------- d-----w- c:\program files\Zune
2013-01-15 00:42 . 2013-01-15 00:42 -------- d-----w- c:\windows\PCHEALTH
2013-01-15 00:36 . 2013-01-15 00:36 -------- d-----w- c:\program files\Speccy
2013-01-15 00:35 . 2013-01-15 00:36 -------- d-----w- c:\program files\CCleaner
2013-01-15 00:15 . 2013-01-29 01:55 -------- d-----w- c:\program files\tixati
2013-01-14 23:36 . 2013-01-14 23:39 -------- d-----w- c:\programdata\AVG
2013-01-14 23:31 . 2013-01-14 23:31 -------- d-s---w- c:\programdata\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-01-14 22:03 . 2013-01-14 23:19 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-01-14 20:06 . 2013-01-14 20:06 -------- d-----w- c:\program files\Common Files\Skype
2013-01-14 20:06 . 2013-01-14 20:06 -------- d-----r- c:\program files\Skype
2013-01-14 20:06 . 2013-01-14 20:06 -------- d-----w- c:\programdata\Skype
2013-01-14 18:39 . 2013-01-15 00:46 -------- d-----w- c:\windows\system32\drivers\UMDF\ru-RU
2013-01-14 18:39 . 2013-01-14 18:39 -------- d-----w- c:\windows\system32\XPSViewer
2013-01-14 18:39 . 2013-01-15 13:38 -------- d-----w- c:\windows\system32\drivers\ru-RU
2013-01-14 18:39 . 2013-01-14 18:39 -------- d-----w- c:\windows\system32\ru
2013-01-14 18:39 . 2013-01-15 13:38 -------- d-----w- c:\windows\system32\wbem\ru-RU
2013-01-14 18:38 . 2013-01-14 18:39 -------- d-----w- c:\windows\ru-RU
2013-01-14 18:38 . 2013-01-14 18:38 -------- d-----w- c:\windows\hr-HR
2013-01-14 18:38 . 2013-01-14 18:38 -------- d-----w- c:\windows\system32\drivers\hr-HR
2013-01-14 18:38 . 2013-01-15 13:38 -------- d-----w- c:\windows\system32\wbem\hr-HR
2013-01-14 18:12 . 2013-01-14 18:13 -------- d-----w- c:\programdata\AVAST Software
2013-01-14 18:12 . 2013-01-14 18:13 -------- d-----w- c:\program files\AVAST Software
2013-01-14 18:10 . 2013-01-14 18:10 -------- d-----w- c:\program files\Webteh
2013-01-14 18:08 . 2013-01-14 18:08 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-14 18:08 . 2013-01-14 18:08 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-14 18:08 . 2013-01-14 18:08 -------- d-----w- c:\windows\system32\Macromed
2013-01-14 18:04 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll
2013-01-14 18:04 . 2010-09-30 06:47 70656 ----a-w- c:\windows\system32\fontsub.dll
2013-01-14 18:04 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2013-01-14 17:45 . 2013-01-15 00:36 -------- d-----w- c:\windows\Panther
2013-01-14 16:59 . 2009-07-13 17:44 3584 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\ru-RU\LXKPTPRC.DLL.mui
2013-01-14 16:43 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-01-14 16:43 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-01-14 16:43 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-01-14 16:41 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-01-14 16:41 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-01-14 16:41 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-01-14 16:41 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-01-14 16:41 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2013-01-14 16:41 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-01-14 16:41 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2013-01-14 16:39 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2013-01-14 16:39 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2013-01-14 16:39 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2013-01-14 16:35 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2013-01-14 16:05 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll
2013-01-14 16:05 . 2010-11-20 12:20 28672 ----a-w- c:\windows\system32\profprov.dll
2013-01-14 16:04 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll
2013-01-14 16:04 . 2011-05-03 04:30 741376 ----a-w- c:\windows\system32\inetcomm.dll
2013-01-14 16:04 . 2011-02-23 04:47 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2013-01-14 16:04 . 2012-11-02 05:11 376832 ----a-w- c:\windows\system32\dpnet.dll
2013-01-14 16:04 . 2010-11-20 11:57 2560 ----a-w- c:\windows\system32\dpnaddr.dll
2013-01-14 16:04 . 2011-10-01 04:37 708608 ----a-w- c:\program files\Common Files\System\wab32.dll
2013-01-14 16:03 . 2011-08-17 04:24 465408 ----a-w- c:\windows\system32\psisdecd.dll
2013-01-14 16:03 . 2011-08-17 04:19 75776 ----a-w- c:\windows\system32\psisrndr.ax
2013-01-14 16:03 . 2010-11-20 12:16 204288 ----a-w- c:\windows\system32\MSNP.ax
2013-01-14 16:03 . 2010-11-20 12:16 72704 ----a-w- c:\windows\system32\Mpeg2Data.ax
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-15 13:34 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2013-01-14 12:21 . 2011-05-31 13:05 246804 ----a-w- c:\windows\system32\drivers\AtherosBt.bin
2012-11-15 22:33 . 2012-11-15 22:33 94048 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-11-20 . B459575348C20E8121D6039DA063C704 . 74752 . . [6.1.7601.17514] . . c:\windows\System32\drivers\tdx.sys
[-] 2010-11-20 . B459575348C20E8121D6039DA063C704 . 74752 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_ec4532373a57c1c2\tdx.sys
[7] 2009-07-13 . CB39E896A2A83702D1737BFD402B3542 . 74240 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_ea141e6f3d693e28\tdx.sys
.
[-] 2010-11-20 . 61AC3EFDFACFDD3F0F11DD4FD4044223 . 26624 . . [6.1.7600.16385] . . c:\windows\System32\userinit.exe
[-] 2010-11-20 . 61AC3EFDFACFDD3F0F11DD4FD4044223 . 26624 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[7] 2009-07-14 . 6DE80F60D7DE9CE6B8C2DDFDF79EF175 . 26112 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\XX\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\XX\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\XX\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"="c:\program files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2011-03-18 258048]
"Wireless Console 3"="c:\program files\ASUS\Wireless Console 3\wcourier.exe" [2011-06-10 2255360]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-10 145440]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-10 180768]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-10 189472]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
.
c:\users\XX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\XX\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AthBtTray]
2011-05-31 13:17 688288 ----a-w- c:\program files\Bluetooth Suite\AthBtTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtherosBtStack]
2011-05-31 13:17 804000 ----a-w- c:\program files\Bluetooth Suite\BtvStack.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ETDCtrl]
2011-04-13 04:18 1813800 ----a-w- c:\program files\Elantech\ETDCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelPAN]
2011-05-02 12:56 1210640 ----a-w- c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVBg]
2011-01-18 13:52 1530472 ------w- c:\program files\Realtek\Audio\HDA\RtHDVBg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2011-01-26 13:16 10025576 ------w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-01-08 11:59 18705664 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SonicMasterTray]
2010-07-09 21:45 984400 ----a-w- c:\program files\ASUS\Sonic Focus\SonicFocusTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-11-01 19:45 4763008 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2011-08-05 11:29 159456 ----a-w- c:\program files\Zune\ZuneLauncher.exe
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
R3 BTATH_VDP;Bluetooth VDP Driver;c:\windows\system32\drivers\btath_vdp.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files\Bluetooth Suite\Ath_CoexAgent.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files\Bluetooth Suite\adminservice.exe [x]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEI;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECI.sys [x]
S3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
GPSvcGroup REG_MULTI_SZ GPSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-31 11:56 1607120 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-14 18:08]
.
2013-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-14 13:51]
.
2013-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-14 13:51]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 150.254.65.21
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5316)
c:\users\XX\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
Completion time: 2013-01-31 17:17:53
ComboFix-quarantined-files.txt 2013-01-31 16:17
.
Pre-Run: 139.329.286.144 bytes free
Post-Run: 139.224.436.736 bytes free
.
- - End Of File - - E79150D8564718BFE6B4A667E86959A0

#4 marija_peg

marija_peg
  • Topic Starter

  • Members
  • 128 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:50 AM

Posted 31 January 2013 - 11:42 AM

Also, I've noticed that I don't get the Desktop icon when I want to save a file, attach a file, or browse for files. The icon just does not show up.
I will attach a photo of this and also one of my Start menu, when I click All programs. All of my previous program folders where there, but also empty like in the picture, so I deleted the folders.

Attached Files



#5 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:04:50 PM

Posted 31 January 2013 - 03:40 PM

Good morning marija_peg,

Thank you for the log.

Please go to the below link to run Unhide.exe for your icons:

http://www.bleepingcomputer.com/forums/topic405109.html

=====

Next, please run MBAM and post a fresh log in your reply.

=====

In your reply please let me know if your icons are still hidden and also provide the contents of the new MBAM log.

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#6 marija_peg

marija_peg
  • Topic Starter

  • Members
  • 128 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:50 AM

Posted 31 January 2013 - 03:59 PM

Hello, it's actually 21:55 where I am :)
I ran the Unhide program, icons are still missing, even after the restart. Now I'm running the MalwareBytes scan, I'll post the log when it's finished.
Thanks for your help!

Unhide by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
http://www.bleepingcomputer.com/forums/topic405109.html

Program started at: 01/31/2013 09:45:36 PM
Windows Version: Windows 7

Please be patient while your files are made visible again.

Processing the C:\ drive
Finished processing the C:\ drive. 133979 files processed.

Processing the D:\ drive
Finished processing the D:\ drive. 19015 files processed.

The C:\Users\XX\AppData\Local\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
Start Menu shortcuts: http://www.bleepingcomputer.com/forums/topic405109.html

Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
No registry changes detected.

Program finished at: 01/31/2013 09:49:42 PM
Execution time: 0 hours(s), 4 minute(s), and 5 seconds(s)


EDIT: I have now seen and downloaded the version of unhide when you don't have Temp/Smtmp folder!

Edited by marija_peg, 31 January 2013 - 04:01 PM.


#7 marija_peg

marija_peg
  • Topic Starter

  • Members
  • 128 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:50 AM

Posted 31 January 2013 - 04:21 PM

Yes, I have the basic Windows icons now, thanks. However, there are no programs I used to have listed there, such as my Antivirus, Office, and all the other stuff, but probably I'll have to do this manually, right?
Malwarebytes is running, however, I do have to say that MalwareBytes does behave rather differently from any other program I have. Often it is unresponsive and slow, e.g. now when I want to bring forth the window, nothing happens and also I get the circling mouse pointer that never stops, which is why I have to shut it forcefully.. :/

#8 marija_peg

marija_peg
  • Topic Starter

  • Members
  • 128 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:50 AM

Posted 31 January 2013 - 07:58 PM

Malwarebytes Anti-Malware (PRO) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.31.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
XX :: XX [administrator]

Protection: Enabled

1.2.2013. 0:07:01
mbam-log-2013-02-01 (00-07-01).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 316297
Time elapsed: 1 hour(s), 42 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#9 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:04:50 PM

Posted 01 February 2013 - 12:20 AM

Hello marija_peg,

I am glad to hear unhide fixed some of the issue, but you will have to manually replace the others.

Please uninstall MBAM. Then try reinstalling it. Does it still act slow?


Also, please download AdwCleaner by Xplode onto your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#10 marija_peg

marija_peg
  • Topic Starter

  • Members
  • 128 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:50 AM

Posted 01 February 2013 - 07:15 AM

# AdwCleaner v2.109 - Logfile created 02/01/2013 at 13:13:51
# Updated 26/01/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : XX - 00
# Boot Mode : Normal
# Running from : C:\Users\XX\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Found : HKCU\Software\Conduit
Key Found : HKLM\Software\AVG Secure Search

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Google Chrome v24.0.1312.57

File : C:\Users\XX\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [732 octets] - [01/02/2013 13:13:51]
AdwCleaner[S1].txt - [1024 octets] - [24/01/2013 21:07:14]
AdwCleaner[S2].txt - [876 octets] - [25/01/2013 11:24:06]

########## EOF - C:\AdwCleaner[R1].txt - [910 octets] ##########

#11 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:04:50 PM

Posted 01 February 2013 - 04:22 PM

Good morning marija_peg,

Please do the following to re-run AdwCleaner:
  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
    Note: If you get a message that you must reboot the computer before starting deletion, please do. At reboot, only AdwCleaner will run and you can only click on the Delete button.
    When the deletion is done, AdwCleaner will reboot the computer again and open the logfile.

=====

I would also like to see a fresh log from MBAM please.

=====

In your reply please provide the logs from AdwCleaner and MBAM.

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#12 marija_peg

marija_peg
  • Topic Starter

  • Members
  • 128 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:50 AM

Posted 01 February 2013 - 06:51 PM

Good morning to you, Dark Knight, and good evening to me! :D
What I have to say is that today I installed a gadget which also installed the horrible Babilon toolbar, I did it by mistake. I deleted it, so that must be the deleted folder and keys..
MalwareBytes running completely normal and scan didn't return any malicious items. I think everything is fine now, you?

# AdwCleaner v2.109 - Logfile created 02/02/2013 at 00:42:34
# Updated 26/01/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : XX - XX
# Boot Mode : Normal
# Running from : D:\Antivirusni\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Users\XX\AppData\Roaming\Babylon

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\f2d88ae26ae442
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\f2d88ae26ae442
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Google Chrome v24.0.1312.57

File : C:\Users\XX\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [978 octets] - [01/02/2013 13:13:51]
AdwCleaner[S1].txt - [1024 octets] - [24/01/2013 21:07:14]
AdwCleaner[S2].txt - [876 octets] - [25/01/2013 11:24:06]
AdwCleaner[S3].txt - [1515 octets] - [02/02/2013 00:42:34]

########## EOF - C:\AdwCleaner[S3].txt - [1575 octets] ##########

#13 marija_peg

marija_peg
  • Topic Starter

  • Members
  • 128 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:50 AM

Posted 01 February 2013 - 06:53 PM

HM, although today I did get two pop-up MalwareBytes notifications that it stopped malicious items of incoming type.

#14 marija_peg

marija_peg
  • Topic Starter

  • Members
  • 128 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:50 AM

Posted 01 February 2013 - 06:54 PM

Malwarebytes Anti-Malware (PRO) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.31.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
XX :: XX [administrator]

Protection: Enabled

1.2.2013. 0:07:01
mbam-log-2013-02-01 (00-07-01).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 316297
Time elapsed: 1 hour(s), 42 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#15 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:04:50 PM

Posted 01 February 2013 - 09:59 PM

Good afternoon marija_peg,

What did the notifications say exactly?

Please run a free online scan with the ESET Online Scanner.
Note: You can use Internet Explorer or Mozilla Firefox for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start.
  • When asked, allow the ActiveX control to install.
  • Click Start.
  • Make sure that the option Remove found threats is unchecked and the option Scan unwanted applications is checked.
  • Click Scan.
    Wait for the scan to finish.
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users