Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

A problem with Skype (Jen+Lova virus thingy)


  • This topic is locked This topic is locked
2 replies to this topic

#1 Offlinee

Offlinee

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:41 PM

Posted 09 March 2013 - 11:44 AM

The beginning of the topic is here, I think I'm not going to copy-paste the whole thing:

 

http://www.bleepingcomputer.com/forums/t/487614/a-problem-with-skype-jenlova-virus-thingy/

 

 

As boopme requested, here's the output of DDS.txt:

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16464

Run by John at 18:11:46 on 2013-03-09

Microsoft Windows 7 Home Premium   6.1.7601.1.1257.372.1033.18.8078.4449 [GMT 2:00]

.

AV: ESET Smart Security 5.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

SP: ESET Smart Security 5.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

C:\Windows\system32\WLANExt.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe

C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files\Intel\iCLS Client\HeciServer.exe

C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe

C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

C:\Windows\system32\taskeng.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\ASUS\P4G\BatteryLife.exe

C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x64\QuickGesture64.exe

C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe

C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe

C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

C:\Program Files\Elantech\ETDCtrl.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe

C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe

C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

C:\Program Files (x86)\RocketDock\RocketDock.exe

C:\Users\John\Desktop\Crap\gabnetstats\GabNetStats.exe

C:\Users\John\Local Settings\Apps\F.lux\flux.exe

C:\Program Files (x86)\Stickies\stickies.exe

C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

C:\Windows\AsScrPro.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\SysWOW64\ACEngSvr.exe

C:\Program Files\Elantech\ETDCtrlHelper.exe

C:\Program Files\Elantech\ETDGesture.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe

C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

C:\Program Files (x86)\StreamTransport\StreamTransport.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxps://encrypted.google.com/

uDefault_Page_URL = hxxp://asus.msn.com

mStart Page = hxxp://asus.msn.com

mWinlogon: Userinit = userinit.exe

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: EstEIDIEPluginBHO Class: {2A4E94A4-B275-491A-9E32-CD7A26FC7C3B} - C:\Program Files (x86)\Estonian ID Card\esteid-plugin-ie.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>

BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"

uRun: [GabNetStats] "C:\Users\John\Desktop\Crap\gabnetstats\GabNetStats.exe"

uRun: [Simp] <no file>

mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"

mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

mRun: [ASUS InstantKey] C:\Program Files (x86)\ASUS\ASUS Instant Key\Ikey_start.exe

mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

mRun: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S

mRun: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe

mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

StartupFolder: C:\Users\John\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Stickies.lnk - C:\Program Files (x86)\Stickies\stickies.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe

uPolicies-Explorer: NoDriveAutoRun = dword:32

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

TCP: NameServer = 192.168.1.254

TCP: Interfaces\{14CF9705-6610-4302-B3F9-5225EBA88DF5} : NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{14CF9705-6610-4302-B3F9-5225EBA88DF5} : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{14CF9705-6610-4302-B3F9-5225EBA88DF5}\255647370796C6C6 : NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{14CF9705-6610-4302-B3F9-5225EBA88DF5}\255647370796C6C6 : DHCPNameServer = 192.168.8.1

TCP: Interfaces\{14CF9705-6610-4302-B3F9-5225EBA88DF5}\3316E483D6447653 : NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{14CF9705-6610-4302-B3F9-5225EBA88DF5}\3316E483D6447653 : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{14CF9705-6610-4302-B3F9-5225EBA88DF5}\671626167796669623 : NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{14CF9705-6610-4302-B3F9-5225EBA88DF5}\671626167796669623 : DHCPNameServer = 192.168.8.1

TCP: Interfaces\{14CF9705-6610-4302-B3F9-5225EBA88DF5}\842555 : NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{14CF9705-6610-4302-B3F9-5225EBA88DF5}\842555 : DHCPNameServer = 192.168.11.1

TCP: Interfaces\{2547B5EE-C9B0-45BA-B4AB-05B74C9CE60B} : NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{2547B5EE-C9B0-45BA-B4AB-05B74C9CE60B} : DHCPNameServer = 8.8.8.8 8.8.4.4

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

AppInit_DLLs=   C:\Windows\SysWOW64\nvinit.dll prio32.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-mStart Page = hxxp://asus.msn.com

x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3

x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe

x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"

x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice

x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"

x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"

x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\owggq3bv.default\

FF - prefs.js: browser.startup.homepage - hxxps://startpage.com/do/mypage.pl?prf=54d22050408fe3a4d14954075252533b

FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Estonian ID Card\npesteid-firefox-plugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll

FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\SumatraPDF\npPdfViewer.dll

FF - plugin: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll

FF - plugin: C:\Users\John\AppData\Roaming\Mozilla\plugins\npoctoshape.dll

FF - plugin: C:\Users\John\AppData\Roaming\TorrentStream\player\npts_plugin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

FF - ExtSQL: 2013-01-16 01:55; {e968fc70-8f95-4ab9-9e79-304de2a71ee1}; C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\owggq3bv.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi

FF - ExtSQL: 2013-02-18 00:48; firebug@software.joehewitt.com; C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\owggq3bv.default\extensions\firebug@software.joehewitt.com.xpi

FF - ExtSQL: 2013-03-04 19:48; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\owggq3bv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

.

============= SERVICES / DRIVERS ===============

.

R0 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2012-3-14 62496]

R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-3-13 16152]

R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2013-1-11 30648]

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-9-23 56208]

R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-9-8 283200]

R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2012-3-14 209768]

R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\System32\drivers\EpfwLWF.sys [2012-3-14 38288]

R1 nvkflt;nvkflt;C:\Windows\System32\drivers\nvkflt.sys [2013-1-11 284600]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-1-9 659968]

R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]

R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2012-2-17 277120]

R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-10-28 106144]

R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-1-11 135952]

R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2012-3-7 913144]

R2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-5-24 1840128]

R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-3 628448]

R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-6-8 128280]

R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-6-8 161560]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-29 383416]

R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-10-28 158880]

R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2011-12-8 594704]

R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2012-1-20 16128]

R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-6-8 363800]

R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\drivers\AiCharger.sys [2012-6-8 17152]

R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2012-1-9 195584]

R3 AsusVBus;AsusVBus;C:\Windows\System32\drivers\AsusVBus.sys [2011-12-21 35968]

R3 AsusVTouch;AsusVTouch;C:\Windows\System32\drivers\AsusVTouch.sys [2011-11-8 16512]

R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-10-28 30368]

R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2012-3-13 200488]

R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-3-13 356120]

R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-3-13 787736]

R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-3-13 103536]

R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-24 22408]

R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\System32\drivers\LGSHidFilt.Sys [2012-2-7 66328]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2012-1-9 195584]

S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2011-1-14 74840]

S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-10-28 36000]

S3 atrfiltr;atrfiltr;C:\Windows\System32\drivers\atrfiltr.sys [2012-4-2 16184]

S3 BazisPortableCDBus;Portable WinCDEmu driver;C:\Windows\System32\drivers\BazisPortableCDBus.sys [2013-2-24 268896]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-10-28 330912]

S3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2011-10-28 110240]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-10-28 167584]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-10-28 68256]

S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-10-28 280992]

S3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-10-28 521376]

S3 IT9135BDA;IT9135 BDA Devices;C:\Windows\System32\drivers\IT9135BDA.sys [2012-11-27 164864]

S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-24 16008]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-12-8 273168]

S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-18 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2011-2-18 31232]

S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.5;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2012-1-20 149504]

S3 VASDeviceDrm;Virtual Audio Streaming with Drm (WDM);C:\Windows\System32\drivers\vasdDev.sys [2012-9-20 1454896]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-9-2 1255736]

S4 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-12 140672]

S4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-4-26 2702848]

S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]

S4 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S4 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-12 3463080]

.

=============== File Associations ===============

.

FileExt: .js: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [UserChoice]

ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1"

.

=============== Created Last 30 ================

.

2013-03-06 21:42:36    9162192    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EB511E5D-908D-4A71-936F-594AE245BB43}\mpengine.dll

2013-03-06 16:01:13    --------    d-----w-    C:\Program Files (x86)\ESET

2013-03-05 14:25:13    --------    d-----w-    C:\Program Files (x86)\temp~

2013-03-04 18:59:28    --------    d-----w-    C:\Users\John\AppData\Roaming\freac

2013-03-04 18:58:28    --------    d-----w-    C:\Program Files (x86)\freac

2013-03-03 15:41:16    --------    d-----w-    C:\Users\John\AppData\Roaming\HandBrake

2013-03-03 15:41:08    --------    d-----w-    C:\Program Files\Handbrake

2013-03-03 15:28:42    --------    d-----w-    C:\Users\John\AppData\Local\AppsForFree

2013-03-03 15:06:09    --------    d-----w-    C:\Users\John\AppData\Roaming\.purple

2013-03-03 15:03:31    --------    d-----w-    C:\Program Files (x86)\Pidgin

2013-03-03 14:52:44    --------    d-----w-    C:\Users\John\AppData\Local\SJ

2013-03-03 14:52:22    --------    d-----w-    C:\Users\John\AppData\Local\Programs

2013-02-25 21:04:53    --------    d-----w-    C:\Users\John\AppData\Roaming\Wireshark

2013-02-25 20:54:04    --------    d-----w-    C:\Program Files\Wireshark

2013-02-24 20:06:09    268896    ----a-w-    C:\Windows\System32\drivers\BazisPortableCDBus.sys

2013-02-17 20:46:16    20300952    ----a-w-    C:\Firefox Setup 18.0.2.exe

2013-02-16 14:08:02    996352    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-16 14:08:02    768000    ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-16 14:05:58    3967848    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe

2013-02-16 14:05:57    3913064    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe

2013-02-16 14:05:52    215040    ----a-w-    C:\Windows\System32\winsrv.dll

2013-02-16 14:05:51    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe

2013-02-16 14:05:51    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll

2013-02-16 14:05:51    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe

2013-02-16 14:05:51    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll

2013-02-16 14:05:50    2048    ----a-w-    C:\Windows\SysWow64\user.exe

2013-02-16 14:05:43    288088    ----a-w-    C:\Windows\System32\drivers\FWPKCLNT.SYS

2013-02-16 14:05:43    1913192    ----a-w-    C:\Windows\System32\drivers\tcpip.sys

2013-02-16 14:05:42    3153408    ----a-w-    C:\Windows\System32\win32k.sys

2013-02-12 15:48:37    --------    d-----w-    C:\Users\John\AppData\Roaming\gnupg

2013-02-12 15:45:24    --------    d-----w-    C:\Users\John\AppData\Local\Thunderbird

2013-02-12 15:44:33    --------    d-----w-    C:\Program Files (x86)\GNU

2013-02-09 17:17:59    --------    d-----w-    C:\Users\John\Packet Tracer 5.2

2013-02-09 17:17:34    --------    d-----w-    C:\Program Files (x86)\Packet Tracer 5.2

2013-02-09 14:47:44    --------    d-----w-    C:\Program Files (x86)\zbar

2013-02-09 14:46:06    --------    d-----w-    C:\Program Files (x86)\Eclipse

2013-02-09 00:42:14    --------    d-----w-    C:\Users\John\AppData\Local\Deployment

.

==================== Find3M  ====================

.

2013-03-09 16:04:41    387    ----a-w-    C:\Users\John\AppData\Roaming\sp_data.sys

2013-01-27 23:25:55    108448    ----a-w-    C:\Windows\System32\WindowsAccessBridge-64.dll

2013-01-27 23:25:53    960416    ----a-w-    C:\Windows\System32\deployJava1.dll

2013-01-27 23:25:53    1081760    ----a-w-    C:\Windows\System32\npDeployJava1.dll

2013-01-16 23:28:58    273840    ------w-    C:\Windows\System32\MpSigStub.exe

2013-01-09 01:19:09    2312704    ----a-w-    C:\Windows\System32\jscript9.dll

2013-01-09 01:12:03    1392128    ----a-w-    C:\Windows\System32\wininet.dll

2013-01-09 01:11:06    1494528    ----a-w-    C:\Windows\System32\inetcpl.cpl

2013-01-09 01:07:51    173056    ----a-w-    C:\Windows\System32\ieUnatt.exe

2013-01-09 01:07:47    599040    ----a-w-    C:\Windows\System32\vbscript.dll

2013-01-09 01:04:42    2382848    ----a-w-    C:\Windows\System32\mshtml.tlb

2013-01-08 22:11:21    1800704    ----a-w-    C:\Windows\SysWow64\jscript9.dll

2013-01-08 22:03:20    1129472    ----a-w-    C:\Windows\SysWow64\wininet.dll

2013-01-08 22:03:12    1427968    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl

2013-01-08 21:59:02    142848    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe

2013-01-08 21:58:29    420864    ----a-w-    C:\Windows\SysWow64\vbscript.dll

2013-01-08 21:56:23    2382848    ----a-w-    C:\Windows\SysWow64\mshtml.tlb

2013-01-05 05:53:43    5553512    ----a-w-    C:\Windows\System32\ntoskrnl.exe

2013-01-04 04:43:21    44032    ----a-w-    C:\Windows\apppatch\acwow64.dll

2012-12-29 08:40:27    6382008    ----a-w-    C:\Windows\System32\nvcpl.dll

2012-12-29 08:40:27    3455416    ----a-w-    C:\Windows\System32\nvsvc64.dll

2012-12-29 08:40:11    2923201    ----a-w-    C:\Windows\System32\nvcoproc.bin

2012-12-29 08:40:09    997816    ----a-w-    C:\Windows\System32\nv3dappshext.dll

2012-12-29 08:40:09    884152    ----a-w-    C:\Windows\System32\nvvsvc.exe

2012-12-29 08:40:09    63928    ----a-w-    C:\Windows\System32\nvshext.dll

2012-12-29 08:40:09    55736    ----a-w-    C:\Windows\System32\nv3dappshextr.dll

2012-12-29 08:40:09    2558392    ----a-w-    C:\Windows\System32\nvsvcr.dll

2012-12-29 08:40:09    118712    ----a-w-    C:\Windows\System32\nvmctray.dll

2012-12-29 00:54:24    550328    ----a-w-    C:\Windows\SysWow64\nvStreaming.exe

2012-12-20 00:47:38    859072    ----a-w-    C:\Windows\SysWow64\npDeployJava1.dll

2012-12-20 00:47:38    779704    ----a-w-    C:\Windows\SysWow64\deployJava1.dll

2012-12-20 00:43:44    73656    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-20 00:43:44    697272    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe

2012-12-16 17:11:22    46080    ----a-w-    C:\Windows\System32\atmlib.dll

2012-12-16 14:45:03    367616    ----a-w-    C:\Windows\System32\atmfd.dll

2012-12-16 14:13:28    295424    ----a-w-    C:\Windows\SysWow64\atmfd.dll

2012-12-16 14:13:20    34304    ----a-w-    C:\Windows\SysWow64\atmlib.dll

2012-12-14 14:49:28    24176    ----a-w-    C:\Windows\System32\drivers\mbam.sys

2012-12-11 22:46:18    42440    ----a-w-    C:\Windows\SysWow64\xfcodec.dll

2012-12-11 22:46:18    28104    ----a-w-    C:\Windows\System32\xfcodec64.dll

.

============= FINISH: 18:12:14,93 ===============

 

 

And Attact.txt has been attached.

Attached File  Attach.txt   8.8KB   0 downloads


Edited by Offlinee, 09 March 2013 - 11:46 AM.


BC AdBot (Login to Remove)

 


#2 Offlinee

Offlinee
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:41 PM

Posted 11 March 2013 - 05:50 PM

Since I was unable to edit my post I just wanted to let you know that the problem basically resolved itself. Basically I didn't log in to my Microsoft account for 5 days or so, and the problem seems to have vanished. Though I'm not sure if the problem is gone for good completely, but this stranger hasn't written anything to me.. so I guess, problem solved?



#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:41 PM

Posted 12 March 2013 - 08:13 PM

Thanks for letting me know :thumbup2:

-----------------------------------------------

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users