Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

VirTool:Win32/Obfuscator.XZ infection detected by MSS


  • This topic is locked This topic is locked
7 replies to this topic

#1 korla1

korla1

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:32 AM

Posted 20 March 2013 - 05:16 PM

Hello,

 

Yesterday I scanned my computer with the Microsoft Safety Scanner and it found HackTool:Win32/Keygen in a Bit Comet download folder, which i successfully deleted by deleting te whole folder. But today when scanning again MSS found two copies of VirTool:Win32/Obfuscator.XZ and MSS itself could not remove it. The malware was found on the same D disk as the HackTool, only this time in a folder in which i keep installed games as opposed to downloaded files via Bit Comet. The files were found in folders of two games: Fifa 13 (rldea.dll) and Far Cry 3 (ubiorbitapi_r2_loader.dll). I have scanned the whole system with the newest free Avast antivirus and the D disk with Malwarebytes and found nothing both times. So, how do i get rid of this and how come it was detected only after deleting folders containing HackTool:Win32/Keygen. I am also currently scanning with ESET online scanner and will post results as soon as it finishes. I also had some problems with Windows .NET 4 framework updates, but i have resolved that by installing it all over again. 

 

DDS log:

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16521  BrowserJavaVersion: 10.17.2
Run by Jaka at 22:40:54 on 2013-03-20
Microsoft Windows 7 Professional   6.1.7601.1.1250.386.1060.18.8175.4352 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe
C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\GIGABYTE\SMART6\Recovery\RPMDaemon.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Jaka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Users\Jaka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\Jaka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jaka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jaka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jaka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
C:\Users\Jaka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jaka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jaka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jaka\Downloads\msert.exe
C:\Users\Jaka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jaka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jaka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jaka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jaka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?AF=108976&babsrc=HP_ss&mntrId=ca74ab3a00000000000050e549411684
uURLSearchHooks: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\programi\MOP\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\programi\MOP\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: DVDVideoSoft WebPageAdjuster Class: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - 
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Google Update] "C:\Users\Jaka\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Uniblue RegistryBooster 2] c:\program files (x86)\uniblue\registrybooster 2\StartRegistryBooster.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [GoogleChromeAutoLaunch_7460B1340BCCF5AFE90BC346B0BCB264] "C:\Users\Jaka\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CINEFO~1.LNK - C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - D:\programi\MOP\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: I&zvoz v Microsoft Excel - C:\PROGRA~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000
IE: Se&nd to OneNote - D:\programi\MOP\Office14\ONBttnIE.dll/105
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206
IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 84.255.209.79 84.255.210.79
TCP: Interfaces\{AF3AD439-B72C-41ED-86EF-13B36ADBA0C6} : DHCPNameServer = 84.255.209.79 84.255.210.79
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\programi\MOP\Office14\GROOVEEX.DLL
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: GBHO.BHO: {45d30484-7ded-43d9-957a-d2fd1f046511} - 
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: DVDVideoSoft WebPageAdjuster Class: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
x64-TB: Smart Recovery 2: {1d09c093-f71e-43c3-b948-19316cbd695e} - 
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-RunOnce: [RPMKickstart] C:\Program Files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jaka\AppData\Roaming\Mozilla\Firefox\Profiles\v1xdu0wa.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\Jaka\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - plugin: D:\programi\MOP\Office14\NPAUTHZ.DLL
FF - plugin: D:\programi\MOP\Office14\NPSPWRAP.DLL
FF - ExtSQL: !HIDDEN! 2012-05-13 13:11; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=ca74ab3a00000000000050e549411684&q=
FF - user.js: extensions.BabylonToolbar.id - ca74ab3a00000000000050e549411684
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15708
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.7.2
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.7.2
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.7.218:07:54
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar_i.excTlbr - false
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar.rvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-19 65336]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-3-17 55280]
R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2011-11-12 21104]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-11-12 1025808]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-11-12 377920]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-11-12 279616]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-11-12 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-11-12 80816]
R2 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-1-31 19232]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-3-19 45248]
R2 Smart TimeLock;Smart TimeLock Service;C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe [2011-11-12 114688]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2011-8-19 450848]
R2 XMouseButton Launcher;XMouseButton Launcher;C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonSvc.exe [2012-6-23 87040]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2011-8-19 351136]
R3 LVUVC64;Logitech HD Webcam C270(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2011-8-19 4869024]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-11-12 413800]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-19 178624]
S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;C:\Program Files\BitComet\tools\BitCometService.exe -service --> C:\Program Files\BitComet\tools\BitCometService.exe -service [?]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 FACAP;facap, FastAccess Video Capture;C:\Windows\System32\drivers\facap.sys [2008-9-24 238848]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-12-4 1432400]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-20 19456]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2012-9-24 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2012-9-24 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2012-9-24 177640]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-20 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-2-20 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Storitev tehnologije za aktiviranje sistema Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-14 1255736]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1"
.
=============== Created Last 30 ================
.
2013-03-20 17:08:31 -------- d-----w- C:\Program Files (x86)\ESET
2013-03-19 22:20:51 -------- d-----w- C:\Users\Jaka\AppData\Roaming\Malwarebytes
2013-03-19 22:16:56 -------- d-----w- C:\ProgramData\Malwarebytes
2013-03-19 22:16:55 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-03-19 16:19:41 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin7.dll
2013-03-19 16:19:41 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin6.dll
2013-03-19 16:19:41 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2013-03-19 16:19:41 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2013-03-19 16:19:41 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2013-03-19 16:19:41 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2013-03-19 16:19:41 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2013-03-19 15:48:27 70992 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-03-19 15:48:26 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-03-19 15:48:26 178624 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-03-19 13:01:57 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-03-19 08:23:10 9162192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EB34D880-1EF2-48CD-8B7A-7DE9633E95E2}\mpengine.dll
2013-03-18 15:16:05 -------- d-----w- C:\Users\Jaka\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2013-03-17 17:07:16 55280 ------w- C:\Windows\System32\drivers\PxHlpa64.sys
2013-03-17 17:07:16 10224 ------w- C:\Windows\System32\drivers\cdralw2k.sys
2013-03-17 17:07:16 10224 ------w- C:\Windows\System32\drivers\cdr4_xp.sys
2013-03-17 17:07:15 -------- d-----w- C:\Program Files (x86)\My Company Name
2013-03-17 17:07:15 -------- d-----w- C:\Program Files (x86)\Common Files\Sonic Shared
2013-03-16 18:12:40 -------- d-----w- C:\eb8057ed5395f34e4dac5e37
2013-03-15 00:01:33 53248 ----a-r- C:\Users\Jaka\AppData\Roaming\Microsoft\Installer\{A876EBF9-9046-4953-888D-8A60B8777027}\ARPPRODUCTICON.exe
2013-03-15 00:01:32 -------- d-----w- C:\Program Files (x86)\Avid
2013-03-14 21:02:19 178688 ----a-w- C:\Windows\SysWow64\unrar.dll
2013-03-14 21:02:16 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack
2013-03-14 21:01:05 -------- d-----w- C:\Users\Jaka\AppData\Local\Programs
2013-03-14 20:18:54 -------- d-----w- C:\Users\Jaka\AppData\Roaming\PACE Anti-Piracy
2013-03-14 20:18:54 -------- d-----w- C:\Users\Jaka\AppData\Local\PACE Anti-Piracy
2013-03-14 20:18:54 -------- d-----w- C:\ProgramData\PACE Anti-Piracy
2013-03-14 20:18:54 -------- d-----w- C:\Program Files\Common Files\PACE Anti-Piracy
2013-03-14 18:14:44 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2013-03-14 18:14:25 -------- d-----w- C:\Program Files\iPod
2013-03-14 18:14:24 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-03-14 18:14:24 -------- d-----w- C:\Program Files (x86)\iTunes
2013-03-14 18:14:23 -------- d-----w- C:\Program Files\iTunes
2013-03-14 18:13:48 -------- d-----w- C:\Program Files\Bonjour
2013-03-14 18:13:48 -------- d-----w- C:\Program Files (x86)\Bonjour
2013-03-14 18:06:00 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-03-14 18:05:55 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-06 21:47:25 -------- d-----w- C:\Users\Jaka\AppData\Roaming\MPEG Streamclip
2013-02-20 14:23:45 -------- d-----w- C:\Windows\softwaredistribution.bak2
2013-02-20 13:27:27 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2013-02-20 13:27:27 366592 ----a-w- C:\Windows\System32\qdvd.dll
2013-02-20 13:27:27 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-02-20 13:27:27 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-02-20 13:27:26 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-02-20 13:27:26 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
2013-02-20 13:27:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-02-20 13:27:26 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-02-20 13:27:26 1448448 ----a-w- C:\Windows\System32\lsasrv.dll
2013-02-19 23:15:37 -------- d-----w- C:\Windows\softwaredistribution.bak1
.
==================== Find3M  ====================
.
2013-03-20 18:29:21 25640 ----a-w- C:\Windows\gdrv.sys
2013-03-19 16:16:15 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-19 16:16:15 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-14 18:05:45 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-03-06 23:33:21 1025808 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-03-06 23:33:20 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-03-06 23:32:51 41664 ----a-w- C:\Windows\avastSS.scr
2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-01-17 00:28:58 273840 ------w- C:\Windows\System32\MpSigStub.exe
2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-01-13 20:22:22 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll
2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll
2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll
2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53:14 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll
2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll
2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll
2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll
2013-01-13 19:38:32 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll
2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll
2013-01-13 19:24:33 648192 ----a-w- C:\Windows\System32\d3d10level9.dll
2013-01-13 19:24:30 221184 ----a-w- C:\Windows\System32\UIAnimation.dll
2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll
2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll
2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-01-13 19:10:36 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2013-01-13 19:02:06 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-01-13 18:34:58 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32:43 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-01-13 18:09:52 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2013-01-13 17:26:42 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2013-01-13 17:05:09 1682432 ----a-w- C:\Windows\System32\XpsPrint.dll
2013-01-08 14:28:20 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2013-01-08 14:28:20 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2013-01-07 13:45:56 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2013-01-05 05:53:43 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-01-05 05:00:15 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00:11 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-01-04 06:11:21 2284544 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2013-01-04 06:11:13 2776576 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2013-01-04 05:46:09 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-01-04 03:26:48 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-01-03 17:06:04 773968 ----a-w- C:\Windows\SysWow64\msvcr100.dll
2013-01-03 06:00:54 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-01-03 06:00:42 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-12-27 15:51:51 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
.
============= FINISH: 22:41:35,34 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:32 PM

Posted 22 March 2013 - 09:45 PM

Hi and Welcome!!
 
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to this topic so that you can see when there are new responses.
  • IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
    DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.

     
    Having said that.... vegeta_zps7f4345cf.gifLet's get going!!
    ----------

    ckscannericon_zpsafea984c.jpg Download CKScanner by askey127 from Here & save it to your Desktop.
    • Right-click and Run as Administrator CKScanner.exe then click Search For Files
    • When the cursor hourglass disappears, click Save List To File
    • A message box will verify the file saved
    • Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply
    ----------

    aswmbr-1-1.jpg
  • Please download aswMBR to your desktop.
  • Double click the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • If you are asked to update the Avast Virus database please allow it to do so.
  • When it finishes, press the save log button, save the logfile to your desktop and attach its contents in your next reply.
aswmbrscan.jpg
  • Click the image to enlarge it

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#3 korla1

korla1
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:32 AM

Posted 23 March 2013 - 04:20 AM

So in the meantime I the ESET scan finished and found nothing. I also scanned with SUPERAntiSpyware free, Malwarebytes' Anti-Rootkit and Kaspersky virus removal tool and did not find anything with any of them. I even checked the log from Kaspersky and it passed exactly those files as OK. Anyway I got rid of one version of the VirTool... by simply uninstalling and deleting Far Cry 3, so only the FIFA rldea.dll remains, and i would very much like to keep this file in order to keep the game functional, so optimally i am hoping for no deleting only repairing :) now let's get down to business: 
 
CKScanner results:
 
CKScanner 2.1 - Additional Security Risks - These are not necessarily bad
hosts 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
hosts 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
hosts 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
hosts 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
hosts 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
hosts 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
hosts 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
hosts 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net crl.verisign.net ood.opsource.net
hosts 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net crl.verisign.net ood.opsource.net
hosts 127.0.0.1 activate.adobe.com
hosts 127.0.0.1 practivate.adobe.com
hosts 127.0.0.1 ereg.adobe.com
hosts 127.0.0.1 activate.wip3.adobe.com
hosts 127.0.0.1 wip3.adobe.com
hosts 127.0.0.1 3dns-3.adobe.com
hosts 127.0.0.1 3dns-2.adobe.com
hosts 127.0.0.1 adobe-dns.adobe.com
hosts 127.0.0.1 adobe-dns-2.adobe.com
hosts 127.0.0.1 adobe-dns-3.adobe.com
hosts 127.0.0.1 ereg.wip3.adobe.com
hosts 127.0.0.1 activate-sea.adobe.com
hosts 127.0.0.1 wwis-dubc1-vip60.adobe.com
hosts 127.0.0.1 activate-sjc0.adobe.com
hosts 127.0.0.1                               adobe.activate.com
hosts 127.0.0.1                               adobeereg.com                        
hosts 127.0.0.1                               www.adobeereg.com                    
hosts 127.0.0.1                               wwis-dubc1-vip60.adobe.com           
hosts 127.0.0.1                               hl2rcv.adobe.com
scanner sequence 3.ZZ.11.GFAPAG
 ----- EOF ----- 
 
two aswMBR logs attached, one quick scan and one for the D disk folder in which the file is located.

Attached Files



#4 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:32 PM

Posted 23 March 2013 - 10:24 AM

Have you used some type of crack or keygen to obtain unauthorized Adobe products?  

 

If so, you will need to remove all of them and then run a fresh scan with CKScanner and post the new log before we can continue.  


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#5 korla1

korla1
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:32 AM

Posted 23 March 2013 - 10:30 AM

I dont know as i am not the only user of this computer... But i do not understand what does that have to do with my problem which has nothing to do with an adobe product? Could you please explain a bit about this VirTool:win32/Obfuscator.XZ file, what it can do and what are the risks of keeping it? Thank you!


Edited by korla1, 23 March 2013 - 10:33 AM.


#6 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:32 PM

Posted 23 March 2013 - 02:27 PM

Per our Forum Rules

No subject matter will be allowed whose purpose is to defeat existing copyright or security measures. If a user persists and/or the activity is obviously illegal the staff reserves the right to remove such content and/or ban the user. This would also mean encouraging the use or continued use of pirated software is not permitted, and subject to the same consequences.

 

 

Besides being illegal, it's the number one way of infecting your system as all cracked/keygen software is infected. This forum, as well as all the other malware removal forums, do not support the use of illegal software except for their removal.  If I were to continue helping you with illegal software installed, it could be construed in the eyes of the law as aiding and abetting a crime.
 
This may or may not be related to your computer issues, however, if you wish me to continue helping you, then you must remove both the keygen and crack files as well as the related programs and then run a new scan with CKScanner and post the new log.  If you do not agree to this then this thread will be closed and no further help will be offered because I will never be able to tell you your malware logs are clean.  Please let me know if you wish to continue. 

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#7 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:32 PM

Posted 26 March 2013 - 09:56 AM

Still here?

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#8 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:32 PM

Posted 27 March 2013 - 07:06 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users