Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Webpage auto loads on startup


  • This topic is locked This topic is locked
24 replies to this topic

#1 ABud

ABud

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:19 AM

Posted 26 September 2013 - 11:48 AM

Hi all,

 

Got an annoying virus thing going on.  As the title says, www.sh.com opens up in Windows Explorer (version 10) on startup (OS Windows 7 x64). I've seen a few other posts from people saying they've had this problem but the advice seems to be quite specific to each person.

 

I've ran MalwareBytes, Avast, and Dr Web Cureit with no virus' being detected.

 

Any help would be greatly appreciated. Thanks,

 

Andy



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:19 AM

Posted 26 September 2013 - 04:31 PM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

You told us that you removed several items with Malwarebytes´ Antimalware. This tool creates a log on every run and we need to see them.


  • The logs can be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Zip any and all of these logs and attach the file to your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 ABud

ABud
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:19 AM

Posted 27 September 2013 - 05:09 AM

Hi, thanks for your reply.

 

I've attached the logs from Malwarebytes.  These are all the scans from this current year, although as you can see they always came back with no virus' detected. The reason the scan (log 14-57-35) took an hour longer is because I was running other scans at the same time.

 

Thanks,

 

Andy

Attached Files



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:19 AM

Posted 27 September 2013 - 08:21 AM

Scan with DDS

Download DDS and save it to your desktop from here or here or
here.

Disable any script blocker, and then double click dds.scr to run the tool.

When done, DDS will open two (2) logs
DDS.txt
Attach.txt
Save both reports to your desktop.

 

 

 

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 ABud

ABud
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:19 AM

Posted 28 September 2013 - 05:03 AM

dds.txt

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16686  BrowserJavaVersion: 10.40.2
Run by Andrew at 10:39:52 on 2013-09-28
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.8183.5938 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Free Firewall Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\GIGABYTE\G.O.M\GCSVR.EXE
C:\Windows\SysWOW64\XSrvSetup.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe
C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\SoftwareDistribution\Download\Install\mpas-d_bd_1.159.552.0.exe
c:\89d69015e2dd06ce8395\MpMiniSigStub.exe
C:\Windows\system32\MpSigStub.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

uURLSearchHooks: SearchHook Class: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
BHO: vShare Plugin: {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
BHO: Zonealarm Helper Object: {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.5.20.3\bh\zonealarm.dll
BHO: FGCatchUrl: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - <orphaned>
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: FlashGet GetFlash Class: {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB: vShare Plugin: {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
TB: vShare Plugin: {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
TB: ZoneAlarm Security Toolbar: {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.5.20.3\zonealarmTlbr.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
uRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
uRun: [DS3 Tool] C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe -mini
uRun: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
mRun: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [MRUTray] C:\Program Files (x86)\Marvell\raid\tray\MarvellTray.exe
mRun: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
mRun: [Automatically Log Internet Connection Status Software.exe] <no file>
mRunOnce: [GBTUpd] C:\Program Files (x86)\GIGABYTE\GBTUpd\PreRun.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CINEFO~1.LNK - C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\jc_all.htm
IE: &Download with FlashGet - C:\Program Files (x86)\FlashGet\jc_link.htm
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.






TCP: NameServer = 192.168.1.254
TCP: Interfaces\{385CF97B-5925-45E3-9283-D3FE02B66E67} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{C5A66191-EE07-42B7-B0C2-CF70BE7FA533} : DHCPNameServer = 192.168.42.129
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
x64-Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
x64-Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
x64-Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-20 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-20 204880]
R0 mv91cons;Marvell 91xx Config Device Driver;C:\Windows\System32\drivers\mv91cons.sys [2009-10-9 22568]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2013-9-25 17720]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-12-18 1030952]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-12-18 378944]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2012-11-15 574272]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-9-29 203264]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-12-18 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-12-18 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-5-20 46808]
R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2010-10-14 219360]
R2 COM Service;COM Service;C:\Program Files (x86)\GIGABYTE\G.O.M\GCSVR.exe [2010-10-15 16384]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2011-11-3 33712]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2011-11-3 828072]
R2 JMB36X;JMB36X;C:\Windows\SysWOW64\XSrvSetup.exe [2010-10-14 65536]
R2 Marvell RAID;Marvell RAID Event Agent;C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe [2009-10-5 151552]
R2 MRUWebService;MRU Web Service;C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe [2009-4-9 24635]
R2 Smart TimeLock;Smart TimeLock Service;C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe [2010-10-15 114688]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2009-10-26 75264]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2009-10-26 176640]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-12-3 406632]
R3 SaiK0836;SaiK0836;C:\Windows\System32\drivers\SaiK0836.sys [2010-6-17 172040]
R3 stdriver;Sound tap driver Upper Class Filter Driver v2.0.0.0;C:\Windows\System32\drivers\stdriver64.sys [2011-3-28 56408]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-8-16 116240]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-2-6 102936]
S3 etdrv;etdrv;C:\Windows\etdrv.sys [2010-10-15 25640]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2011-2-20 129440]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2010-10-15 30528]
S3 libusb0;Atmel - LibUsb Kernel Driver 10/02/2010 1.2.2.0;C:\Windows\System32\drivers\libusb0.sys [2012-7-26 43456]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2012-7-26 121416]
S3 nosGetPlusHelper;getPlus® Helper 3004;C:\Windows\System32\svchost.exe -k nosGetPlusHelper [2009-7-14 27136]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-1 19456]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-2-6 203544]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-1 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-10-17 1255736]
.
=============== Created Last 30 ================
.
2013-09-28 09:40:01 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{722B0FF5-975A-40FF-9C1A-A02049F47487}\mpengine.dll
2013-09-28 09:39:51 -------- d-----w- C:\89d69015e2dd06ce8395
2013-09-26 15:59:07 -------- d-----w- C:\ProgramData\Oracle
2013-09-26 15:58:58 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-09-25 17:15:26 32600 ----a-w- C:\Windows\System32\SmartDefragBootTime.exe
2013-09-25 17:15:14 17720 ----a-w- C:\Windows\System32\drivers\SmartDefragDriver.sys
2013-09-13 22:06:53 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin
2013-09-13 22:06:53 -------- d-----w- C:\ProgramData\Caphyon
2013-09-13 22:06:47 -------- d-----w- C:\REX Auto Update
2013-09-13 22:05:39 -------- d-----w- C:\Program Files\Microsoft SQL Server
2013-09-13 21:57:28 -------- d-----w- C:\Users\Andrew\AppData\Roaming\REX Game Studios, LLC
2013-09-13 13:22:11 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-09-13 13:18:55 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2013-09-13 13:18:46 3155456 ----a-w- C:\Windows\System32\win32k.sys
2013-09-05 14:04:02 209272 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
==================== Find3M  ====================
.
2013-09-26 15:58:53 868264 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2013-09-26 15:58:53 790440 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-09-19 18:21:26 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-19 18:21:26 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-08-30 07:48:10 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-08-30 07:48:10 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-08-30 07:48:10 204880 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-08-30 07:48:10 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-08-30 07:48:09 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-08-30 07:47:40 41664 ----a-w- C:\Windows\avastSS.scr
2013-08-10 05:22:18 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-08-10 05:20:59 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2013-08-10 05:20:55 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-08-10 05:20:55 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-08-10 03:59:10 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-08-10 03:58:09 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-08-10 03:58:06 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-08-10 03:58:06 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-08-10 03:17:38 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-08-10 03:07:50 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-08-10 02:27:59 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-10 02:17:19 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-08-07 03:22:02 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-08-02 02:15:44 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-02 02:15:03 362496 ----a-w- C:\Windows\System32\wow64win.dll
2013-08-02 02:15:03 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-02 02:15:03 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-08-02 02:14:11 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-08-02 01:59:30 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-02 01:59:30 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-02 01:51:23 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-02 01:50:42 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe
2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe
2013-08-02 00:45:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-02 00:45:36 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-02 00:45:35 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-02 00:45:34 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-07-12 19:58:11 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-07-12 19:58:11 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll
2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 10:41:02.34 ===============

 

 

 

 

 

 

attach.txt

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 14/10/2010 20:28:15
System Uptime: 28/09/2013 10:33:43 (0 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. |  | P55A-UD4
Processor: Intel® Core™ i5 CPU         760  @ 2.80GHz | Socket 1156 | 2660/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 596 GiB total, 295.195 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP2225: 16/09/2013 19:52:14 - Automatic creation
RP2229: 17/09/2013 13:28:45 - Automatic creation
RP2234: 18/09/2013 20:56:01 - Automatic creation
RP2236: 19/09/2013 20:57:08 - Automatic creation
RP2238: 20/09/2013 21:35:12 - Automatic creation
RP2242: 21/09/2013 21:26:57 - Automatic creation
RP2246: 22/09/2013 22:33:20 - Automatic creation
RP2248: 23/09/2013 21:41:52 - Automatic creation
RP2253: 25/09/2013 19:37:55 - Automatic creation
RP2258: 26/09/2013 17:47:07 - Automatic creation
RP2260: 27/09/2013 11:13:07 - Automatic creation
.
==== Installed Programs ======================
.
@BIOS Ver.2.07
3DMark 11
7-Zip 9.20 (x64 edition)
Acronis True Image WD Edition
Adobe AIR
Adobe Download Manager
Adobe Flash Player 11 ActiveX
Adobe Reader XI (11.0.04)
Advanced SystemCare 6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Stream SDK v2 Developer
Audacity 2.0.2
Automatically Log Internet Connection Status Software
avast! Free Antivirus
Battle of Britain - Hurricane
Bonjour
Browser Configuration Utility
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC 8
Canon Utilities Movie Uploader for YouTube
Canon Utilities MyCamera
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Catalyst Control Center InstallProxy
Crysis®
Crysis® 2
D3DX10
Debut Video Capture Software
Dev-C++ 5 beta 9 release (4.9.9.2)
Downloader
Dragon Age II
Dragon Age: Origins
EA Installer
EA Shared Game Component: Activation
Easy Tune 6 B09.1120.1
F1 2010
F15
FlashGet 1.9.6.1073
Flight Simulator X
Flight Simulator X Service Pack 1
Flip 3.4.7
Futuremark SystemInfo
G.O.M
Gigabyte Raid Cinfigurer
GIMP 2.8.2
Google Earth
Google Update Helper
GoPro CineForm Studio 1.3.2
HD Tune 2.55
Hewlett-Packard ACLM.NET v1.1.0.0
HP Deskjet 3050A J611 series Basic Device Software
HP Deskjet 3050A J611 series Help
HP Photo Creations
HP Product Detection
HP Update
HPDiagnosticAlert
iTunes
Java 7 Update 40
Java Auto Updater
Junk Mail filter update
Just Flight - Carenado C185F Bush FSX
Just Flight Flying Club Archer III (FSX)
Magic DVD Copier V7.1.1
Malwarebytes Anti-Malware version 1.75.0.1300
Marvell MRU V4
Mass Effect
Mass Effect 2
Mass Effect™ 3
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft .NET Framework 4.5
Microsoft Application Error Reporting
Microsoft Flight Simulator X
Microsoft Flight Simulator X Service Pack 1
Microsoft Flight Simulator X: Acceleration
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Help Viewer 1.0
Microsoft IntelliType Pro 8.0
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2012 Express LocalDB
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 x64 ENU
Microsoft SQL Server System CLR Types
Microsoft Visual C# 2010 Express - ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
MotioninJoy Gamepad tool 0.7.1001
MSI Afterburner 2.0.0
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
NEC Electronics USB 3.0 Host Controller Driver
NVIDIA 3D Vision Controller Driver 310.90
NVIDIA 3D Vision Driver 311.06
NVIDIA Control Panel 311.06
NVIDIA Graphics Driver 311.06
NVIDIA HD Audio Driver 1.3.18.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.1031
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.11.3
NVIDIA Update Components
OpenAL
OpenOffice.org 3.3
OpenTTD 1.0.5
Origin
PDFlite 0.6
PunkBuster Services
PVSonyDll
Quake 4™
QuickTime
Rapture3D 2.4.4 Game
Real Environment Xtreme Essential
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
RedMon - Redirection Port Monitor
REX Auto Update
Saitek SD6 Programming Software 6.5.2.0
Samsung_MonSetup
SeaTools for Windows
Security Update for Microsoft .NET Framework 4.5 (KB2737083)
Security Update for Microsoft .NET Framework 4.5 (KB2742613)
Security Update for Microsoft .NET Framework 4.5 (KB2789648)
Security Update for Microsoft .NET Framework 4.5 (KB2804582)
Security Update for Microsoft .NET Framework 4.5 (KB2833957)
Security Update for Microsoft .NET Framework 4.5 (KB2840642v2)
Security Update for Microsoft Visual C# 2010 Express - ENU (KB2251489)
SimCity 4
Skype™ 5.10
Smart 6 B9.1211.1
Smart Defrag 2
SpeedFan (remove only)
System Requirements Lab
System Requirements Lab CYRI
Update for Microsoft .NET Framework 4.5 (KB2750147)
Update for Microsoft .NET Framework 4.5 (KB2805221)
Update for Microsoft .NET Framework 4.5 (KB2805226)
Update Manager B09.1008.1
VC 9.0 Runtime
VFRGenX - Volume 1: South England and South Wales
VFRGenX - Volume 2: Central England and Mid Wales
VFRGenX - Volume 3: North England and North Wales
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
vShare Plugin
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices  (03/07/2012 )
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
zeckensack's Glide wrapper (remove only)
ZoneAlarm Firewall
ZoneAlarm Free Firewall
ZoneAlarm LTD Toolbar
ZoneAlarm Security
ZoneAlarm Security Toolbar
.
==== Event Viewer Messages From Past Week ========
.
28/09/2013 10:37:37, Error: Service Control Manager [7038]  - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:  Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
28/09/2013 10:37:37, Error: Service Control Manager [7000]  - The NVIDIA Update Service Daemon service failed to start due to the following error:  The service did not start due to a logon failure.
28/09/2013 10:33:59, Error: volmgr [46]  - Crash dump initialization failed!
26/09/2013 22:11:54, Error: Service Control Manager [7031]  - The avast! Antivirus service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
25/09/2013 21:35:46, Error: Schannel [36888]  - The following fatal alert was generated: 10. The internal error state is 10.
.
==== End Of File ===========================

 

 

 

 

 

ark.txt

 

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-09-28 10:57:37
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD6402AAEX-00Y9A0 rev.05.01D05 596.17GB
Running: 8xervggt.exe; Driver: C:\Users\Andrew\AppData\Local\Temp\uwdiqpob.sys

---- Threads - GMER 2.1 ----

Thread   [1508:1720]                                                                                       0000000074f7345e
Thread   [1508:1616]                                                                                       0000000077ae3e85
Thread   [1508:2012]                                                                                       0000000075e47587
Thread   [1508:1704]                                                                                       0000000071b69a90
Thread   [1508:1868]                                                                                       0000000071bccce0
Thread   [1508:1872]                                                                                       00000000716bbf60
Thread   [1508:1660]                                                                                       00000000716bb770
Thread   [1508:1652]                                                                                       0000000077ae2e65
Thread   [1508:3988]                                                                                       00000000716af2b0
Thread   [1508:3904]                                                                                       00000000716af2b0
Thread   [1508:3928]                                                                                       00000000716af2b0
Thread   [1508:4052]                                                                                       00000000716af2b0
Thread   [1508:3916]                                                                                       00000000716af2b0
Thread   [1508:3920]                                                                                       00000000716b0580
Thread   [1508:3924]                                                                                       00000000716afb70
Thread   [1508:4028]                                                                                       00000000716da0f0
Thread   [1508:3436]                                                                                       00000000716d8ed0
Thread   [1508:3024]                                                                                       00000000716d92a0
Thread   [1508:3236]                                                                                       00000000716b1d60
Thread   [1508:3232]                                                                                       00000000716b1d60
Thread   [1508:4064]                                                                                       00000000716b1d60
Thread   [1508:3184]                                                                                       00000000716b1d60
Thread   [1508:3220]                                                                                       00000000716b1d60
Thread   [1508:3416]                                                                                       0000000073a412f0
Thread   [1508:3448]                                                                                       0000000073a42c80
Thread   [1508:3252]                                                                                       0000000073a42c80
Thread   [1508:4180]                                                                                       0000000073a01070
Thread   [1508:4208]                                                                                       0000000074f7345e
Thread   [1508:4212]                                                                                       0000000074f7345e
Thread   [1508:4228]                                                                                       00000000739112f0
Thread   [1508:4232]                                                                                       00000000738f15e0
Thread   [1508:4236]                                                                                       00000000716bcb90
Thread   [1508:4240]                                                                                       00000000716b1860
Thread   [1508:4244]                                                                                       0000000074f7345e
Thread   [1508:4256]                                                                                       00000000716dfa70
Thread   [1508:4260]                                                                                       0000000071935400
Thread   [1508:4292]                                                                                       0000000073a01630
Thread   [1508:4316]                                                                                       0000000072c07510
Thread   [1508:4356]                                                                                       0000000074f7345e
Thread   [1508:4360]                                                                                       0000000077ae3e85
Thread   [1508:4376]                                                                                       0000000072cd1670
Thread   [1508:4380]                                                                                       0000000072cd1840
Thread   [1508:4396]                                                                                       0000000074f732ce
Thread   [1508:4400]                                                                                       0000000074f732ce
Thread   [1508:4404]                                                                                       0000000074f732ce
Thread   [1508:4408]                                                                                       0000000074f732ce
Thread   [1508:4412]                                                                                       0000000074f732ce
Thread   [1508:4416]                                                                                       0000000074f732ce
Thread   [1508:4420]                                                                                       0000000074f732ce
Thread   [1508:4424]                                                                                       0000000074f732ce
Thread   [1508:4428]                                                                                       0000000074f732ce
Thread   [1508:4432]                                                                                       0000000074f732ce
Thread   [1508:4436]                                                                                       0000000074f732ce
Thread   [1508:4460]                                                                                       0000000074f7345e
Thread   [1508:4468]                                                                                       0000000071b741a0
Thread   [1508:4472]                                                                                       0000000071b781e0
Thread   [1508:4476]                                                                                       0000000074f7345e
Thread   [1508:4488]                                                                                       0000000071b71f10
Thread   [1508:4504]                                                                                       0000000074f7345e
Thread   [1508:4628]                                                                                       00000000725c62ee
Thread   [1508:4632]                                                                                       0000000074f7345e
Thread   [1508:5092]                                                                                       0000000074f7345e
Thread   [1508:2212]                                                                                       0000000074f7345e
Thread   [1508:2760]                                                                                       0000000074f7345e
Thread   [1508:1896]                                                                                       0000000074f7345e
Thread   [1508:4012]                                                                                       0000000074f7345e
Thread   [1508:4852]                                                                                       0000000075cfd864
Thread   [1508:1512]                                                                                       0000000077ae3e85
Thread   [1508:2104]                                                                                       0000000077ae3e85
Thread   [1508:6680]                                                                                       0000000077ae3e85
Thread   [1508:6944]                                                                                       0000000077ae3e85
Thread   [1508:3500]                                                                                       0000000077ae3e85
Thread   [1508:5124]                                                                                       0000000077ae3e85
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [5648:5868]                                     000007fefebb0168
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [5648:5888]                                     000007fefbab2a7c
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [5648:5896]                                     000007feea9ed618
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [5648:4656]                                     000007fefc2c5124
Thread  C:\Windows\System32\svchost.exe [4344:5640]                                                        000007fee7f29688

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type                                               2
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start                                              2
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl                                       1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName                                        aswFsBlk
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group                                              FSFilter Activity Monitor
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService                                    FltMgr?
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description                                        avast! mini-filter driver (aswFsBlk)
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag                                                2
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances                                         
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance                          aswFsBlk Instance
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance                       
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude               388400
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags                  0
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk                                                   
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type                                              2
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start                                             2
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl                                      1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath                                         \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName                                       aswMonFlt
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group                                             FSFilter Anti-Virus
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService                                   FltMgr?
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description                                       avast! mini-filter driver (aswMonFlt)
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances                                        
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance                         aswMonFlt Instance
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance                     
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude             320700
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags                0
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt                                                  
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath                                            \SystemRoot\System32\Drivers\aswrdr2.sys
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type                                                 1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start                                                1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl                                         1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName                                          aswRdr
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group                                                PNP_TDI
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService                                      tcpip?
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description                                          avast! WFP Redirect driver
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters                                          
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault                       
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault                        nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRdr                                                     
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type                                                1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start                                               0
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl                                        1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName                                         aswRvrt
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description                                         avast! Revert
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters                                         
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter                              27
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter                              154562
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot                               \Device\Harddisk0\Partition2\Windows
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown                         1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswRvrt                                                    
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type                                                 2
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start                                                1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl                                         1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName                                          aswSnx
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group                                                FSFilter Virtualization
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService                                      FltMgr?
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description                                          avast! virtualization driver (aswSnx)
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag                                                  2
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances                                           
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance                            aswSnx Instance
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance                           
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude                   137600
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags                      0
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters                                          
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder                             \DosDevices\C:\Program Files\AVAST Software\Avast
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder                                \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSnx                                                     
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type                                                  1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start                                                 1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl                                          1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName                                           aswSP
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description                                           avast! Self Protection
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters                                           
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield                                1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder                              \DosDevices\C:\Program Files\AVAST Software\Avast
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder                                 \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder                         \DosDevices\C:\Program Files
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder                               \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswSP                                                      
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type                                                 1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start                                                1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl                                         1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName                                          avast! Network Shield Support
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group                                                PNP_TDI
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService                                      tcpip?
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description                                          avast! Network Shield TDI driver
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag                                                  9
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswTdi                                                     
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type                                                 1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start                                                0
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl                                         1
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName                                          aswVmm
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description                                          avast! VM Monitor
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters                                          
Reg     HKLM\SYSTEM\CurrentControlSet\services\aswVmm                                                     
Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type                                       32
Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start                                      2
Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl                               1
Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath                                  "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName                                avast! Antivirus
Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group                                      ShellSvcGroup
Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService                            aswMonFlt?RpcSS?
Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64                                      1
Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName                                 LocalSystem
Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType                             1
Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description                                Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler.
Reg     HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus                                           
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type                                                   2
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start                                                  2
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl                                           1
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName                                            aswFsBlk
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group                                                  FSFilter Activity Monitor
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService                                        FltMgr?
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description                                            avast! mini-filter driver (aswFsBlk)
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag                                                    2
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet)                     
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance                              aswFsBlk Instance
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet)   
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude                   388400
Reg     HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags                      0
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type                                                  2
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start                                                 2
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl                                          1
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath                                             \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName                                           aswMonFlt
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group                                                 FSFilter Anti-Virus
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService                                       FltMgr?
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description                                           avast! mini-filter driver (aswMonFlt)
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet)                    
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance                             aswMonFlt Instance
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet) 
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude                 320700
Reg     HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags                    0
Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath                                                \SystemRoot\System32\Drivers\aswrdr2.sys
Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr@Type                                                     1
Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr@Start                                                    1
Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl                                             1
Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName                                              aswRdr
Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr@Group                                                    PNP_TDI
Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService                                          tcpip?
Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr@Description                                              avast! WFP Redirect driver
Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet)                      
Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault                           
Reg     HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault                            nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg     HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type                                                    1
Reg     HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start                                                   0
Reg     HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl                                            1
Reg     HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName                                             aswRvrt
Reg     HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description                                             avast! Revert
Reg     HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet)                     
Reg     HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter                                  27
Reg     HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter                                  154562
Reg     HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot                                   \Device\Harddisk0\Partition2\Windows
Reg     HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown                             1
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx@Type                                                     2
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx@Start                                                    1
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl                                             1
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName                                              aswSnx
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx@Group                                                    FSFilter Virtualization
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService                                          FltMgr?
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx@Description                                              avast! virtualization driver (aswSnx)
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag                                                      2
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet)                       
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance                                aswSnx Instance
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet)       
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude                       137600
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags                          0
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet)                      
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder                                 \DosDevices\C:\Program Files\AVAST Software\Avast
Reg     HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder                                    \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg     HKLM\SYSTEM\ControlSet002\services\aswSP@Type                                                      1
Reg     HKLM\SYSTEM\ControlSet002\services\aswSP@Start                                                     1
Reg     HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl                                              1
Reg     HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName                                               aswSP
Reg     HKLM\SYSTEM\ControlSet002\services\aswSP@Description                                               avast! Self Protection
Reg     HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet)                       
Reg     HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield                                    1
Reg     HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder                                  \DosDevices\C:\Program Files\AVAST Software\Avast
Reg     HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder                                     \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg     HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder                             \DosDevices\C:\Program Files
Reg     HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder                                   \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg     HKLM\SYSTEM\ControlSet002\services\aswTdi@Type                                                     1
Reg     HKLM\SYSTEM\ControlSet002\services\aswTdi@Start                                                    1
Reg     HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl                                             1
Reg     HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName                                              avast! Network Shield Support
Reg     HKLM\SYSTEM\ControlSet002\services\aswTdi@Group                                                    PNP_TDI
Reg     HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService                                          tcpip?
Reg     HKLM\SYSTEM\ControlSet002\services\aswTdi@Description                                              avast! Network Shield TDI driver
Reg     HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag                                                      9
Reg     HKLM\SYSTEM\ControlSet002\services\aswVmm@Type                                                     1
Reg     HKLM\SYSTEM\ControlSet002\services\aswVmm@Start                                                    0
Reg     HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl                                             1
Reg     HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName                                              aswVmm
Reg     HKLM\SYSTEM\ControlSet002\services\aswVmm@Description                                              avast! VM Monitor
Reg     HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet)                      
Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type                                           32
Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start                                          2
Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl                                   1
Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath                                      "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName                                    avast! Antivirus
Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group                                          ShellSvcGroup
Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService                                aswMonFlt?RpcSS?
Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64                                          1
Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName                                     LocalSystem
Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType                                 1
Reg     HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description                                    Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler.

---- EOF - GMER 2.1 ----


 



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:19 AM

Posted 28 September 2013 - 11:55 AM

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 ABud

ABud
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:19 AM

Posted 28 September 2013 - 05:58 PM

ComboFix 13-09-28.02 - Andrew 28/09/2013  23:25:15.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.8183.6065 [GMT 1:00]
Running from: c:\users\Andrew\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: ZoneAlarm Free Firewall Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\windows\SysWow64\gmail.dll
c:\windows\SysWow64\tmp925.tmp
c:\windows\SysWow64\tmp926.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-28 to 2013-09-28  )))))))))))))))))))))))))))))))
.
.
2013-09-28 22:31 . 2013-09-28 22:31 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-09-28 22:31 . 2013-09-28 22:31 -------- d-----w- c:\users\postgres\AppData\Local\temp
2013-09-28 22:31 . 2013-09-28 22:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-26 15:59 . 2013-09-26 15:59 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-09-26 15:59 . 2013-09-26 15:59 -------- d-----w- c:\programdata\Oracle
2013-09-26 15:58 . 2013-09-26 15:58 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-09-25 17:15 . 2013-05-22 17:49 32600 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2013-09-25 17:15 . 2013-05-22 17:49 17720 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2013-09-13 22:06 . 2013-09-13 22:06 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
2013-09-13 22:06 . 2013-09-13 22:06 -------- d-----w- c:\programdata\Caphyon
2013-09-13 22:06 . 2013-09-13 22:06 -------- d-----w- C:\REX Auto Update
2013-09-13 22:05 . 2013-09-13 22:05 -------- d-----w- c:\program files\Microsoft SQL Server
2013-09-13 21:57 . 2013-09-13 22:26 -------- d-----w- c:\users\Andrew\AppData\Roaming\REX Game Studios, LLC
2013-09-13 13:22 . 2013-08-02 02:23 5550528 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-09-13 13:18 . 2013-08-05 02:25 155584 ----a-w- c:\windows\system32\drivers\ataport.sys
2013-09-13 13:18 . 2013-08-08 01:20 3155456 ----a-w- c:\windows\system32\win32k.sys
2013-09-13 13:18 . 2013-07-26 02:24 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-09-13 13:18 . 2013-07-26 02:24 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-09-05 14:04 . 2013-09-05 14:04 209272 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-26 15:58 . 2012-08-06 15:37 868264 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-09-26 15:58 . 2011-09-03 13:40 790440 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-09-19 18:21 . 2012-04-06 12:46 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-19 18:21 . 2011-08-06 12:23 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-13 13:29 . 2010-10-17 12:05 79143768 ----a-w- c:\windows\system32\MRT.exe
2013-09-05 05:32 . 2013-09-28 09:40 9694160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{722B0FF5-975A-40FF-9C1A-A02049F47487}\mpengine.dll
2013-08-30 07:48 . 2013-03-20 15:51 204880 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-08-30 07:48 . 2013-03-20 15:51 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-08-30 07:48 . 2012-12-18 17:05 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-08-30 07:48 . 2012-12-18 17:05 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-08-30 07:48 . 2012-12-18 17:05 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-08-30 07:48 . 2012-12-18 17:05 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-08-30 07:48 . 2012-12-18 17:05 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-08-30 07:48 . 2012-12-18 17:05 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-08-30 07:47 . 2012-12-18 17:04 41664 ----a-w- c:\windows\avastSS.scr
2013-08-30 07:47 . 2011-01-19 18:40 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-08-07 03:22 . 2010-10-14 20:00 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-08-02 01:48 . 2013-09-13 13:22 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-07-25 09:25 . 2013-08-22 09:27 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57 . 2013-08-22 09:27 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58 . 2013-08-22 09:27 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-19 01:41 . 2013-08-22 09:27 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-07-12 19:58 . 2013-07-12 19:58 624128 ----a-w- c:\windows\system32\qedit.dll
2013-07-12 19:58 . 2013-07-12 19:58 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-07-09 05:52 . 2013-08-22 09:28 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-07-09 05:51 . 2013-08-22 09:27 1217024 ----a-w- c:\windows\system32\rpcrt4.dll
2013-07-09 05:46 . 2013-08-22 09:28 1472512 ----a-w- c:\windows\system32\crypt32.dll
2013-07-09 05:46 . 2013-08-22 09:28 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-09 05:46 . 2013-08-22 09:28 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-09 04:52 . 2013-08-22 09:27 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2013-07-09 04:52 . 2013-08-22 09:28 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-07-09 04:46 . 2013-08-22 09:28 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-07-09 04:46 . 2013-08-22 09:28 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-07-09 04:46 . 2013-08-22 09:28 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-07-06 06:03 . 2013-08-22 09:27 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{043C5167-00BB-4324-AF7E-62013FAEDACF}]
2010-10-05 14:40 478800 ----a-w- c:\program files (x86)\vShare\vshare_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{043C5167-00BB-4324-AF7E-62013FAEDACF}"= "c:\program files (x86)\vShare\vshare_toolbar.dll" [2010-10-05 478800]
.
[HKEY_CLASSES_ROOT\clsid\{043c5167-00bb-4324-af7e-62013faedacf}]
[HKEY_CLASSES_ROOT\vShare.PugiObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{3E315C81-442B-431C-AEC8-ED189699EC24}]
[HKEY_CLASSES_ROOT\vShare.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 221184]
"DS3 Tool"="c:\program files\MotioninJoy\ds3\DS3_Tool.exe" [2012-05-12 104768]
"Advanced SystemCare 6"="c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" [2013-04-18 491840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-04 346320]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-10-21 106496]
"MRUTray"="c:\program files (x86)\Marvell\raid\tray\MarvellTray.exe" [2009-10-09 741376]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-06-07 2605424]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2013-01-02 73984]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CineForm Status.lnk - c:\program files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe [2012-10-28 152064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
R3 libusb0;Atmel - LibUsb Kernel Driver 10/02/2010 1.2.2.0;c:\windows\system32\DRIVERS\libusb0.sys;c:\windows\SYSNATIVE\DRIVERS\libusb0.sys [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]
R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\DRIVERS\mv91cons.sys;c:\windows\SYSNATIVE\DRIVERS\mv91cons.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [x]
S2 COM Service;COM Service;c:\program files (x86)\GIGABYTE\G.O.M\GCSVR.EXE;c:\program files (x86)\GIGABYTE\G.O.M\GCSVR.EXE [x]
S2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [x]
S2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [x]
S2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe;c:\windows\SysWOW64\XSrvSetup.exe [x]
S2 Marvell RAID;Marvell RAID Event Agent;c:\program files (x86)\Marvell\raid\svc\mvraidsvc.exe;c:\program files (x86)\Marvell\raid\svc\mvraidsvc.exe [x]
S2 MRUWebService;MRU Web Service;c:\program files (x86)\Marvell\raid\Apache2\bin\httpd.exe;c:\program files (x86)\Marvell\raid\Apache2\bin\httpd.exe [x]
S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SaiK0836;SaiK0836;c:\windows\system32\DRIVERS\SaiK0836.sys;c:\windows\SYSNATIVE\DRIVERS\SaiK0836.sys [x]
S3 stdriver;Sound tap driver Upper Class Filter Driver v2.0.0.0;c:\windows\system32\DRIVERS\stdriver64.sys;c:\windows\SYSNATIVE\DRIVERS\stdriver64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ    nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 18:21]
.
2011-03-29 c:\windows\Tasks\At1.job
- c:\windows\system32\Shutdown.exe [2009-07-13 01:14]
.
2011-03-30 c:\windows\Tasks\At2.job
- c:\windows\system32\Shutdown.exe [2009-07-13 01:14]
.
2011-03-30 c:\windows\Tasks\At3.job
- c:\windows\system32\Shutdown.exe [2009-07-13 01:14]
.
2013-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-30 18:20]
.
2013-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-30 18:20]
.
2013-09-28 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 133840 ------w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-08 9642528]
"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2008-08-28 357376]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2008-08-28 194560]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-21 2306448]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-06-07 362488]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2012-11-22 1127592]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Download All with FlashGet - c:\program files (x86)\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files (x86)\FlashGet\jc_link.htm
TCP: DhcpNameServer = 192.168.1.254
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - c:\program files (x86)\vShare\vshare_toolbar.dll

.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-Automatically Log Internet Connection Status Software.exe - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-F15 - c:\windows\system32\EAREMOVE.EXE
AddRemove-G.O.M - c:\windows\system32\usetup.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{043C5167-00BB-4324-AF7E-62013FAEDACF}"=hex:51,66,7a,6c,4c,1d,38,12,09,52,2f,
   00,89,4e,4a,06,d0,68,21,41,3a,f0,9e,db
"{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59}"=hex:51,66,7a,6c,4c,1d,38,12,50,ad,9c,
   47,dd,f3,bd,01,d4,9d,4f,3c,86,0e,9b,4d
"{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,38,12,3a,25,4d,
   8a,1f,e3,d1,0d,d3,3b,92,3f,05,d7,c9,12
"{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}"=hex:51,66,7a,6c,4c,1d,38,12,8b,c7,39,
   ea,82,fe,a8,0b,f7,bf,ff,e1,a6,74,f5,13
"{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}"=hex:51,66,7a,6c,4c,1d,38,12,15,21,99,
   35,ad,10,d3,00,f6,8f,3c,cf,15,94,08,e1
"{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}"=hex:51,66,7a,6c,4c,1d,38,12,14,1c,97,
   2e,26,ee,cb,08,c9,cf,c8,d1,38,a5,3e,98
"{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}"=hex:51,66,7a,6c,4c,1d,38,12,68,40,25,
   2b,77,e4,db,02,e0,8b,7a,e8,bc,10,3a,e3
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}"=hex:51,66,7a,6c,4c,1d,38,12,ac,35,59,
   8e,07,4b,42,08,c2,2b,0a,2c,b2,b0,92,f7
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F156768E-81EF-470C-9057-481BA8380DBA}"=hex:51,66,7a,6c,4c,1d,38,12,e0,75,45,
   f5,dd,cf,62,02,ef,41,0b,5b,ad,66,49,ae
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:1c,ab,97,a0,d2,77,ce,01
.
[HKEY_USERS\S-1-5-21-1338645265-2052608878-2194929752-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1338645265-2052608878-2194929752-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-1338645265-2052608878-2194929752-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:4b,31,01,3f,73,51,a2,95,e5,5d,df,f1,9a,08,c8,77,72,07,8e,b6,51,97,ed,
   65,76,a2,3a,8b,09,0c,b4,cd,67,bf,c0,02,cc,09,5b,e7,ab,c8,ae,cc,a2,ad,a3,e1,\
"??"=hex:65,34,23,f1,ac,3e,ae,99,14,20,f8,2a,53,ca,02,2f
.
[HKEY_USERS\S-1-5-21-1338645265-2052608878-2194929752-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:7f,b5,8b,26,7e,07,b7,b0,93,81,e6,90,75,7b,2c,0e,45,94,da,1d,bd,
   d1,f2,55,41,56,c7,dd,44,f4,0b,1b,f9,70,f9,15,d1,e3,35,dc,b5,47,cc,5d,43,51,\
"rkeysecu"=hex:2a,63,e7,42,30,5a,32,14,dd,27,84,2b,af,a9,59,e2
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
   bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe
c:\program files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
.
**************************************************************************
.
Completion time: 2013-09-28  23:39:44 - machine was rebooted
ComboFix-quarantined-files.txt  2013-09-28 22:39
.
Pre-Run: 316,278,611,968 bytes free
Post-Run: 316,170,448,896 bytes free
.
- - End Of File - - 61B5827C4E3ACC0816DB2BDDFEEC12EC
A36C5E4F47E84449FF07ED3517B43A31
 



#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:19 AM

Posted 29 September 2013 - 10:30 AM

IObit software products are installed on your system!

The company behind this product was found to be stealing Malwarebytes´ database. Personally I would not trust installing any software from a company that resorts to stealing someone's technology to sell their product.

Please see the following links and make up your own mind if you want to keep this on your system. If needed I can help you remove it.
 


Edited by TB-Psychotic, 29 September 2013 - 10:30 AM.

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 ABud

ABud
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:19 AM

Posted 29 September 2013 - 11:12 AM

Pretty disappointing reading there! I would just use Windows to uninstall the software, but I take there is a more thorough route?



#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:19 AM

Posted 30 September 2013 - 01:02 AM

No, just use windows to uninstall the tool:

 

 

Add-/remove programms

Click on start-->control panel.

Vista/7: Open Programs and Features
XP: Open add/remove programs

Search for and remove the following programs
 

Advanced SystemCare 6

ZoneAlarm LTD Toolbar
ZoneAlarm Security Toolbar


Close the window.

 

 

 

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

 

 

 

 

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 ABud

ABud
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:19 AM

Posted 01 October 2013 - 05:02 AM

Here's the combofix log. It crashed during the creating log phase so it's not complete:

 

ComboFix 13-09-28.02 - Andrew 30/09/2013  10:27:47.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.8183.5980 [GMT 1:00]
Running from: C:\Users\Andrew\Desktop\ComboFix.exe
Command switches used :: C:\Users\Andrew\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: ZoneAlarm Free Firewall Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

c:\program files (x86)\vShare\vshare_toolbar.dll
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job

(((((((((((((((((((((((((   Files Created from 2013-08-28 to 2013-09-30  )))))))))))))))))))))))))))))))

2013-09-30 09:42:09 . 2013-09-30 09:42:09 -------- d-----w- C:\Users\UpdatusUser\AppData\Local\temp
2013-09-30 09:42:09 . 2013-09-30 09:42:09 -------- d-----w- C:\Users\postgres\AppData\Local\temp
2013-09-30 09:42:09 . 2013-09-30 09:42:09 -------- d-----w- C:\Users\Default\AppData\Local\temp
2013-09-28 09:40:01 . 2013-09-05 05:32:08 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{722B0FF5-975A-40FF-9C1A-A02049F47487}\mpengine.dll
2013-09-26 15:59:20 . 2013-09-26 15:59:20 -------- d-----w- C:\Program Files (x86)\Common Files\Java
2013-09-26 15:59:07 . 2013-09-26 15:59:07 -------- d-----w- C:\ProgramData\Oracle
2013-09-26 15:58:58 . 2013-09-26 15:58:53 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-09-13 22:06:53 . 2013-09-13 22:06:53 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin
2013-09-13 22:06:53 . 2013-09-13 22:06:53 -------- d-----w- C:\ProgramData\Caphyon
2013-09-13 22:06:47 . 2013-09-13 22:06:48 -------- d-----w- C:\REX Auto Update
2013-09-13 22:05:39 . 2013-09-13 22:05:44 -------- d-----w- C:\Program Files\Microsoft SQL Server
2013-09-13 21:57:28 . 2013-09-13 22:26:06 -------- d-----w- C:\Users\Andrew\AppData\Roaming\REX Game Studios, LLC
2013-09-13 13:22:11 . 2013-08-02 02:23:53 5550528 ----a-w- C:\Windows\system32\ntoskrnl.exe
2013-09-13 13:18:55 . 2013-08-05 02:25:45 155584 ----a-w- C:\Windows\system32\drivers\ataport.sys
2013-09-13 13:18:46 . 2013-08-08 01:20:43 3155456 ----a-w- C:\Windows\system32\win32k.sys
2013-09-13 13:18:36 . 2013-07-26 02:24:57 14172672 ----a-w- C:\Windows\system32\shell32.dll
2013-09-13 13:18:35 . 2013-07-26 02:24:56 197120 ----a-w- C:\Windows\system32\shdocvw.dll
2013-09-05 14:04:02 . 2013-09-05 14:04:02 209272 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

2013-09-26 15:58:53 . 2012-08-06 15:37:34 868264 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2013-09-26 15:58:53 . 2011-09-03 13:40:52 790440 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-09-19 18:21:26 . 2012-04-06 12:46:58 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-19 18:21:26 . 2011-08-06 12:23:57 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-13 13:29:04 . 2010-10-17 12:05:07 79143768 ----a-w- C:\Windows\system32\MRT.exe
2013-08-30 07:48:10 . 2013-03-20 15:51:56 204880 ----a-w- C:\Windows\system32\drivers\aswVmm.sys
2013-08-30 07:48:10 . 2013-03-20 15:51:55 65336 ----a-w- C:\Windows\system32\drivers\aswRvrt.sys
2013-08-30 07:48:10 . 2012-12-18 17:05:13 378944 ----a-w- C:\Windows\system32\drivers\aswSP.sys
2013-08-30 07:48:10 . 2012-12-18 17:05:05 72016 ----a-w- C:\Windows\system32\drivers\aswRdr2.sys
2013-08-30 07:48:10 . 2012-12-18 17:05:03 64288 ----a-w- C:\Windows\system32\drivers\aswTdi.sys
2013-08-30 07:48:10 . 2012-12-18 17:05:01 1030952 ----a-w- C:\Windows\system32\drivers\aswSnx.sys
2013-08-30 07:48:09 . 2012-12-18 17:05:14 33400 ----a-w- C:\Windows\system32\drivers\aswFsBlk.sys
2013-08-30 07:48:09 . 2012-12-18 17:05:01 80816 ----a-w- C:\Windows\system32\drivers\aswMonFlt.sys
2013-08-30 07:47:40 . 2012-12-18 17:04:45 41664 ----a-w- C:\Windows\avastSS.scr
2013-08-30 07:47:14 . 2011-01-19 18:40:55 287840 ----a-w- C:\Windows\system32\aswBoot.exe
2013-08-07 03:22:02 . 2010-10-14 20:00:12 278800 ------w- C:\Windows\system32\MpSigStub.exe
2013-08-02 01:48:11 . 2013-09-13 13:22:10 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-07-25 09:25:54 . 2013-08-22 09:27:52 1888768 ----a-w- C:\Windows\system32\WMVDECOD.DLL
2013-07-25 08:57:27 . 2013-08-22 09:27:52 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58:42 . 2013-08-22 09:27:55 2048 ----a-w- C:\Windows\system32\tzres.dll
2013-07-19 01:41:01 . 2013-08-22 09:27:55 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-07-12 19:58:11 . 2013-07-12 19:58:11 624128 ----a-w- C:\Windows\system32\qedit.dll
2013-07-12 19:58:11 . 2013-07-12 19:58:11 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-07-09 05:52:52 . 2013-08-22 09:28:05 224256 ----a-w- C:\Windows\system32\wintrust.dll
2013-07-09 05:51:16 . 2013-08-22 09:27:51 1217024 ----a-w- C:\Windows\system32\rpcrt4.dll
2013-07-09 05:46:20 . 2013-08-22 09:28:06 1472512 ----a-w- C:\Windows\system32\crypt32.dll
2013-07-09 05:46:20 . 2013-08-22 09:28:05 184320 ----a-w- C:\Windows\system32\cryptsvc.dll
2013-07-09 05:46:20 . 2013-08-22 09:28:05 139776 ----a-w- C:\Windows\system32\cryptnet.dll
2013-07-09 04:52:33 . 2013-08-22 09:27:51 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:10 . 2013-08-22 09:28:05 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-07-09 04:46:31 . 2013-08-22 09:28:05 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31 . 2013-08-22 09:28:05 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-07-09 04:46:31 . 2013-08-22 09:28:05 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-07-06 06:03:53 . 2013-08-22 09:27:48 1910208 ----a-w- C:\Windows\system32\drivers\tcpip.sys

 

Interestingly I discovered that the "virus" was part of the motionjoy DS3 controller program, so have uninstalled that and everything is working properly - no annoying websites :bananas:

 

I'm running a MBAM scan at the moment but don't expect there to be any problems. Now that I've uninstalled the IOBIT software I was wondering if there is another general purpose program like advanced system care you could recommend? It did keep my system running smoothly. Also a decent defragger?

 

Thanks for your help,

 

Andy



#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:19 AM

Posted 01 October 2013 - 05:09 AM

An alternative to clean up your computer is CCleaner. Don´t use any registry "optimizing" tools - they cannot improve your computer´s performance and there is no need to clean anything within the windows registry.

 

Post up the log when finished.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 ABud

ABud
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:19 AM

Posted 01 October 2013 - 06:04 AM

Here's the log:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.27.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
Andrew :: ANDREW-PC [administrator]

01/10/2013 10:56:12
mbam-log-2013-10-01 (10-56-12).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 557292
Time elapsed: 1 hour(s), 7 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

Will download CCleaner, thanks!



#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:19 AM

Posted 01 October 2013 - 06:16 AM

We´re not finished yet!

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#15 ABud

ABud
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:19 AM

Posted 01 October 2013 - 01:41 PM

I'm afraid I'm away from home until Sunday so won't be able to run the scan until then.

Thanks for your help so far,

Andy




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users