Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

micro httpd and account passwords changed


  • This topic is locked This topic is locked
21 replies to this topic

#1 Tilkon

Tilkon

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 08 October 2013 - 06:25 AM

Hello,

 

I already described my problem and started analyzing the problem here:

 

http://www.bleepingcomputer.com/forums/t/510039/micro-httpd/

 

 

 

My problem is that I got my account password changed. This happened on both accounts on my PC.

Also, I could not access the router setup page, and I got a pink page "error 404 micro httpd". At the second attempt, I managed to access the router setup page.

 

 

 

Here the DDS text:

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.25.2
Run by Owner at 13:10:40 on 2013-10-08
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fitbit Connect\FitbitConnectService.exe
C:\Program Files\Intel\Intel Desktop Utilities\iduServ.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe
C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\SOS PC Self\clientBase\bin\ATAService.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\PANDORA.TV\PanService\PanProcess.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Intel\Intel Desktop Utilities\ipTray.exe
F:\Adobe Acrobat\Acrobat\Acrotray.exe
C:\Program Files\Fitbit Connect\Fitbit Connect.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinSplit Revolution\WinSplit.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Free Internet Window Washer\Clearpch.exe
C:\Documents and Settings\Owner\Application Data\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\WinSplit Revolution\WinSplitDrvr32.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uInternet Connection Wizard,ShellNext = iexplore
uProxyOverride = 127.0.0.1;*.local
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: uTorrentBar_IT Toolbar: {4AE0C3D6-F713-4EED-BC65-25DC3FFDAAC1} - c:\program files\utorrentbar_it\prxtbuTor.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: uTorrentBar_IT Toolbar: {4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - c:\program files\utorrentbar_it\prxtbuTor.dll
TB: TextAloud: {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - c:\program files\textaloud\TAForIE.dll
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
uRun: [Taskbar Shuffle] c:\program files\taskbar shuffle\taskbarshuffle.exe
uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [Winsplit] c:\program files\winsplit revolution\WinSplit.exe
uRun: [Free Internet Window Washer] c:\program files\free internet window washer\Clearpch.exe -Start
uRun: [Spotify Web Helper] "c:\documents and settings\owner\application data\spotify\data\SpotifyWebHelper.exe"
uRun: [Fitbit Connect] "c:\program files\fitbit connect\Fitbit Connect.exe" /autorun
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
mRun: [WheelMouse] c:\program files\a4tech\mouse\Amoumain.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ipTray.exe] "c:\program files\intel\intel desktop utilities\ipTray.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Acrobat Assistant 8.0] "f:\adobe acrobat\acrobat\Acrotray.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe"
mRun: [bit4id store register] RUNDLL32.EXE "c:\windows\system32\bit4cnsp.dll",RegisterMyPhysicalStore
mRun: [Fitbit Connect] "c:\program files\fitbit connect\Fitbit Connect.exe" /autorun
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoResolveTrack = dword:1
mPolicies-Explorer: NoFileAssociate = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:351
mPolicies-Explorer: NoAutorun = dword:1
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2012\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Show RoboForm Toolbar - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2012\ievkbd.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2012\klwtbbho.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{D60A9982-3360-41C7-A9F0-2A23D69727AE} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs= acaptuser32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: ObjectDockShlExt Class - {1984D045-52CF-49cd-DB77-08F378FEA4DB} - c:\program files\stardock\objectdockfree\ODMenu.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\gu1bz22q.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\program files\tracker software\pdf viewer\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_168.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: f:\adobe acrobat\acrobat\air\nppdf32.dll
.
============= SERVICES / DRIVERS ===============
.
R? ACSSCR;ACR38 Smart Card Reader
R? AWService;Admin Works Agent X8
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? cpuz132;cpuz132
R? exdisk;Express Disk Service
R? gupdate1c9773b6df93356;Google Update Service (gupdate1c9773b6df93356)
R? Marvell RAID;Marvell RAID Event Agent
R? nidimk;nidimk
R? nipalfwedl;nipalfwedl
R? nipalusbedl;nipalusbedl
R? NiViFWK;NI-VISA FireWire Driver
R? NiViPciK;NI-VISA PCI Driver
R? nmwcdnsu;Nokia USB Flashing Phone Parent
R? NvnUsbAudio;Novation USB Audio Driver
R? RDID1009;EDIROL UM-1
R? silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver
R? silabser;Silicon Labs CP210x USB to UART Bridge Driver
R? SkypeUpdate;Skype Updater
R? SwitchBoard;SwitchBoard
R? SynasUSB;eLicenser
R? WDC_SAM;WD SCSI Pass Thru driver
R? WinRM;Windows Remote Management (WS-Management)
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? !SASCORE;SAS Core Service
S? automap;Automap MIDI Driver
S? AVP;Kaspersky Anti-Virus Service
S? Fitbit Connect;Fitbit Connect Service
S? IduService;Intel® Desktop Utilities Service
S? Iprip;RIP Listener
S? KL1;KL1
S? kl2;kl2
S? KLIF;Kaspersky Lab Driver
S? klim5;Kaspersky Anti-Virus NDIS Filter
S? klmouflt;Kaspersky Lab KLMOUFLT
S? MRUWebService;MRU Web Service
S? MsDepSvc;Web Deployment Agent Service
S? mv61xx;mv61xx
S? nipbcfk;National Instruments Class Upper Filter Driver
S? NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool
S? NiViPxiK;NI-VISA PXI Driver
S? NPF;NetGroup Packet Filter Driver
S? PanService;PandoraService
S? PSI;PSI
S? pssnap;Paramount Software Snapshot Filter
S? RDID1005;EDIROL UA-5
S? ReflectService.exe;Macrium Reflect Image Mounting Service
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
S? Secunia PSI Agent;Secunia PSI Agent
S? Secunia Update Agent;Secunia Update Agent
S? SOSPCService;SOSPCService
S? StarPortLite;StarPort Storage Controller (Lite)
S? StarWindServiceAE;StarWind AE Service
S? TomTomHOMEService;TomTomHOMEService
S? WinFLdrv;WinFLdrv
.
=============== File Associations ===============
.
FileExt: .txt: Applications\WORDPAD.EXE="c:\program files\windows nt\accessories\WORDPAD.EXE" "%1" [UserChoice]
FileExt: .js: jsfile="f:\program files\adobe\adobe dreamweaver cs3\Dreamweaver.exe","%1"
ShellExec: Cubase Studio 5.exe: open=c:\progra~1\steinb~1\cubase studio 5\Cubase Studio 5.exe
ShellExec: dreamweaver.exe: Open="f:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-10-07 07:11:09    --------    d-----w-    c:\documents and settings\owner\application data\SUPERAntiSpyware.com
2013-10-07 07:10:56    --------    d-----w-    c:\program files\SUPERAntiSpyware
2013-10-07 07:10:56    --------    d-----w-    c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2013-09-25 16:55:39    650752    ----a-w-    c:\windows\system32\xvidcore.dll
2013-09-25 16:55:39    3649536    ----a-w-    c:\windows\system32\x264vfw.dll
2013-09-25 16:55:39    243200    ----a-w-    c:\windows\system32\xvidvfw.dll
2013-09-25 16:55:39    216064    ----a-w-    c:\windows\system32\lagarith.dll
2013-09-25 16:55:38    122880    ----a-w-    c:\windows\system32\ac3acm.acm
2013-09-25 16:55:36    112640    ----a-w-    c:\windows\system32\ff_vfw.dll
2013-09-25 16:55:34    --------    d-----w-    c:\program files\K-Lite Codec Pack
2013-09-21 13:54:37    --------    d-----w-    c:\documents and settings\owner\application data\D16 Group
2013-09-21 13:52:44    --------    d-----w-    c:\program files\D16 Group Audio Software
2013-09-19 20:16:52    --------    d-----w-    C:\Save
2013-09-19 18:55:48    --------    d-----w-    c:\program files\D16 Group
2013-09-19 18:38:09    --------    d-----w-    c:\documents and settings\all users\application data\D16 Group
2013-09-15 17:38:24    --------    d-----w-    c:\documents and settings\owner\application data\ToguAudioLine
2013-09-12 22:27:56    18944    -c----w-    c:\windows\system32\dllcache\corpol.dll
2013-09-12 13:12:31    692575    ----a-w-    c:\program files\uninstall information\{abaf1232-6213-4062-9d52-04e04a730cea}\unins000.exe
2013-09-09 15:14:02    --------    d-----w-    c:\program files\MIDIOX
2013-09-08 17:24:02    --------    d-----w-    c:\documents and settings\all users\application data\Propellerhead Software
.
==================== Find3M  ====================
.
2013-09-23 12:54:11    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-23 12:54:11    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-08-30 15:03:26    176    ----a-w-    c:\windows\system32\msvcsv60.dll
2013-08-30 15:03:26    176    ----a-w-    c:\documents and settings\owner\application data\msregsvv.dll
2013-08-24 17:49:48    2892    ----a-w-    c:\windows\system32\audcon.sys
2013-08-22 17:09:56    217176    ----a-w-    c:\windows\system32\unrar.dll
2013-08-09 01:56:45    386560    ----a-w-    c:\windows\system32\themeui.dll
2013-08-08 06:05:59    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-08-08 06:05:59    43520    ------w-    c:\windows\system32\licmgr10.dll
2013-08-08 06:05:59    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2013-08-08 06:05:58    18944    ----a-w-    c:\windows\system32\corpol.dll
2013-08-08 01:27:48    1877760    ----a-w-    c:\windows\system32\win32k.sys
2013-08-08 00:02:34    385024    ------w-    c:\windows\system32\html.iec
2013-08-05 13:30:32    1289728    ----a-w-    c:\windows\system32\ole32.dll
2013-08-03 12:18:38    1543680    ----a-w-    c:\windows\system32\wmvdecod.dll
2010-10-03 12:16:21    3430224    ----a-w-    c:\program files\ccsetup236.exe
2010-05-22 20:04:52    3099136    ----a-w-    c:\program files\openofficeorg32.msi
.
============= FINISH: 13.12.14,78 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:02 PM

Posted 13 October 2013 - 06:30 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/510211 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:02 PM

Posted 18 October 2013 - 06:30 AM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!

#4 Tilkon

Tilkon
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 19 October 2013 - 04:02 PM

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.25.2
Run by Owner at 13:20:39 on 2013-10-19
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fitbit Connect\FitbitConnectService.exe
C:\Program Files\Intel\Intel Desktop Utilities\iduServ.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe
C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\SOS PC Self\clientBase\bin\ATAService.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\PANDORA.TV\PanService\PanProcess.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\Intel\Intel Desktop Utilities\ipTray.exe
F:\Adobe Acrobat\Acrobat\Acrotray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files\Fitbit Connect\Fitbit Connect.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\WinSplit Revolution\WinSplit.exe
C:\Program Files\Free Internet Window Washer\Clearpch.exe
C:\Documents and Settings\Owner\Application Data\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinSplit Revolution\WinSplitDrvr32.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Documents and Settings\Owner\Application Data\Spotify\spotify.exe
C:\Documents and Settings\Owner\Application Data\Spotify\Data\SpotifyHelper.exe
C:\Documents and Settings\Owner\Application Data\Spotify\Data\SpotifyHelper.exe
C:\Documents and Settings\Owner\Application Data\Spotify\Data\SpotifyHelper.exe
C:\Documents and Settings\Owner\Application Data\Spotify\Data\SpotifyHelper.exe
C:\Documents and Settings\Owner\Application Data\Spotify\Data\SpotifyHelper.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Owner\Application Data\Spotify\Data\SpotifyHelper.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Documents and Settings\Owner\Application Data\Spotify\Data\SpotifyHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\ATH.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.softonic.com/MOY00053/tb_v1?SearchSource=10&cc=&mi=6022c6350000000000000019d1766fa8
uInternet Connection Wizard,ShellNext = iexplore
uProxyOverride = 127.0.0.1;*.local
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Softonic Helper Object: {E87806B5-E908-45FD-AF5E-957D83E58E68} - c:\program files\softonic\softonic\1.8.19.3\bh\Softonic.dll
TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: TextAloud: {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - c:\program files\textaloud\TAForIE.dll
TB: Softonic Toolbar: {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - c:\program files\softonic\softonic\1.8.19.3\SoftonicTlbr.dll
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
uRun: [Taskbar Shuffle] c:\program files\taskbar shuffle\taskbarshuffle.exe
uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe
uRun: [Winsplit] c:\program files\winsplit revolution\WinSplit.exe
uRun: [Free Internet Window Washer] c:\program files\free internet window washer\Clearpch.exe -Start
uRun: [Spotify Web Helper] "c:\documents and settings\owner\application data\spotify\data\SpotifyWebHelper.exe"
uRun: [Fitbit Connect] "c:\program files\fitbit connect\Fitbit Connect.exe" /autorun
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [Google Update] "c:\documents and settings\owner\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [WheelMouse] c:\program files\a4tech\mouse\Amoumain.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ipTray.exe] "c:\program files\intel\intel desktop utilities\ipTray.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Acrobat Assistant 8.0] "f:\adobe acrobat\acrobat\Acrotray.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2012\avp.exe"
mRun: [Fitbit Connect] "c:\program files\fitbit connect\Fitbit Connect.exe" /autorun
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoResolveTrack = dword:1
mPolicies-Explorer: NoFileAssociate = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoAutorun = dword:1
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2012\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Show RoboForm Toolbar - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2012\ievkbd.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2012\klwtbbho.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{D60A9982-3360-41C7-A9F0-2A23D69727AE} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs= c:\windows\system32\acaptuser32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: ObjectDockShlExt Class - {1984D045-52CF-49cd-DB77-08F378FEA4DB} - c:\program files\stardock\objectdockfree\ODMenu.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\gu1bz22q.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\tracker software\pdf viewer\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: f:\adobe acrobat\acrobat\air\nppdf32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.Softonic.hpOld0 - www.google.com
FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/MOY00053/tb_v1?SearchSource=1&cc=&mi=6022c6350000000000000019d1766fa8&q=
FF - user.js: extensions.Softonic.id - 6022c6350000000000000019d1766fa8
FF - user.js: extensions.Softonic.appId - {7ABBFE1C-E485-44AA-8F36-353751B4124D}
FF - user.js: extensions.Softonic.instlDay - 15991
FF - user.js: extensions.Softonic.vrsn - 1.8.19.3
FF - user.js: extensions.Softonic.vrsni - 1.8.19.3
FF - user.js: extensions.Softonic.vrsnTs - 1.8.19.315:12:36
FF - user.js: extensions.Softonic.prtnrId - softonic
FF - user.js: extensions.Softonic.prdct - Softonic
FF - user.js: extensions.Softonic.aflt - SD
FF - user.js: extensions.Softonic.smplGrp - none
FF - user.js: extensions.Softonic.tlbrId - 2013desingbrand
FF - user.js: extensions.Softonic.instlRef - MOY00053
FF - user.js: extensions.Softonic.dfltLng -
FF - user.js: extensions.Softonic.excTlbr - false
FF - user.js: extensions.Softonic.ffxUnstlRst - false
FF - user.js: extensions.Softonic.admin - false
FF - user.js: extensions.Softonic.autoRvrt - false
FF - user.js: extensions.Softonic.rvrt - false
FF - user.js: extensions.Softonic.hmpg - true
FF - user.js: extensions.Softonic.hmpgUrl - hxxp://search.softonic.com/MOY00053/tb_v1?SearchSource=13&cc=&mi=6022c6350000000000000019d1766fa8
FF - user.js: extensions.Softonic.dfltSrch - true
FF - user.js: extensions.Softonic.srchPrvdr - Search the web (Softonic)
FF - user.js: extensions.Softonic.kw_url - hxxp://search.softonic.com/MOY00053/tb_v1?SearchSource=2&cc=&mi=6022c6350000000000000019d1766fa8&q=
FF - user.js: extensions.Softonic.dnsErr - true
FF - user.js: extensions.Softonic.newTab - true
FF - user.js: extensions.Softonic.newTabUrl - hxxp://search.softonic.com/MOY00053/tb_v1/?SearchSource=15&cc=&mi=6022c6350000000000000019d1766fa8
.
============= SERVICES / DRIVERS ===============
.
R? ACSSCR;ACR38 Smart Card Reader
R? AWService;Admin Works Agent X8
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? cpuz132;cpuz132
R? exdisk;Express Disk Service
R? gupdate1c9773b6df93356;Google Update Service (gupdate1c9773b6df93356)
R? Marvell RAID;Marvell RAID Event Agent
R? nidimk;nidimk
R? nipalfwedl;nipalfwedl
R? nipalusbedl;nipalusbedl
R? NiViFWK;NI-VISA FireWire Driver
R? NiViPciK;NI-VISA PCI Driver
R? nmwcdnsu;Nokia USB Flashing Phone Parent
R? NvnUsbAudio;Novation USB Audio Driver
R? silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver
R? silabser;Silicon Labs CP210x USB to UART Bridge Driver
R? SkypeUpdate;Skype Updater
R? SwitchBoard;SwitchBoard
R? SynasUSB;eLicenser
R? WDC_SAM;WD SCSI Pass Thru driver
R? WinRM;Windows Remote Management (WS-Management)
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? !SASCORE;SAS Core Service
S? automap;Automap MIDI Driver
S? AVP;Kaspersky Anti-Virus Service
S? Fitbit Connect;Fitbit Connect Service
S? IduService;Intel® Desktop Utilities Service
S? Iprip;RIP Listener
S? KL1;KL1
S? kl2;kl2
S? KLIF;Kaspersky Lab Driver
S? klim5;Kaspersky Anti-Virus NDIS Filter
S? klmouflt;Kaspersky Lab KLMOUFLT
S? MRUWebService;MRU Web Service
S? MsDepSvc;Web Deployment Agent Service
S? mv61xx;mv61xx
S? nipbcfk;National Instruments Class Upper Filter Driver
S? NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool
S? NiViPxiK;NI-VISA PXI Driver
S? NPF;NetGroup Packet Filter Driver
S? PanService;PandoraService
S? PSI;PSI
S? pssnap;Paramount Software Snapshot Filter
S? RDID1005;EDIROL UA-5
S? RDID1009;EDIROL UM-1
S? ReflectService.exe;Macrium Reflect Image Mounting Service
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
S? Secunia PSI Agent;Secunia PSI Agent
S? Secunia Update Agent;Secunia Update Agent
S? SOSPCService;SOSPCService
S? StarPortLite;StarPort Storage Controller (Lite)
S? StarWindServiceAE;StarWind AE Service
S? TomTomHOMEService;TomTomHOMEService
S? WinFLdrv;WinFLdrv
.
=============== File Associations ===============
.
FileExt: .txt: Applications\WORDPAD.EXE="c:\program files\windows nt\accessories\WORDPAD.EXE" "%1" [UserChoice]
ShellExec: Cubase Studio 5.exe: open=c:\progra~1\steinb~1\cubase studio 5\Cubase Studio 5.exe
ShellExec: dreamweaver.exe: Open="f:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-10-13 13:12:30    --------    d-----w-    c:\program files\Softonic
2013-10-13 13:12:01    --------    d-----w-    c:\documents and settings\owner\application data\Softonic
2013-10-13 13:10:47    --------    d-----w-    c:\documents and settings\owner\application data\OpenCandy
2013-10-12 20:41:48    --------    d-----w-    C:\Save
2013-10-10 16:14:14    --------    d-----w-    c:\windows\ERUNT
2013-10-10 15:53:33    --------    d-----w-    C:\AdwCleaner
2013-10-10 08:03:27    25088    -c----w-    c:\windows\system32\dllcache\hidparse.sys
2013-10-10 08:03:27    14976    -c----w-    c:\windows\system32\dllcache\usbscan.sys
2013-10-10 08:03:25    26240    -c----w-    c:\windows\system32\dllcache\usbser.sys
2013-10-10 08:03:22    60160    -c----w-    c:\windows\system32\dllcache\usbaudio.sys
2013-10-10 08:03:22    123008    -c----w-    c:\windows\system32\dllcache\usbvideo.sys
2013-10-10 08:03:01    5376    -c----w-    c:\windows\system32\dllcache\usbd.sys
2013-10-10 08:03:01    32384    -c----w-    c:\windows\system32\dllcache\usbccgp.sys
2013-10-10 08:03:01    30336    -c----w-    c:\windows\system32\dllcache\usbehci.sys
2013-10-10 08:03:00    144128    -c----w-    c:\windows\system32\dllcache\usbport.sys
2013-10-07 07:11:09    --------    d-----w-    c:\documents and settings\owner\application data\SUPERAntiSpyware.com
2013-10-07 07:10:56    --------    d-----w-    c:\program files\SUPERAntiSpyware
2013-10-07 07:10:56    --------    d-----w-    c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2013-09-25 16:55:39    650752    ----a-w-    c:\windows\system32\xvidcore.dll
2013-09-25 16:55:39    3649536    ----a-w-    c:\windows\system32\x264vfw.dll
2013-09-25 16:55:39    243200    ----a-w-    c:\windows\system32\xvidvfw.dll
2013-09-25 16:55:39    216064    ----a-w-    c:\windows\system32\lagarith.dll
2013-09-25 16:55:38    122880    ----a-w-    c:\windows\system32\ac3acm.acm
2013-09-25 16:55:36    112640    ----a-w-    c:\windows\system32\ff_vfw.dll
2013-09-25 16:55:34    --------    d-----w-    c:\program files\K-Lite Codec Pack
2013-09-21 13:54:37    --------    d-----w-    c:\documents and settings\owner\application data\D16 Group
2013-09-21 13:52:44    --------    d-----w-    c:\program files\D16 Group Audio Software
2013-09-19 18:55:48    --------    d-----w-    c:\program files\D16 Group
2013-09-19 18:38:09    --------    d-----w-    c:\documents and settings\all users\application data\D16 Group
.
==================== Find3M  ====================
.
2013-10-10 15:47:21    6272    ----a-w-    c:\windows\system32\drivers\splitter.sys.bak
2013-10-10 15:46:59    63744    ----a-w-    c:\windows\system32\drivers\mf.sys.bak
2013-10-10 15:46:58    75264    ----a-w-    c:\windows\system32\drivers\ipsec.sys.bak
2013-10-10 13:54:26    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-10 13:54:26    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-09-23 18:33:58    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-09-23 18:33:57    43520    ------w-    c:\windows\system32\licmgr10.dll
2013-09-23 18:33:57    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2013-09-23 18:33:56    18944    ----a-w-    c:\windows\system32\corpol.dll
2013-09-23 18:06:48    385024    ------w-    c:\windows\system32\html.iec
2013-08-30 15:03:26    176    ----a-w-    c:\documents and settings\owner\application data\msregsvv.dll
2013-08-29 01:31:44    1878656    ----a-w-    c:\windows\system32\win32k.sys
2013-08-29 00:56:06    26240    ----a-w-    c:\windows\system32\drivers\usbser.sys
2013-08-24 17:49:48    2892    ----a-w-    c:\windows\system32\audcon.sys
2013-08-22 17:09:56    217176    ----a-w-    c:\windows\system32\unrar.dll
2013-08-09 01:56:45    386560    ----a-w-    c:\windows\system32\themeui.dll
2013-08-09 00:55:08    144128    ----a-w-    c:\windows\system32\drivers\usbport.sys
2013-08-09 00:55:07    32384    ----a-w-    c:\windows\system32\drivers\usbccgp.sys
2013-08-09 00:55:06    5376    ----a-w-    c:\windows\system32\drivers\usbd.sys
2013-08-05 13:30:32    1289728    ----a-w-    c:\windows\system32\ole32.dll
2013-08-03 12:18:38    1543680    ----a-w-    c:\windows\system32\wmvdecod.dll
2010-10-03 12:16:21    3430224    ----a-w-    c:\program files\ccsetup236.exe
2010-05-22 20:04:52    3099136    ----a-w-    c:\program files\openofficeorg32.msi
.
============= FINISH: 13.22.18,34 ===============
 



#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,083 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:02 PM

Posted 20 October 2013 - 02:20 AM

Hello, my name is Elise and I'll assist you with this issue.

 

Could you please give me an update about what problems exactly you're still experiencing at this time?


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 Tilkon

Tilkon
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 20 October 2013 - 04:47 AM

At the moment I do not have specific problems, but I am still worried becuase in the Event Viewer/Security I see many activities (also few times by an "unknown user"). But I am no expert, and I do not know, maybe this is normal behaviour.

 

I own the original Windows XP CD.



#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,083 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:02 PM

Posted 20 October 2013 - 05:56 AM

That is actually quite normal, these are inbuild Windows accounts, as you can see also here: http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/aclui_well_known_sid.mspx?mfr=true

 

Because the eventviewer output isn't present in your attach.txt log, could you give me some examples of errors you find suspicious?


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 Tilkon

Tilkon
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 20 October 2013 - 06:56 AM

I attach a pic of the latest Security events.

 

also, I sometimes find Policy Change events.

 

And finally, going back to the beginning of the problem: what could have changed the account passwords?

 

 

Attached Files



#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,083 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:02 PM

Posted 20 October 2013 - 09:28 AM

All those events are perfectly normal.

 

After the password was changed, how did you get back into Windows?


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 Tilkon

Tilkon
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 20 October 2013 - 09:28 AM

Also: from the previous removal procedures I got an RK Quaratine Folder on my desktop. Can I simply delete it? Or shall I do something specific with it?



#11 Tilkon

Tilkon
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 20 October 2013 - 09:30 AM

I have two accounts, both with administrator priviliges. When the first password changed, I entered from the second one - and from there I created a new password for the first. Then it happened the other way around.



#12 Tilkon

Tilkon
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 20 October 2013 - 09:48 AM

Another strange thing: I now run Antimalwarebytes and I am running Superantispyware. I recevied on my phone a code on my mobile phone from Google, for the two step authentication that I use with Google. But I did not ask for it. The same happened few days back when I started here the disinfection of the PC. Maybe just a case, but I am referring all the suspicious behaviours.

 

...sorry, my mistake, attempt to access gmail from another pc in the house!


Edited by Tilkon, 20 October 2013 - 11:09 AM.


#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,083 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:02 PM

Posted 20 October 2013 - 11:45 AM

Do you remember if anything specific happened or had happened when your user account's passwords were changed?


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 Tilkon

Tilkon
  • Topic Starter

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Local time:10:02 PM

Posted 20 October 2013 - 12:41 PM

it happened around 2 weeks ago, so unfortunately cant remember really something specific.



#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,083 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:02 PM

Posted 20 October 2013 - 12:53 PM

Just to be sure lets run a rootkit scan, although I don't expect it to turn up much.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users