Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

.tmp file at USER/AppData/Local/VirtualStore/Windows/System32 (passwords, chats)


  • This topic is locked This topic is locked
21 replies to this topic

#1 tarkuz

tarkuz

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:38 PM

Posted 11 October 2013 - 04:02 AM

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16720  BrowserJavaVersion: 10.40.2
Run by Tarkus at 3:53:12 on 2013-10-11
#Option MBR scan  is disabled.
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.51.3082.18.2047.1109 [GMT -5:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ================
.
C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\AVG\AVG2013\avgidsagent.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\viakaraokesrv.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files\AVG\AVG2013\avgnsx.exe
C:\Program Files\AVG\AVG2013\avgemcx.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Tarkus\AppData\Local\Temp\windows.loader.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.pe/
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
uRun: [09eb99c455680f440c477dff1bede754] "c:\users\tarkus\appdata\local\temp\windows.loader.exe" ..
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mRun: [HDAudDeck] c:\program files\via\viaudioi\vdeck\VDeck.exe -r
mRun: [Nvtmru] "c:\program files\nvidia corporation\nvidia update core\nvtmru.exe"
StartupFolder: c:\users\tarkus\appdata\roaming\microsoft\windows\start menu\programs\startup\09eb99c455680f440c477dff1bede754.exe
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xportar a Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 200.48.225.130 200.48.225.146
TCP: Interfaces\{65A4AB47-3902-4D72-BED6-799FA83EA83B} : DHCPNameServer = 200.48.225.130 200.48.225.146
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
Hosts: 127.0.0.1    www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\tarkus\appdata\roaming\mozilla\firefox\profiles\a5bzvu05.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\users\tarkus\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\users\tarkus\appdata\local\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-7-20 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-7-20 246072]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-7-1 96568]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-9-5 39224]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-7-20 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-9-10 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-7-20 171320]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-3-21 182072]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\drivers\EpfwLWF.sys [2012-10-8 46056]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2013-7-4 4939312]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2013-7-23 283136]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-12-5 418376]
R2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe [2013-9-6 14573856]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2013-10-10 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2013-9-12 414496]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\ViakaraokeSrv.exe [2013-4-21 27768]
R3 debutfilter;Debut Upper Filter Driver v6.10.01;c:\windows\system32\drivers\debutfilterx86.sys [2012-12-5 40216]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-5 22856]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2013-9-6 33568]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2013-4-21 1841272]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-12-5 701512]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-12-9 14848]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-12-9 49664]
.
=============== Created Last 30 ================
.
2013-10-11 06:34:14    --------    d-----w-    c:\windows\pss
2013-10-11 04:33:10    --------    d-----w-    c:\programdata\Spybot - Search & Destroy
2013-10-11 04:33:10    --------    d-----w-    c:\program files\Spybot - Search & Destroy
2013-10-11 01:22:27    --------    d-sh--w-    C:\$RECYCLE.BIN
2013-10-10 18:16:52    --------    d-----w-    c:\programdata\Oracle
2013-10-10 18:16:28    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-10-09 19:25:05    55808    ----a-w-    c:\windows\system32\drivers\hidclass.sys
2013-10-09 19:25:04    25728    ----a-w-    c:\windows\system32\drivers\hidparse.sys
2013-10-09 19:25:03    2348544    ----a-w-    c:\windows\system32\win32k.sys
2013-10-09 19:25:00    434688    ----a-w-    c:\windows\system32\scavengeui.dll
2013-10-09 19:23:52    86016    ----a-w-    c:\windows\system32\drivers\usbcir.sys
2013-10-09 19:23:52    80896    ----a-w-    c:\windows\system32\drivers\USBAUDIO.sys
2013-10-09 19:23:52    146816    ----a-w-    c:\windows\system32\drivers\usbvideo.sys
2013-10-05 01:17:20    259584    ----a-w-    c:\users\tarkus\appdata\roaming\microsoft\windows\start menu\programs\startup\09eb99c455680f440c477dff1bede754.exe
2013-09-27 23:53:23    --------    d-----w-    c:\programdata\AVG 0913b Campaign
2013-09-27 19:54:52    7328304    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{fc4ec627-dd53-4709-a59d-6c81703c77fc}\mpengine.dll
2013-09-18 03:23:20    9253664    ----a-w-    c:\windows\system32\drivers\nvlddmkm.sys
2013-09-18 03:23:20    6329552    ----a-w-    c:\windows\system32\nvopencl.dll
2013-09-18 03:23:20    22102304    ----a-w-    c:\windows\system32\nvoglv32.dll
2013-09-18 03:23:18    515360    ----a-w-    c:\windows\system32\NvIFR.dll
2013-09-18 03:23:16    893728    ----a-w-    c:\windows\system32\nvdispgenco3232723.dll
2013-09-18 03:23:16    586016    ----a-w-    c:\windows\system32\NvFBC.dll
2013-09-18 03:23:16    28448    ----a-w-    c:\windows\system32\nvhdap32.dll
2013-09-18 03:23:16    161056    ----a-w-    c:\windows\system32\drivers\nvhda32v.sys
2013-09-18 03:23:16    1049376    ----a-w-    c:\windows\system32\nvdispco3232723.dll
2013-09-18 03:23:14    7720576    ----a-w-    c:\windows\system32\nvcuda.dll
2013-09-18 03:23:14    2789152    ----a-w-    c:\windows\system32\nvcuvid.dll
2013-09-18 03:23:14    2007328    ----a-w-    c:\windows\system32\nvcuvenc.dll
2013-09-18 03:23:02    17560352    ----a-w-    c:\windows\system32\nvcompiler.dll
2013-09-12 18:14:42    18612928    ----a-w-    c:\program files\common files\microsoft shared\office14\MSO.DLL
2013-09-12 06:17:50    571168    ----a-w-    c:\windows\system32\nvStreaming.exe
.
==================== Find3M  ====================
.
2013-10-10 18:16:22    868264    ----a-w-    c:\windows\system32\npDeployJava1.dll
2013-10-10 18:16:22    790440    ----a-w-    c:\windows\system32\deployJava1.dll
2013-09-22 23:28:06    1767936    ----a-w-    c:\windows\system32\wininet.dll
2013-09-22 23:27:49    2876928    ----a-w-    c:\windows\system32\jscript9.dll
2013-09-22 23:27:48    61440    ----a-w-    c:\windows\system32\iesetup.dll
2013-09-22 23:27:48    109056    ----a-w-    c:\windows\system32\iesysprep.dll
2013-09-21 03:30:24    2706432    ----a-w-    c:\windows\system32\mshtml.tlb
2013-09-21 02:39:47    71680    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2013-09-18 03:23:26    53024    ----a-w-    c:\windows\system32\OpenCL.dll
2013-09-18 03:23:24    13628208    ----a-w-    c:\windows\system32\nvwgf2um.dll
2013-09-18 03:23:16    12947360    ----a-w-    c:\windows\system32\nvd3dum.dll
2013-09-18 03:23:02    2630304    ----a-w-    c:\windows\system32\nvapi.dll
2013-09-14 00:48:58    338944    ----a-w-    c:\windows\system32\drivers\afd.sys
2013-09-12 06:28:40    4265760    ----a-w-    c:\windows\system32\nvcpl.dll
2013-09-12 06:28:40    3006240    ----a-w-    c:\windows\system32\nvsvc.dll
2013-09-12 06:28:37    662816    ----a-w-    c:\windows\system32\nvvsvc.exe
2013-09-12 06:28:37    62752    ----a-w-    c:\windows\system32\nvshext.dll
2013-09-12 06:28:37    2555168    ----a-w-    c:\windows\system32\nvsvcr.dll
2013-09-12 06:28:36    209184    ----a-w-    c:\windows\system32\nvmctray.dll
2013-09-10 06:34:48    22328    ----a-w-    c:\windows\system32\drivers\avgidsshimx.sys
2013-09-08 02:07:12    1294272    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:03:58    231424    ----a-w-    c:\windows\system32\mswsock.dll
2013-09-05 06:43:42    39224    ----a-w-    c:\windows\system32\drivers\avgrkx86.sys
2013-09-04 01:15:32    258560    ----a-w-    c:\windows\system32\drivers\usbhub.sys
2013-09-04 01:14:52    76288    ----a-w-    c:\windows\system32\drivers\usbccgp.sys
2013-09-04 01:14:52    284672    ----a-w-    c:\windows\system32\drivers\usbport.sys
2013-09-04 01:14:45    43008    ----a-w-    c:\windows\system32\drivers\usbehci.sys
2013-09-04 01:14:45    20480    ----a-w-    c:\windows\system32\drivers\usbohci.sys
2013-09-04 01:14:43    24064    ----a-w-    c:\windows\system32\drivers\usbuhci.sys
2013-09-04 01:14:40    6016    ----a-w-    c:\windows\system32\drivers\usbd.sys
2013-08-29 01:51:45    3969472    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-08-29 01:51:45    3914176    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-08-29 01:50:30    1289096    ----a-w-    c:\windows\system32\ntdll.dll
2013-08-29 01:50:16    619520    ----a-w-    c:\windows\system32\tdh.dll
2013-08-29 01:48:17    640512    ----a-w-    c:\windows\system32\advapi32.dll
2013-08-20 13:33:30    33568    ----a-w-    c:\windows\system32\drivers\nvvad32v.sys
2013-08-20 13:32:46    28448    ----a-w-    c:\windows\system32\nvaudcap32v.dll
2013-08-07 09:22:04    238872    ------w-    c:\windows\system32\MpSigStub.exe
2013-08-05 01:56:47    133056    ----a-w-    c:\windows\system32\drivers\ataport.sys
2013-08-02 01:50:36    169984    ----a-w-    c:\windows\system32\winsrv.dll
2013-08-02 01:49:19    293376    ----a-w-    c:\windows\system32\KernelBase.dll
2013-08-02 00:52:57    271360    ----a-w-    c:\windows\system32\conhost.exe
2013-08-02 00:43:05    6144    ---ha-w-    c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05    4608    ---ha-w-    c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05    3584    ---ha-w-    c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05    3072    ---ha-w-    c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-08-01 11:03:36    729024    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
2013-07-25 08:57:27    1620992    ----a-w-    c:\windows\system32\WMVDECOD.DLL
2013-07-20 10:33:12    102608    ----a-w-    c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-07-20 06:51:00    246072    ----a-w-    c:\windows\system32\drivers\avglogx.sys
2013-07-20 06:50:56    60216    ----a-w-    c:\windows\system32\drivers\avgidshx.sys
2013-07-20 06:50:56    208184    ----a-w-    c:\windows\system32\drivers\avgidsdriverx.sys
2013-07-20 06:50:50    171320    ----a-w-    c:\windows\system32\drivers\avgldx86.sys
2013-07-19 17:35:34    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-19 17:35:34    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-07-19 01:41:01    2048    ----a-w-    c:\windows\system32\tzres.dll
.
============= FINISH:  3:53:31.79 ===============



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:38 AM

Posted 11 October 2013 - 04:20 AM

Hi Tarkuz,

as mentioned in the chat, I'm taking a look at the log.
 

c:\users\tarkus\appdata\roaming\microsoft\windows\start menu\programs\startup\09eb99c455680f440c477dff1bede754.exe

Let's see what that weird file is, can you please upload it to www.virustotal.com and give me the link for the results.

regards
myrti

Edited by myrti, 11 October 2013 - 04:20 AM.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:38 AM

Posted 11 October 2013 - 04:34 AM

Hi,

given the resutls from virustotal, I would recommend running Malwarebytes next:

Please download Malwarebytes Anti-Malware mbamicontw5.gif and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When the scan is complete, click OK, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).

regrads
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#4 tarkuz

tarkuz
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:38 PM

Posted 11 October 2013 - 04:46 AM

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.11.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16721
Tarkus :: TARKUS [administrator]

11/10/2013 04:38:48 a.m.
mbam-log-2013-10-11 (04-38-48).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 217623
Time elapsed: 6 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 



#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:38 AM

Posted 11 October 2013 - 04:49 AM

Hi,

ok, Malwarebytes didn't see it, so let's try combofix next:

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

regards
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 tarkuz

tarkuz
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:38 PM

Posted 11 October 2013 - 05:25 AM

ComboFix 13-10-09.01 - Tarkus 11/10/2013   5:14.12.2 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.51.3082.18.2047.1316 [GMT -5:00]
Running from: c:\users\Tarkus\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2013-09-11 to 2013-10-11  )))))))))))))))))))))))))))))))
.
.
2013-10-11 08:09 . 2013-10-11 08:09    --------    d-----w-    c:\users\TEMP
2013-10-11 04:33 . 2013-10-11 07:01    --------    d-----w-    c:\programdata\Spybot - Search & Destroy
2013-10-11 04:33 . 2013-10-11 04:38    --------    d-----w-    c:\program files\Spybot - Search & Destroy
2013-10-10 18:16 . 2013-10-10 18:16    --------    d-----w-    c:\programdata\Oracle
2013-10-10 18:16 . 2013-10-10 18:16    --------    d-----w-    c:\program files\Common Files\Java
2013-10-10 18:16 . 2013-10-10 18:16    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-10-09 19:25 . 2013-07-03 03:36    55808    ----a-w-    c:\windows\system32\drivers\hidclass.sys
2013-10-09 19:25 . 2013-07-03 03:36    25728    ----a-w-    c:\windows\system32\drivers\hidparse.sys
2013-10-09 19:25 . 2013-08-28 01:04    2348544    ----a-w-    c:\windows\system32\win32k.sys
2013-10-09 19:25 . 2013-08-28 00:57    434688    ----a-w-    c:\windows\system32\scavengeui.dll
2013-10-09 19:23 . 2013-07-12 10:08    146816    ----a-w-    c:\windows\system32\drivers\usbvideo.sys
2013-10-09 19:23 . 2013-07-12 10:07    86016    ----a-w-    c:\windows\system32\drivers\usbcir.sys
2013-10-09 19:23 . 2013-07-12 10:07    80896    ----a-w-    c:\windows\system32\drivers\USBAUDIO.sys
2013-10-05 01:17 . 2013-09-14 17:04    259584    ----a-w-    c:\users\Tarkus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\09eb99c455680f440c477dff1bede754.exe
2013-09-27 23:53 . 2013-09-27 23:53    --------    d-----w-    c:\programdata\AVG 0913b Campaign
2013-09-27 19:54 . 2013-09-05 05:02    7328304    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{FC4EC627-DD53-4709-A59D-6C81703C77FC}\mpengine.dll
2013-09-18 03:23 . 2013-09-18 03:23    9253664    ----a-w-    c:\windows\system32\drivers\nvlddmkm.sys
2013-09-18 03:23 . 2013-09-18 03:23    6329552    ----a-w-    c:\windows\system32\nvopencl.dll
2013-09-18 03:23 . 2013-09-18 03:23    22102304    ----a-w-    c:\windows\system32\nvoglv32.dll
2013-09-18 03:23 . 2013-09-18 03:23    515360    ----a-w-    c:\windows\system32\NvIFR.dll
2013-09-18 03:23 . 2013-09-18 03:23    893728    ----a-w-    c:\windows\system32\nvdispgenco3232723.dll
2013-09-18 03:23 . 2013-09-18 03:23    586016    ----a-w-    c:\windows\system32\NvFBC.dll
2013-09-18 03:23 . 2013-09-18 03:23    28448    ----a-w-    c:\windows\system32\nvhdap32.dll
2013-09-18 03:23 . 2013-09-18 03:23    161056    ----a-w-    c:\windows\system32\drivers\nvhda32v.sys
2013-09-18 03:23 . 2013-09-18 03:23    1049376    ----a-w-    c:\windows\system32\nvdispco3232723.dll
2013-09-18 03:23 . 2013-09-18 03:23    7720576    ----a-w-    c:\windows\system32\nvcuda.dll
2013-09-18 03:23 . 2013-09-18 03:23    2789152    ----a-w-    c:\windows\system32\nvcuvid.dll
2013-09-18 03:23 . 2013-09-18 03:23    2007328    ----a-w-    c:\windows\system32\nvcuvenc.dll
2013-09-18 03:23 . 2013-09-18 03:23    17560352    ----a-w-    c:\windows\system32\nvcompiler.dll
2013-09-12 18:14 . 2013-09-12 18:14    18612928    ----a-w-    c:\program files\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
2013-09-12 15:55 . 2013-09-12 15:55    --------    d-----w-    c:\users\Default\AppData\Roaming\TuneUp Software
2013-09-12 06:17 . 2013-09-12 06:17    571168    ----a-w-    c:\windows\system32\nvStreaming.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-10 18:16 . 2013-06-04 02:52    868264    ----a-w-    c:\windows\system32\npDeployJava1.dll
2013-10-10 18:16 . 2012-12-05 02:42    790440    ----a-w-    c:\windows\system32\deployJava1.dll
2013-09-18 03:23 . 2012-12-05 02:46    53024    ----a-w-    c:\windows\system32\OpenCL.dll
2013-09-18 03:23 . 2013-07-02 02:52    13628208    ----a-w-    c:\windows\system32\nvwgf2um.dll
2013-09-18 03:23 . 2013-05-26 20:18    12947360    ----a-w-    c:\windows\system32\nvd3dum.dll
2013-09-18 03:23 . 2012-10-11 02:14    2630304    ----a-w-    c:\windows\system32\nvapi.dll
2013-09-12 06:28 . 2012-12-05 02:47    4265760    ----a-w-    c:\windows\system32\nvcpl.dll
2013-09-12 06:28 . 2012-12-05 02:47    3006240    ----a-w-    c:\windows\system32\nvsvc.dll
2013-09-12 06:28 . 2012-12-05 02:47    662816    ----a-w-    c:\windows\system32\nvvsvc.exe
2013-09-12 06:28 . 2012-12-05 02:47    62752    ----a-w-    c:\windows\system32\nvshext.dll
2013-09-12 06:28 . 2012-12-05 02:47    2555168    ----a-w-    c:\windows\system32\nvsvcr.dll
2013-09-12 06:28 . 2012-12-05 02:47    209184    ----a-w-    c:\windows\system32\nvmctray.dll
2013-09-10 06:34 . 2013-09-10 06:34    22328    ----a-w-    c:\windows\system32\drivers\avgidsshimx.sys
2013-09-05 06:43 . 2013-09-05 06:43    39224    ----a-w-    c:\windows\system32\drivers\avgrkx86.sys
2013-08-20 13:33 . 2013-09-06 20:30    33568    ----a-w-    c:\windows\system32\drivers\nvvad32v.sys
2013-08-20 13:32 . 2013-09-06 20:30    28448    ----a-w-    c:\windows\system32\nvaudcap32v.dll
2013-08-07 09:22 . 2012-12-05 02:53    238872    ------w-    c:\windows\system32\MpSigStub.exe
2013-07-25 08:57 . 2013-08-15 01:47    1620992    ----a-w-    c:\windows\system32\WMVDECOD.DLL
2013-07-20 06:51 . 2013-07-20 06:51    246072    ----a-w-    c:\windows\system32\drivers\avglogx.sys
2013-07-20 06:50 . 2013-07-20 06:50    60216    ----a-w-    c:\windows\system32\drivers\avgidshx.sys
2013-07-20 06:50 . 2013-07-20 06:50    208184    ----a-w-    c:\windows\system32\drivers\avgidsdriverx.sys
2013-07-20 06:50 . 2013-07-20 06:50    171320    ----a-w-    c:\windows\system32\drivers\avgldx86.sys
2013-07-19 17:35 . 2013-04-15 06:15    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-19 17:35 . 2013-04-15 06:15    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-07-19 01:41 . 2013-08-15 01:46    2048    ----a-w-    c:\windows\system32\tzres.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-08-15 4411440]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2012-10-25 4045432]
"Nvtmru"="c:\program files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-08-27 1028896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"1"="c:\program files\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe" [2013-04-04 218184]
.
c:\users\Tarkus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
09eb99c455680f440c477dff1bede754.exe [2013-9-14 259584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0sdnclean.exe
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [2013-07-04 4939312]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2013-07-20 60216]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [2013-07-20 246072]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2013-09-05 39224]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2013-07-20 208184]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2013-09-10 22328]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2013-07-20 171320]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2013-03-21 182072]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2012-10-08 46056]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [2013-07-24 283136]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-08-27 14573856]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-09-12 414496]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [2012-10-22 27768]
S3 debutfilter;Debut Upper Filter Driver v6.10.01;c:\windows\system32\DRIVERS\debutfilterx86.sys [2012-12-05 40216]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2013-08-20 33568]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2012-10-22 1841272]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-27 c:\windows\Tasks\AVG_REG_0913b.job
- c:\programdata\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe [2013-09-27 15:09]
.
2013-09-27 c:\windows\Tasks\AVG_SYS_TASK_DELETE.job
- c:\programdata\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe [2013-09-27 15:09]
.
2013-10-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-745799121-1348335885-758387123-1001Core.job
- c:\users\Tarkus\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-10-10 18:49]
.
2013-10-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-745799121-1348335885-758387123-1001Core.job
- c:\users\Tarkus\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-05 05:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.pe/
IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 200.48.225.130 200.48.225.146
FF - ProfilePath - c:\users\Tarkus\AppData\Roaming\Mozilla\Firefox\Profiles\a5bzvu05.default\
FF - prefs.js: browser.startup.homepage - www.google.com
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.032"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.abr"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.ani"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.apd"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.arw"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.bay"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-745799121-1348335885-758387123-1001)
"Progid"="ACDSee Photo Manager 12.bmp"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.bw"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.cr2"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.crw"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.cs1"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.cur"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.dcr"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.dcx"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-745799121-1348335885-758387123-1001)
"Progid"="ACDSee Photo Manager 12.dib"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.djv"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.djvu"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.dng"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-745799121-1348335885-758387123-1001)
"Progid"="ACDSee Photo Manager 12.emf"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.eps"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.erf"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.fff"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.fpx"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-745799121-1348335885-758387123-1001)
"Progid"="ACDSee Photo Manager 12.gif"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.hdr"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.icl"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.icn"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.iff"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.ilbm"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.int"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.inta"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.iw4"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.j2c"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.j2k"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jbr"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-745799121-1348335885-758387123-1001)
"Progid"="ACDSee Photo Manager 12.jfif"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jif"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jp2"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jpc"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-745799121-1348335885-758387123-1001)
"Progid"="ACDSee Photo Manager 12.jpe"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-745799121-1348335885-758387123-1001)
"Progid"="ACDSee Photo Manager 12.jpeg"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-745799121-1348335885-758387123-1001)
"Progid"="ACDSee Photo Manager 12.jpg"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jpk"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jpx"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.kdc"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.lbm"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.mef"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.mos"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.mrw"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.nef"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.nrw"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.orf"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pbm"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pbr"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pcd"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pct"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pcx"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pef"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pgm"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pic"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pict"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pix"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-745799121-1348335885-758387123-1001)
"Progid"="ACDSee Photo Manager 12.png"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.ppm"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.psd"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.psp"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pspbrush"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pspimage"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.raf"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.ras"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.raw"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.rgb"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.rgba"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-745799121-1348335885-758387123-1001)
"Progid"="ACDSee Photo Manager 12.rle"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.rsb"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.rw2"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.rwl"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.sgi"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.sr2"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.srf"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.srw"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.tga"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.thm"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-745799121-1348335885-758387123-1001)
"Progid"="ACDSee Photo Manager 12.tif"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-745799121-1348335885-758387123-1001)
"Progid"="ACDSee Photo Manager 12.tiff"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.ttc"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.ttf"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.v30po"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.v30pp"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.v30ppf"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.wbm"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.wbmp"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-745799121-1348335885-758387123-1001)
"Progid"="ACDSee Photo Manager 12.wmf"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.xbm"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.xif"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.xmp"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.xpm"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-10-11  05:22:43
ComboFix-quarantined-files.txt  2013-10-11 10:22
.
Pre-Run: 74,744,897,536 bytes libres
Post-Run: 74,679,975,936 bytes libres
.
- - End Of File - - DAAFA69E8539024FBDCE3762FC398F9E
A36C5E4F47E84449FF07ED3517B43A31
 



#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:38 AM

Posted 11 October 2013 - 05:31 AM

Hi,

ok, ComboFix also didn't see it. So let's remove it with a script:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:
 

File::
c:\users\Tarkus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\09eb99c455680f440c477dff1bede754.exe


Save this as CFScript.txt, in the same location as ComboFix.exe


CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

regards
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 tarkuz

tarkuz
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:38 PM

Posted 11 October 2013 - 05:54 AM

ComboFix 13-10-09.01 - Tarkus 11/10/2013   5:38.13.2 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.51.3082.18.2047.1211 [GMT -5:00]
Running from: c:\users\Tarkus\Desktop\ComboFix.exe
Command switches used :: c:\users\Tarkus\Desktop\CFScript.txt
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Tarkus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\09eb99c455680f440c477dff1bede754.exe"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Tarkus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\09eb99c455680f440c477dff1bede754.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-09-11 to 2013-10-11  )))))))))))))))))))))))))))))))
.
.
2013-10-11 10:45 . 2013-10-11 10:46    --------    d-----w-    c:\users\Tarkus\AppData\Local\temp
2013-10-11 10:45 . 2013-10-11 10:45    --------    d-----w-    c:\users\Public\AppData\Local\temp
2013-10-11 10:45 . 2013-10-11 10:45    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-10-11 08:09 . 2013-10-11 08:09    --------    d-----w-    c:\users\TEMP
2013-10-11 04:33 . 2013-10-11 07:01    --------    d-----w-    c:\programdata\Spybot - Search & Destroy
2013-10-11 04:33 . 2013-10-11 04:38    --------    d-----w-    c:\program files\Spybot - Search & Destroy
2013-10-10 18:16 . 2013-10-10 18:16    --------    d-----w-    c:\programdata\Oracle
2013-10-10 18:16 . 2013-10-10 18:16    --------    d-----w-    c:\program files\Common Files\Java
2013-10-10 18:16 . 2013-10-10 18:16    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-10-09 19:25 . 2013-07-03 03:36    55808    ----a-w-    c:\windows\system32\drivers\hidclass.sys
2013-10-09 19:25 . 2013-07-03 03:36    25728    ----a-w-    c:\windows\system32\drivers\hidparse.sys
2013-10-09 19:25 . 2013-08-28 01:04    2348544    ----a-w-    c:\windows\system32\win32k.sys
2013-10-09 19:25 . 2013-08-28 00:57    434688    ----a-w-    c:\windows\system32\scavengeui.dll
2013-10-09 19:23 . 2013-07-12 10:08    146816    ----a-w-    c:\windows\system32\drivers\usbvideo.sys
2013-10-09 19:23 . 2013-07-12 10:07    86016    ----a-w-    c:\windows\system32\drivers\usbcir.sys
2013-10-09 19:23 . 2013-07-12 10:07    80896    ----a-w-    c:\windows\system32\drivers\USBAUDIO.sys
2013-09-27 23:53 . 2013-09-27 23:53    --------    d-----w-    c:\programdata\AVG 0913b Campaign
2013-09-27 19:54 . 2013-09-05 05:02    7328304    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{FC4EC627-DD53-4709-A59D-6C81703C77FC}\mpengine.dll
2013-09-18 03:23 . 2013-09-18 03:23    9253664    ----a-w-    c:\windows\system32\drivers\nvlddmkm.sys
2013-09-18 03:23 . 2013-09-18 03:23    6329552    ----a-w-    c:\windows\system32\nvopencl.dll
2013-09-18 03:23 . 2013-09-18 03:23    22102304    ----a-w-    c:\windows\system32\nvoglv32.dll
2013-09-18 03:23 . 2013-09-18 03:23    515360    ----a-w-    c:\windows\system32\NvIFR.dll
2013-09-18 03:23 . 2013-09-18 03:23    893728    ----a-w-    c:\windows\system32\nvdispgenco3232723.dll
2013-09-18 03:23 . 2013-09-18 03:23    586016    ----a-w-    c:\windows\system32\NvFBC.dll
2013-09-18 03:23 . 2013-09-18 03:23    28448    ----a-w-    c:\windows\system32\nvhdap32.dll
2013-09-18 03:23 . 2013-09-18 03:23    161056    ----a-w-    c:\windows\system32\drivers\nvhda32v.sys
2013-09-18 03:23 . 2013-09-18 03:23    1049376    ----a-w-    c:\windows\system32\nvdispco3232723.dll
2013-09-18 03:23 . 2013-09-18 03:23    7720576    ----a-w-    c:\windows\system32\nvcuda.dll
2013-09-18 03:23 . 2013-09-18 03:23    2789152    ----a-w-    c:\windows\system32\nvcuvid.dll
2013-09-18 03:23 . 2013-09-18 03:23    2007328    ----a-w-    c:\windows\system32\nvcuvenc.dll
2013-09-18 03:23 . 2013-09-18 03:23    17560352    ----a-w-    c:\windows\system32\nvcompiler.dll
2013-09-12 18:14 . 2013-09-12 18:14    18612928    ----a-w-    c:\program files\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
2013-09-12 15:55 . 2013-09-12 15:55    --------    d-----w-    c:\users\Default\AppData\Roaming\TuneUp Software
2013-09-12 06:17 . 2013-09-12 06:17    571168    ----a-w-    c:\windows\system32\nvStreaming.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-10 18:16 . 2013-06-04 02:52    868264    ----a-w-    c:\windows\system32\npDeployJava1.dll
2013-10-10 18:16 . 2012-12-05 02:42    790440    ----a-w-    c:\windows\system32\deployJava1.dll
2013-09-18 03:23 . 2012-12-05 02:46    53024    ----a-w-    c:\windows\system32\OpenCL.dll
2013-09-18 03:23 . 2013-07-02 02:52    13628208    ----a-w-    c:\windows\system32\nvwgf2um.dll
2013-09-18 03:23 . 2013-05-26 20:18    12947360    ----a-w-    c:\windows\system32\nvd3dum.dll
2013-09-18 03:23 . 2012-10-11 02:14    2630304    ----a-w-    c:\windows\system32\nvapi.dll
2013-09-12 06:28 . 2012-12-05 02:47    4265760    ----a-w-    c:\windows\system32\nvcpl.dll
2013-09-12 06:28 . 2012-12-05 02:47    3006240    ----a-w-    c:\windows\system32\nvsvc.dll
2013-09-12 06:28 . 2012-12-05 02:47    662816    ----a-w-    c:\windows\system32\nvvsvc.exe
2013-09-12 06:28 . 2012-12-05 02:47    62752    ----a-w-    c:\windows\system32\nvshext.dll
2013-09-12 06:28 . 2012-12-05 02:47    2555168    ----a-w-    c:\windows\system32\nvsvcr.dll
2013-09-12 06:28 . 2012-12-05 02:47    209184    ----a-w-    c:\windows\system32\nvmctray.dll
2013-09-10 06:34 . 2013-09-10 06:34    22328    ----a-w-    c:\windows\system32\drivers\avgidsshimx.sys
2013-09-05 06:43 . 2013-09-05 06:43    39224    ----a-w-    c:\windows\system32\drivers\avgrkx86.sys
2013-08-20 13:33 . 2013-09-06 20:30    33568    ----a-w-    c:\windows\system32\drivers\nvvad32v.sys
2013-08-20 13:32 . 2013-09-06 20:30    28448    ----a-w-    c:\windows\system32\nvaudcap32v.dll
2013-08-07 09:22 . 2012-12-05 02:53    238872    ------w-    c:\windows\system32\MpSigStub.exe
2013-07-25 08:57 . 2013-08-15 01:47    1620992    ----a-w-    c:\windows\system32\WMVDECOD.DLL
2013-07-20 06:51 . 2013-07-20 06:51    246072    ----a-w-    c:\windows\system32\drivers\avglogx.sys
2013-07-20 06:50 . 2013-07-20 06:50    60216    ----a-w-    c:\windows\system32\drivers\avgidshx.sys
2013-07-20 06:50 . 2013-07-20 06:50    208184    ----a-w-    c:\windows\system32\drivers\avgidsdriverx.sys
2013-07-20 06:50 . 2013-07-20 06:50    171320    ----a-w-    c:\windows\system32\drivers\avgldx86.sys
2013-07-19 17:35 . 2013-04-15 06:15    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-19 17:35 . 2013-04-15 06:15    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-07-19 01:41 . 2013-08-15 01:46    2048    ----a-w-    c:\windows\system32\tzres.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-08-15 4411440]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2012-10-25 4045432]
"Nvtmru"="c:\program files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-08-27 1028896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"1"="c:\program files\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe" [2013-04-04 218184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0sdnclean.exe
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [2013-07-04 4939312]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2013-07-20 60216]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [2013-07-20 246072]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2013-09-05 39224]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2013-07-20 208184]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2013-09-10 22328]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2013-07-20 171320]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2013-03-21 182072]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2012-10-08 46056]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [2013-07-24 283136]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-08-27 14573856]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-09-12 414496]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [2012-10-22 27768]
S3 debutfilter;Debut Upper Filter Driver v6.10.01;c:\windows\system32\DRIVERS\debutfilterx86.sys [2012-12-05 40216]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2013-08-20 33568]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2012-10-22 1841272]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-27 c:\windows\Tasks\AVG_REG_0913b.job
- c:\programdata\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe [2013-09-27 15:09]
.
2013-09-27 c:\windows\Tasks\AVG_SYS_TASK_DELETE.job
- c:\programdata\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe [2013-09-27 15:09]
.
2013-10-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-745799121-1348335885-758387123-1001Core.job
- c:\users\Tarkus\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-10-10 18:49]
.
2013-10-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-745799121-1348335885-758387123-1001Core.job
- c:\users\Tarkus\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-05 05:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.pe/
IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 200.48.225.130 200.48.225.146
FF - ProfilePath - c:\users\Tarkus\AppData\Roaming\Mozilla\Firefox\Profiles\a5bzvu05.default\
FF - prefs.js: browser.startup.homepage - www.google.com
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.032"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.abr"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.ani"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.apd"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.arw"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.bay"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-745799121-1348335885-758387123-1001)
"Progid"="ACDSee Photo Manager 12.bmp"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.bw"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.cr2"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.crw"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.cs1"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.cur"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.dcr"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.dcx"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-745799121-1348335885-758387123-1001)
"Progid"="ACDSee Photo Manager 12.dib"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.djv"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.djvu"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.dng"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-745799121-1348335885-758387123-1001)
"Progid"="ACDSee Photo Manager 12.emf"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.eps"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.erf"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.fff"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.fpx"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-745799121-1348335885-758387123-1001)
"Progid"="ACDSee Photo Manager 12.gif"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.hdr"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.icl"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.icn"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.iff"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.ilbm"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.int"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.inta"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.iw4"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.j2c"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.j2k"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jbr"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-745799121-1348335885-758387123-1001)
"Progid"="ACDSee Photo Manager 12.jfif"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jif"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jp2"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jpc"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-745799121-1348335885-758387123-1001)
"Progid"="ACDSee Photo Manager 12.jpe"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-745799121-1348335885-758387123-1001)
"Progid"="ACDSee Photo Manager 12.jpeg"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-745799121-1348335885-758387123-1001)
"Progid"="ACDSee Photo Manager 12.jpg"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jpk"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jpx"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.kdc"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.lbm"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.mef"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.mos"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.mrw"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.nef"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.nrw"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.orf"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pbm"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pbr"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pcd"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pct"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pcx"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pef"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pgm"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pic"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pict"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pix"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-745799121-1348335885-758387123-1001)
"Progid"="ACDSee Photo Manager 12.png"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.ppm"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.psd"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.psp"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pspbrush"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pspimage"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.raf"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.ras"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.raw"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.rgb"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.rgba"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-745799121-1348335885-758387123-1001)
"Progid"="ACDSee Photo Manager 12.rle"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.rsb"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.rw2"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.rwl"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.sgi"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.sr2"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.srf"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.srw"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.tga"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.thm"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-745799121-1348335885-758387123-1001)
"Progid"="ACDSee Photo Manager 12.tif"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-745799121-1348335885-758387123-1001)
"Progid"="ACDSee Photo Manager 12.tiff"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.ttc"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.ttf"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.v30po"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.v30pp"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.v30ppf"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.wbm"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.wbmp"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-745799121-1348335885-758387123-1001)
"Progid"="ACDSee Photo Manager 12.wmf"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.xbm"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.xif"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.xmp"
.
[HKEY_USERS\S-1-5-21-745799121-1348335885-758387123-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.xpm"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-10-11  05:52:40
ComboFix-quarantined-files.txt  2013-10-11 10:52
ComboFix2.txt  2013-10-11 10:22
.
Pre-Run: 74,606,067,712 bytes libres
Post-Run: 74,541,506,560 bytes libres
.
- - End Of File - - 1D11F8574951E6800040897566183884
A36C5E4F47E84449FF07ED3517B43A31
 



#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:38 AM

Posted 11 October 2013 - 06:15 AM

Hi,

ok, it looks like we took the file out :)

Just to be safe please run this rootkit scan:
Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Click the Scan button to start the scan.
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 tarkuz

tarkuz
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:38 PM

Posted 11 October 2013 - 06:37 AM

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-10-11 06:18:13
-----------------------------
06:18:13.038    OS Version: Windows 6.1.7601 Service Pack 1
06:18:13.038    Number of processors: 2 586 0x6B02
06:18:13.040    ComputerName: TARKUS  UserName: Tarkus
06:18:16.229    Initialize success
06:22:44.845    AVAST engine defs: 13101001
06:24:17.515    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000063
06:24:17.523    Disk 0 Vendor: ST2000DL CC32 Size: 1907729MB BusType: 3
06:24:17.625    Disk 0 MBR read successfully
06:24:17.625    Disk 0 MBR scan
06:24:17.656    Disk 0 Windows 7 default MBR code
06:24:17.671    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       100000 MB offset 2048
06:24:17.695    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       149999 MB offset 204802048
06:24:17.734    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       540000 MB offset 512002048
06:24:17.742    Disk 0 Partition - 00     0F Extended LBA           1117727 MB offset 1617922048
06:24:17.789    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS       600000 MB offset 1617924096
06:24:17.796    Disk 0 Partition - 00     05     Extended            517726 MB offset 2846724096
06:24:17.843    Disk 0 Partition 5 00     07    HPFS/NTFS NTFS       517725 MB offset 2846726144
06:24:17.875    Disk 0 scanning sectors +3907026944
06:24:17.976    Disk 0 scanning C:\Windows\system32\drivers
06:24:43.750    Service scanning
06:25:20.728    Modules scanning
06:25:25.416    Disk 0 trace - called modules:
06:25:25.447    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll storport.sys nvstor.sys afd.sys nvmf6232.sys
06:25:25.455    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85c74460]
06:25:25.462    3 CLASSPNP.SYS[88fac59e] -> nt!IofCallDriver -> [0x85585220]
06:25:25.470    5 ACPI.sys[88a093d4] -> nt!IofCallDriver -> \Device\00000063[0x85585b50]
06:25:30.423    AVAST engine scan C:\Windows
06:25:34.259    AVAST engine scan C:\Windows\system32
06:31:28.852    AVAST engine scan C:\Windows\system32\drivers
06:31:54.500    AVAST engine scan C:\Users\Tarkus
06:33:18.783    AVAST engine scan C:\ProgramData
06:34:11.368    Scan finished successfully
06:34:22.444    Disk 0 MBR has been saved successfully to "C:\Users\Tarkus\Desktop\MBR.dat"
06:34:22.452    The log file has been saved successfully to "C:\Users\Tarkus\Desktop\aswMBR.txt"


and there's another one encrypted ... can only read "Invalid partition table Error loading operating system Missing operating system"



#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:38 AM

Posted 11 October 2013 - 06:48 AM

Heya,

that's a copy of your MBR, it's not encrypted, it's just not a text file. :) The MBR does however contain a few lines of text that will be displayed in case of errors. For example "Invalid Partition Table" or "Error loading operating system".

These logs are all looking ok, so far. How's the system? Has the random file with the logs reappeared?

regards
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 tarkuz

tarkuz
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:38 PM

Posted 11 October 2013 - 06:50 AM

it's there, renamed as you told me so, but with no changes at all :guitar: ... well, I changed the text inside :hysterical: (words I won't reproduce here if someone was hacking me)


Edited by tarkuz, 11 October 2013 - 07:05 AM.


#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:38 AM

Posted 11 October 2013 - 07:06 AM

heya,
hehe, good thinking. :lol:

Just to be safe I would like to run on final general purpose scan and then we can remove the tools and you'll be on your way:
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
regards
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 tarkuz

tarkuz
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:38 PM

Posted 11 October 2013 - 10:32 AM

C:\Qoobox\Quarantine\C\Users\Tarkus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\09eb99c455680f440c477dff1bede754.exe.vir    a variant of MSIL/Injector.BYG trojan    cleaned by deleting - quarantined
C:\Users\Tarkus\AppData\Roaming\uTorrent\uTorrent.exe    a variant of Win32/Bunndle application    cleaned by deleting - quarantined
D:\Executables\audiocutter.exe    a variant of Win32/Toolbar.Babylon.A application    cleaned by deleting - quarantined
D:\Executables\FreeAudioConverter.exe    Win32/OpenCandy application    cleaned by deleting - quarantined
D:\Executables\utorrent.exe    a variant of Win32/Bunndle application    cleaned by deleting - quarantined
D:\Executables\YTDSetup.exe    a variant of Win32/Bundled.Toolbar.Ask.D application    cleaned by deleting - quarantined
 



#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:06:38 AM

Posted 11 October 2013 - 10:38 AM

Heya,

as you can see ESET did see the malicious file we removed with ComboFix.
The other files are all deleted because of adware that's bundled in the installer with the applications. If you want to keep those files, I would suggest restoring them.
Otherwise everything is looking good. The logging file hasn't been recreated?

You seem to have a few outdated plugins installed in your browser. I would recommend visiting secunia's online inspector to check which install may need updates:
http://secunia.com/vulnerability_scanning/online/

regards
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users