Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Please help Diagnose


  • This topic is locked This topic is locked
8 replies to this topic

#1 giratinavn

giratinavn

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:21 AM

Posted 12 October 2013 - 09:15 AM

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 9:05:23 PM, on 10/12/2013
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Unable to get Internet Explorer version!
 
 
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\User\Downloads\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.lookforithere.info/?pid=658&r=2013/05/16&hid=2356672022&lg=EN&cc=VN&unqvl=14
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Web Layers - {976d7863-9e6c-4066-8c67-0993db9de35f} - C:\Program Files (x86)\Web Layers\WebLayersbho.dll
O2 - BHO: W2PBrowser Browser Helper - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
O2 - BHO: conntiniUetoosyavee - {ADFFA227-247F-3102-2AD5-0CD4001062CB} - C:\ProgramData\conntiniUetoosyavee\5194fcecad344.dll
O2 - BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.24.6\bh\delta.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O3 - Toolbar: Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.24.6\deltaTlbr.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
O4 - HKLM\..\Run: [kakakrotte] C:\Users\User\Desktop\mugen1110a4\chars\MG-NMadara\Output.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [AskTBar Uninstall] rundll32 C:\PROGRA~2\UNINST~1.DLL,O -2
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [iFunBoxConnector] "C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe"
O4 - HKCU\..\Run: [SDP] C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe /auto 
O4 - HKCU\..\Run: [Chatango] C:\Program Files (x86)\Chatango\Chatango.exe
O4 - HKCU\..\Run: [NhacCuaTui] C:\Program Files (x86)\NhacCuaTui\1.0.6.23\NhacCuaTui.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2082310827-357269536-317030132-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2082310827-357269536-317030132-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: app.vbs
O4 - Startup: v3.vbs
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
O9 - Extra button: &Ba`n phi´m a?o - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} (CDFusionActiveXCtl Object) - http://www.cartoonnetworkasia.com/minisite/generator_rex/ar/plugin/DFusionHomeWebPlugIn.Installer.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\windows\syswow64\nvinit.dll c:\progra~2\kasper~1\kasper~1\mzvkbd3.dll c:\progra~2\kasper~1\kasper~1\sbhook.dll c:\progra~2\contin~1\sprote~1.dll c:\progra~2\websea~1\sprote~1.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Di?ch vu? Kaspersky Anti-Virus (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: DCService.exe - Unknown owner - C:\ProgramData\DatacardService\DCService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Samsung UPD Service - Unknown owner - C:\windows\System32\SUPDSvc.exe (file missing)
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files (x86)\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Intel® Turbo Boost Technology Monitor (TurboBoost) - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: Update Web Layers - Web Layers - C:\Program Files (x86)\Web Layers\updateWebLayers.exe
O23 - Service: Util Web Layers - Web Layers - C:\Program Files (x86)\Web Layers\bin\utilWebLayers.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 14291 bytes
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer:   BrowserJavaVersion: 10.40.2
Run by User at 16:38:22 on 2013-10-13
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.3882.856 [GMT 7:00]
.
AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\ProgramData\DatacardService\DCService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Photodex\ProShowGold\ScsiAccess.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\svchost.exe -k SDRSVC
C:\windows\SysWOW64\schtasks.exe
C:\Program Files (x86)\Web Layers\updateWebLayers.exe
C:\Program Files (x86)\Web Layers\bin\utilWebLayers.exe
C:\windows\system32\nvvsvc.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\srspremiumpanel_64.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\windows\system32\hkcmd.exe
C:\windows\system32\igfxpers.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe
C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
C:\windows\System32\osk.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=D222001BB14FFEA9&affID=124780&tt=240913_91215&tsp=5017
uDefault_Page_URL = hxxp://samsung.msn.com
mStart Page = hxxp://websearch.lookforithere.info/?pid=658&r=2013/05/16&hid=2356672022&lg=EN&cc=VN&unqvl=14
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Web Layers: {976d7863-9e6c-4066-8c67-0993db9de35f} - C:\Program Files (x86)\Web Layers\WebLayersbho.dll
BHO: W2PBrowser Class: {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
BHO: conntiniUetoosyavee: {ADFFA227-247F-3102-2AD5-0CD4001062CB} - C:\ProgramData\conntiniUetoosyavee\5194fcecad344.dll
BHO: delta Helper Object: {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.24.6\bh\delta.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
TB: Delta Toolbar: {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.24.6\deltaTlbr.dll
uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
uRun: [iFunBoxConnector] "C:\Program Files (x86)\i-Funbox DevTeam\ifb_conn.exe"
uRun: [SDP] C:\Program Files (x86)\FilesFrog Update Checker\update_checker.exe /auto 
uRun: [Chatango] C:\Program Files (x86)\Chatango\Chatango.exe
uRun: [NhacCuaTui] C:\Program Files (x86)\NhacCuaTui\1.0.6.23\NhacCuaTui.exe
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
mRun: [kakakrotte] C:\Users\User\Desktop\mugen1110a4\chars\MG-NMadara\Output.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [AskTBar Uninstall] rundll32 C:\PROGRA~2\UNINST~1.DLL,O -2
StartupFolder: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\app.vbs
StartupFolder: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\v3.vbs
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} - hxxp://www.cartoonnetworkasia.com/minisite/generator_rex/ar/plugin/DFusionHomeWebPlugIn.Installer.exe
TCP: NameServer = 10.0.0.2
TCP: Interfaces\{9223D74D-6A90-41A7-A46A-46B7E3106863} : DHCPNameServer = 10.0.0.2
TCP: Interfaces\{9223D74D-6A90-41A7-A46A-46B7E3106863}\0584F4E4740245343424 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{9223D74D-6A90-41A7-A46A-46B7E3106863}\14962707F627470264275656027596D26496 : DHCPNameServer = 192.168.19.1
TCP: Interfaces\{9223D74D-6A90-41A7-A46A-46B7E3106863}\34E44545 : DHCPNameServer = 192.168.2.6
TCP: Interfaces\{9223D74D-6A90-41A7-A46A-46B7E3106863}\35147414E45445 : DHCPNameServer = 62.241.198.245 62.241.198.246
TCP: Interfaces\{9223D74D-6A90-41A7-A46A-46B7E3106863}\D427B496D6 : DHCPNameServer = 10.0.0.2
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= c:\windows\syswow64\nvinit.dll c:\progra~2\kasper~1\kasper~1\mzvkbd3.dll c:\progra~2\kasper~1\kasper~1\sbhook.dll c:\progra~2\contin~1\sprote~1.dll c:\progra~2\websea~1\sprote~1.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
x64-BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\ievkbd.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - 
x64-BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll
x64-IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - 
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: klogon - C:\windows\System32\klogon.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 nvpciflt;nvpciflt;C:\windows\System32\drivers\nvpciflt.sys [2010-9-10 24680]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\windows\System32\drivers\dtsoftbus01.sys [2013-2-23 283200]
R1 kl2;kl2;C:\windows\System32\drivers\kl2.sys [2010-6-10 11864]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\windows\System32\drivers\klim6.sys [2010-4-23 27736]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\windows\System32\drivers\SABI.sys [2010-9-10 13824]
R2 DCService.exe;DCService.exe;C:\ProgramData\DatacardService\DCService.exe [2010-5-29 229376]
R2 TurboB;Turbo Boost UI Monitor driver;C:\windows\System32\drivers\TurboB.sys [2010-4-17 13832]
R2 TurboBoost;Intel® Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-17 134928]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-9-10 2320920]
R2 Update Web Layers;Update Web Layers;C:\Program Files (x86)\Web Layers\updateWebLayers.exe [2013-10-1 65312]
R2 Util Web Layers;Util Web Layers;C:\Program Files (x86)\Web Layers\bin\utilWebLayers.exe [2013-10-2 65312]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2010-9-10 111616]
R3 HECIx64;Intel® Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2010-9-10 56344]
R3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2010-9-10 158976]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-9-10 287232]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\windows\System32\drivers\klmouflt.sys [2009-11-3 22544]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\System32\drivers\yk62x64.sys [2010-8-30 394016]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-8-14 3291008]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-8 160944]
S3 btwampfl;Bluetooth AMP USB Filter;C:\windows\System32\drivers\btwampfl.sys [2011-5-22 344616]
S3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\drivers\btwl2cap.sys [2011-5-22 39464]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\windows\System32\drivers\ew_hwusbdev.sys [2012-6-9 114560]
S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\windows\System32\drivers\ewusbnet.sys [2012-6-9 252928]
S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2010-9-10 61288]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-4-28 704872]
S3 npggsvc;nProtect GameGuard Service;C:\windows\System32\GameMon.des -service --> C:\windows\System32\GameMon.des -service [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2009-6-11 187392]
S3 Samsung UPD Service;Samsung UPD Service;C:\windows\System32\SUPDSvc.exe [2010-9-10 166704]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-4-26 52736]
S3 vwhid;Virtual Wireless HID;C:\windows\System32\drivers\vwhid.sys [2012-11-13 27296]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-5-23 1255736]
.
=============== File Associations ===============
.
FileExt: .exe: 4g - HKCR\*\Shell="C:\Program Files (x86)\K-Lite Codec Pack\Tools\MediaInfo.exe" "%1" [default=MediaInfo - 'Open' doesn't exist]
.
=============== Created Last 30 ================
.
2074-05-07 11:38:48 203576 ------w- C:\Program Files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe
2013-10-12 13:56:21 237568 ----a-w- C:\Program Files (x86)\Uninstall Ask Toolbar.dll
2013-10-01 13:57:51 -------- d-----w- C:\Program Files (x86)\Web Layers
2013-10-01 12:43:19 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{89609650-9562-4FFA-9D3D-7FB8486FDA66}\offreg.dll
2013-10-01 12:39:34 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{89609650-9562-4FFA-9D3D-7FB8486FDA66}\mpengine.dll
2013-09-29 14:43:27 -------- d-----w- C:\Program Files (x86)\The Raven
2013-09-28 13:11:12 -------- d-----w- C:\Users\User\AppData\Local\Raven
2013-09-28 11:55:53 -------- d-----w- C:\Program Files (x86)\Nordic Games
2013-09-26 10:38:27 -------- d-----w- C:\Program Files (x86)\Delta
2013-09-26 10:38:25 -------- d-----w- C:\Users\User\AppData\Roaming\Delta
2013-09-26 10:37:49 -------- d-----w- C:\Users\User\AppData\Local\avgchrome
2013-09-26 10:37:43 -------- d-----w- C:\windows\SysWow64\Extensions
2013-09-26 10:37:42 -------- d-----w- C:\windows\SysWow64\searchplugins
2013-09-26 10:37:32 -------- d-----w- C:\ProgramData\BitGuard
2013-09-26 10:37:07 -------- d-----w- C:\Users\User\AppData\Roaming\BabSolution
2013-09-26 10:37:06 -------- d-----w- C:\ProgramData\DSearchLink
2013-09-26 10:36:02 -------- d-----w- C:\ProgramData\Babylon
2013-09-26 10:36:01 -------- d-----w- C:\Users\User\AppData\Roaming\Babylon
2013-09-26 10:35:52 -------- d-----w- C:\Users\User\AppData\Roaming\NhacCuaTui
2013-09-26 10:34:30 -------- d-----w- C:\Program Files (x86)\eMu3Ds
2013-09-25 14:58:39 -------- d-----w- C:\New folder (2)
2013-09-24 11:04:18 -------- d-----w- C:\Users\User\AppData\Local\SKIDROW
2013-09-22 04:17:08 -------- d-----w- C:\ProgramData\Steam
2013-09-21 14:58:53 -------- d-----w- C:\New folder
2013-09-15 07:51:36 -------- d-----w- C:\ProgramData\Oracle
2013-09-15 07:50:56 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
.
==================== Find3M  ====================
.
2013-10-09 21:57:23 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-09 21:57:23 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-09-15 07:50:47 868264 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
2013-09-15 07:50:47 790440 ----a-w- C:\windows\SysWow64\deployJava1.dll
2013-08-08 21:23:54 100352 --sh--w- C:\Users\User\AppData\Roaming\dll.exe
2013-08-06 21:22:02 278800 ------w- C:\windows\System32\MpSigStub.exe
.
============= FINISH: 16:39:36.21 ===============
 

Edited by giratinavn, 13 October 2013 - 04:41 AM.


BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:21 PM

Posted 12 October 2013 - 09:27 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.

 

 

Scan with DDS

Download DDS and save it to your desktop from here or here or
here.

Disable any script blocker, and then double click dds.scr to run the tool.

When done, DDS will open two (2) logs

DDS.txt: save to your desktop then post its contents in your topic
Attach.txt: save to your desktop then attach it to your next reply

 

 

 

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 giratinavn

giratinavn
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:21 AM

Posted 13 October 2013 - 04:41 AM

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 5/22/2011 2:09:04 AM
System Uptime: 10/3/2013 4:48:38 PM (240 hours ago)
.
Motherboard: SAMSUNG ELECTRONICS CO., LTD. |  | QX310/QX410/QX510/SF310/SF410/SF510
Processor: Intel® Core™ i5 CPU       M 460  @ 2.53GHz | CPU 1 | 1190/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 180 GiB total, 21.265 GiB free.
D: is FIXED (NTFS) - 269 GiB total, 254.817 GiB free.
E: is CDROM ()
F: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Description: Broadcom BCM2070 Bluetooth 3.0 + HS USB Device
Device ID: USB\VID_0A5C&PID_219C\001BB162CDF7
Manufacturer: Broadcom
Name: Broadcom BCM2070 Bluetooth 3.0 + HS USB Device
PNP Device ID: USB\VID_0A5C&PID_219C\001BB162CDF7
Service: BTHUSB
.
==== System Restore Points ===================
.
RP91: 10/1/2013 7:38:38 PM - Windows Update
.
==== Installed Programs ======================
.
µTorrent
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop 7.0
Adobe Reader 9.1
Advanced System Protector
Agatha Christie - Death on the Nile
Age of Empires III
AIR iPad
Apple Application Support
Apple Mobile Device Support
Apple Software Update
BatteryLifeExtender
Bejeweled 2 Deluxe
Bonjour
Boom 1.87
Broadcom 802.11 Network Adapter
Build-a-lot
Bundled software uninstaller
CCleaner
ChargeableUSB
Chatango Message Catcher
Chuzzle Deluxe
ContinueToSave
CSM Play v2.0.17
CyberLink DVD Suite
CyberLink LabelPrint
CyberLink Power2Go
CyberLink PowerDirector
CyberLink PowerDVD 8
CyberLink PowerProducer
CyberLink YouCam
D-com 3G
DAEMON Tools Pro
Delta Chrome Toolbar
Delta toolbar  
Diner Dash 2 Restaurant Rescue
Dll-Files Fixer
Easy Content Share
Easy Display Manager
Easy Network Manager
Easy SpeedUp Manager
EasyBatteryManager
EasyFileShare
EndNote X4
ETDWare PS/2-X64 8.0.7.0_WHQL
Farm Frenzy
Fast Start
FilesFrog Update Checker
GoforFiles
Gold Miner SE
Gold Miner Vegas
Google Chrome
Google Update Helper
Grand Theft Auto Vice City
Hex Workshop v6.7
iFunbox (v2.1.2228.731), iFunbox DevTeam
Insaniquarium Deluxe
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
Intel® Rapid Storage Technology
Intel® Turbo Boost Technology Monitor
iTunes
Java 7 Update 40
Java Auto Updater
John Deere Drive Green
Junk Mail filter update
K-Lite Codec Pack 7.0.0 (Full)
Kaspersky Internet Security 2011
Marvell Miniport Driver
MG-NMadara MG-NMadara
MG-NMadara.rar MG-NMadara.rar
Microsoft .NET Framework 4.5
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office Excel MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft WSE 3.0 Runtime
Movie Color Enhancer
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MultimediaPOP
Naruto Ultimate Ninja 3
Nero 7 Ultra Edition
NhacCuaTui
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA Updatus
Peggle
Penguins!
Photodex Presenter
Plants vs. Zombies
Pokémon Trading Card Game Online
Polar Golfer
Pro Evolution Soccer 2013
Pro Evolution Soccer 2014
ProShow Gold
Realtek High Definition Audio Driver
ResearchSoft Direct Export Helper
Samsung AnyWeb Print
Samsung Recovery Solution 5
Samsung Support Center
Samsung Universal Print Driver
Samsung Universal Scan Driver
Samsung Update Plus
Search Assistant WebSearch 1.74
Skype Click to Call
Skype™ 5.10
SRS Premium Sound Control Panel
Th? Gi?i Bá Vuong
The Raven - Legacy of a Master Thief Chapter III A Murder of Ravens
The Sims™ 3
Total Immersion D'Fusion @Home Web Plug-In
UniKey 4.0 NT
Uninstall LAC VIET mtd2002-EVA
Unity Web Player (All users)
User Guide
Web Layers 1.0.0
WIDCOMM Bluetooth Software
WildTangent Games
WildTangent ORB Game Console
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
WinPcap 4.1.2
WinRAR archiver
WinSCP 4.3.3
Yahoo! Messenger
YourFileDownloader
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
10/8/2013 8:39:08 PM, Error: Service Control Manager [7034]  - The Google Update Service (gupdate) service terminated unexpectedly.  It has done this 1 time(s).
10/7/2013 12:29:42 AM, Error: Microsoft-Windows-Time-Service [34]  - The time service has detected that the system time needs to be  changed by -2332750 seconds. The time service will not change the system time by more than 54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->64.4.10.33:123) is working properly.
.
==== End Of File ===========================


#4 giratinavn

giratinavn
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:21 AM

Posted 13 October 2013 - 04:54 AM

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-10-13 16:52:56
Windows 6.1.7600  x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB4O 465.76GB
Running: 1l0rryo2.exe; Driver: C:\Users\User\AppData\Local\Temp\kwldapob.sys
 
 
---- Threads - GMER 2.1 ----
 
Thread  C:\windows\system32\svchost.exe [940:6620]                                                       000007fef6562154
Thread  C:\windows\System32\svchost.exe [352:3776]                                                       000007fef25f3e98
Thread  C:\windows\System32\svchost.exe [352:8392]                                                       000007fef2638a4c
Thread  C:\windows\system32\svchost.exe [548:1456]                                                       000007fefa8167dc
Thread  C:\windows\system32\svchost.exe [548:1496]                                                       000007fefa411a50
Thread  C:\windows\system32\svchost.exe [548:2156]                                                       000007fefccf1a70
Thread  C:\windows\system32\svchost.exe [548:1600]                                                       000007fefccf1a70
Thread  C:\windows\system32\svchost.exe [548:2660]                                                       000007fef923506c
Thread  C:\windows\system32\svchost.exe [548:2716]                                                       000007fef65f1c20
Thread  C:\windows\system32\svchost.exe [548:4432]                                                       000007fef65f1c20
Thread  C:\windows\system32\svchost.exe [548:6884]                                                       000007fefb1e5124
Thread  C:\windows\system32\svchost.exe [548:8388]                                                       000007fefbdc4164
Thread  C:\windows\system32\svchost.exe [548:5420]                                                       000007fefa9e1ab0
Thread  C:\windows\system32\svchost.exe [1120:5784]                                                      000007fef91c6ed4
Thread  C:\windows\system32\svchost.exe [1120:3124]                                                      000007fef91c6b8c
Thread  C:\windows\system32\svchost.exe [1220:7000]                                                      000007fef586fd00
Thread  C:\windows\system32\svchost.exe [1332:2204]                                                      000007fef83f3060
Thread  C:\windows\system32\svchost.exe [1332:3332]                                                      000007fef83f5570
Thread  C:\windows\system32\svchost.exe [1332:3772]                                                      000007fef4ff2888
Thread  C:\windows\system32\svchost.exe [1332:3400]                                                      000007fef4fc2940
Thread  C:\windows\system32\WLANExt.exe [1392:1488]                                                      000007fefa642f9c
Thread  C:\windows\System32\spoolsv.exe [1516:1848]                                                      000007fef9c310c8
Thread  C:\windows\System32\spoolsv.exe [1516:1852]                                                      000007fef9bf6144
Thread  C:\windows\System32\spoolsv.exe [1516:1856]                                                      000007fef99e5fd0
Thread  C:\windows\System32\spoolsv.exe [1516:1860]                                                      000007fef99d3438
Thread  C:\windows\System32\spoolsv.exe [1516:1864]                                                      000007fef99e63ec
Thread  C:\windows\System32\spoolsv.exe [1516:1872]                                                      000007fef9cc5e5c
Thread  C:\windows\System32\spoolsv.exe [1516:1884]                                                      000007fef9cf4828
Thread  C:\windows\system32\svchost.exe [3548:4416]                                                      000007fef2fe5f00
Thread  C:\windows\system32\svchost.exe [3548:4796]                                                      000007feef62f130
Thread  C:\windows\system32\svchost.exe [3548:848]                                                       000007fefb1e5124
Thread  C:\windows\system32\svchost.exe [3548:5208]                                                      000007fef99e5fd0
Thread  C:\windows\system32\svchost.exe [3548:5396]                                                      000007fef99e63ec
Thread  C:\windows\system32\svchost.exe [3548:7036]                                                      000007feef624734
Thread  C:\windows\system32\svchost.exe [3548:3244]                                                      000007feef624734
Thread  C:\windows\System32\svchost.exe [4140:3884]                                                      000007fef1159688
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [3496:760]                                    000007fefae32a74
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [3496:3972]                                   000007feefafc0b0
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [3496:4776]                                   000007feefa69e68
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [3496:4808]                                   000007feefafc0b0
Thread  C:\windows\system32\DllHost.exe [1740:4512]                                                      000000007207e320
Thread  C:\windows\SysWOW64\schtasks.exe [9040:4108]                                                     00000000775341fa
Thread  C:\windows\system32\Dwm.exe [8084:5508]                                                          000007fef7a7b0e4
Thread  C:\windows\system32\Dwm.exe [8084:5732]                                                          000007fef9ebabf0
 
---- Registry - GMER 2.1 ----
 
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001bb162cdf7                      
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001bb162cdf7 (not active ControlSet)  
 
---- Disk sectors - GMER 2.1 ----
 
Disk    \Device\Harddisk0\DR0                                                                            unknown MBR code
 
---- EOF - GMER 2.1 ----


#5 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:21 PM

Posted 14 October 2013 - 05:34 AM

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:21 PM

Posted 17 October 2013 - 02:54 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,260 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:02:21 PM

Posted 15 November 2013 - 12:37 PM

This topic has been re-opened at the request of the person who originally posted.

#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:21 PM

Posted 18 November 2013 - 03:18 AM

Please run Combofix as explained and post the log.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:21 PM

Posted 21 November 2013 - 09:46 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users