Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I need help with a Rootkit (Combofix?)


  • This topic is locked This topic is locked
6 replies to this topic

#1 sweidre

sweidre

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Idre, Dalarna, Sweden
  • Local time:04:34 PM

Posted 13 October 2013 - 09:52 PM

Hello,
I am quite sure, that I have received a rookit! Now and then, my defragmenter Perfect Disk shows an enormous boot sector increase (purple blocks). As I have Norton Ghost, I can load the systemdrive (C:\)with a fresh image of C:\ from yesterday or from the day before yeterday, so I can have the boot sector size normal for some hours! (I must let the computer be active, in order to avoid boot sector increase!) If I let the computer be idle for a while, the boot sector increases!! The boot sector increase is now appearing more frequently! I have tried many anti-rootkit softwares, but nothing found! (Not even Malwarebytes Anti-Rootkit found anything!) I have just downloaded Combofix to my computer and printed out your excellent manual (9 pages)in my language "Swedish": "How Combofix shall be used".

1.My computer OS: Windows 7 SP1 64-bit with 6 GB RAM (Swedish version)
2. In system tray
2.1. Start with Windows
2.101. ESET Smart Security 6.0.316.2 (Firewall, Antivirus & AntiSpam)
2.102. TuneUp Utilities 2012 12.0.3010.5
2.103. IObit Malware Fighter 2.1
2.104. SuperAntispyware Pro 5.6.1040
2.105. Malwarebytes Anti-Malware 1.75.0.1300
2.106. OpenDNS Updater 2.2.1
2.107. Clean Mem Mini Monitor Pro 2.4.3.
2.108. MS Network Center: Official network + VPN (Anonine = Portlane)
2.109. HostMan 3.2.73.
2.110. HostServer 1.2.50.
2.111. WinPatrol Plus 28.9.2013.

2.2. Delayed Start
2.211. Emsisoft Anti-Malware 8.1.0.19.
2.212. MalwareBytes Anti-Exploit 0.9.2 Beta
2.213. Exploit Shield 0.9.1 Beta
2.214. Kingsoft PC Doctor 3.3.1.9.

All softwares in the systemtray can be switched off until next computer start, except TuneUp Utilities, that can even not be uninstalled! So, TuneUp Utilities will perhaps be a problem when running Combofix!?

Then I have, of ourse, some security softwares on demand (not online)!

3. Running Combofix
Then I hope, that Combofix will sort out my computer problems! Please, give me further instructions prior to running Combofix and producing my 1st report!
==============================
With Best Regards,

sweidre
=============================

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:34 AM

Posted 13 October 2013 - 10:43 PM

Hello,

Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.

If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 sweidre

sweidre
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Idre, Dalarna, Sweden
  • Local time:04:34 PM

Posted 15 October 2013 - 12:09 AM

DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16720 BrowserJavaVersion: 10.40.2 Run by Goran at 6:37:15 on 2013-10-15 Microsoft Windows 7 Professional 6.1.7601.1.1252.46.1053.18.6139.4170 [GMT 2:00] . AV: ESET Smart Security 6.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} AV: Emsisoft Anti-Malware *Enabled/Updated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA} SP: ESET Smart Security 6.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Emsisoft Anti-Malware *Enabled/Updated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367} SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D} FW: ESET Personlig brandvägg *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\Windows\system32\svchost.exe -k apphost C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe C:\Windows\SysWOW64\XSrvSetup.exe C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe C:\Program Files (x86)\Mil Incorporated\Mil Shield\ShieldService.exe C:\Program Files\Raxco\PerfectDisk\PDAgent.exe C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe C:\Program Files\Process Blocker\Process Blocker.exe C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\taskhost.exe C:\Windows\Explorer.EXE C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe C:\Program Files (x86)\FireTrust\MailWasher Pro\MailWasher.exe C:\Program Files (x86)\Glary Utilities 3\x64\Win64ShellLink.exe C:\PROGRAM FILES\RAXCO\PERFECTDISK\PERFECTDISK.EXE C:\PROGRAM FILES (X86)\COMMON FILES\JAVA\JAVA UPDATE\JUSCHED.EXE C:\Program Files (x86)\SlimBrowser6\SlimBrowser\sbframe.exe C:\Program Files (x86)\SlimBrowser6\SlimBrowser\SBRender.exe C:\Program Files (x86)\Windows Live\Mail\wlmail.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Windows\splwow64.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.se/ uWindow Title = Microsoft Internet Explorer mWindow Title = hxxp://www.google.se/ mURLSearchHooks: {41249020-38ff-4a6b-97b1-1292a1f154b7} - dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - dURLSearchHooks: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe uRun: [ccleaner] "C:\Program Files (x86)\CCleaner\CCleaner64.exe" /AUTO uRun: [OpenDNS Updater] "C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe" /autostart uRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot mRun: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart StartupFolder: C:\Users\Goran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\anonine.bat StartupFolder: C:\Users\Goran\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAILWA~1.LNK - C:\Program Files (x86)\FireTrust\MailWasher Pro\MailWasher.exe StartupFolder: C:\Users\Goran\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MOO0DI~1.LNK - C:\Program Files (x86)\Moo0\DiskCleaner\DiskCleaner.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:157 uPolicies-Explorer: TaskbarNoNotification = dword:0 uPolicies-Explorer: MaxRecentDocs = dword:5 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoStrCmpLogical = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 mPolicies-System: FilterAdministratorToken = dword:1 IE: &Ladda ner med FlashGet - C:\Program Files (x86)\FlashGet\jc_link.htm IE: Google Sidewiki... - IE: Search with &Google - IE: Send URL to Virustotal - C:\Program Files (x86)\VTExplorer\VTExplorer.htm IE: Translate this page with Google - IE: Translate with &dict.leo.org - IE: View old version at &archives.org - IE: Zoom &in  - IE: Zoom &out  - . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . . INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab TCP: NameServer = 195.67.199.6 195.67.199.7 TCP: Interfaces\{2489A1E6-03F4-45F2-94B2-0E094B7BA2A0} : NameServer = 208.67.222.222,208.67.220.220 TCP: Interfaces\{2489A1E6-03F4-45F2-94B2-0E094B7BA2A0} : DHCPNameServer = 195.67.199.6 195.67.199.7 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll Handler: wot - SSODL: WebCheck - SEH: {1869181A-9F50-4FCF-8BFF-1B8588ECB85C} - mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll . INFO: x64-HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - x64-Handler: wot - x64-SSODL: WebCheck - Hosts: 127.0.0.1 ads.bleepingcomputer.com Hosts: 127.0.0.1 ads.mcafee.com Hosts: 127.0.0.1 analytics.microsoft.com Hosts: 127.0.0.1 directads.mcafee.com Hosts: 127.0.0.1 metrics.bitdefender.com . Note: multiple HOSTS entries found. Please refer to Attach.txt . ============= SERVICES / DRIVERS =============== . R0 BTOWSVF;BTOWSVF;C:\Windows\System32\drivers\BTOWSVF.sys [2011-12-31 50456] R0 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2013-2-14 58416] R0 KSafeDISK;KSafeDISK;C:\Windows\System32\drivers\KSafeDISK.sys [2011-12-31 52504] R0 RVSystem;RVSystem;C:\Windows\System32\drivers\rvsystem.sys [2010-10-9 61072] R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2013-8-26 17720] R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2011-10-8 26176] R1 a2injectiondriver;a2injectiondriver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [2011-10-8 45208] R1 a2util;a-squared Malware-IDS utility driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [2011-10-8 17384] R1 AmgHips;AmgHips;C:\Windows\System32\drivers\AmgHips.sys [2011-10-28 31008] R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2010-11-12 382032] R1 BTOWSFF;BTOWSFF;C:\Windows\System32\drivers\BTOWSFF.sys [2011-12-31 33048] R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2013-2-14 213416] R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\System32\drivers\EpfwLWF.sys [2013-1-10 59440] R1 kmodurl;kmodurl;C:\Program Files (x86)\Kingsoft\PCDoctor\kmodurl64.sys [2011-12-20 133096] R1 networx;networx;C:\Windows\System32\drivers\networx.sys [2011-2-11 56968] R1 ProtectorDriver;ZeroVulnerabilityLabs ExploitShield;C:\Program Files\ZeroVulnerabilityLabs\ExploitShield\ExploitShield64.sys [2012-9-29 63704] R1 rvsmon;rvsmon;C:\Windows\System32\drivers\rvsmon.sys [2010-10-9 164640] R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368] R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-7-19 140672] R2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2011-10-8 4153784] R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2012-11-21 574272] R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2013-3-21 1341664] R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2013-5-24 335168] R2 JMB36X;JMB36X;C:\Windows\SysWOW64\XSrvSetup.exe [2010-9-8 72304] R2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2013-9-5 2146624] R2 MSF64;MSF64;C:\Program Files\MySecretFolder\MSF64.SYS [2010-10-9 54864] R2 PDFSFilter;PDFSFilter;C:\Windows\System32\drivers\PDFsFilter.sys [2012-2-28 81424] R2 Process Blocker;Process Blocker;C:\Program Files\Process Blocker\Process Blocker.exe [2012-3-28 86888] R2 rvsmonf;rvsmonf;C:\Windows\System32\drivers\rvsmonf.sys [2010-10-9 1555592] R2 rvsmonn;rvsmonn;C:\Windows\System32\drivers\rvsmonn2.sys [2010-10-9 21920] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-2-9 2143552] R3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2011-10-8 70960] R3 cleanhlp;cleanhlp;C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [2013-7-4 57024] R3 GenericMount;Generic Mount Driver;C:\Windows\System32\drivers\GenericMount.sys [2010-2-12 66608] R3 ksfmonsys;ksfmonsys;C:\Program Files (x86)\Kingsoft\PCDoctor\ksfmonsys64.sys [2012-4-11 21320] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2000-1-1 80384] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2000-1-1 181248] R3 RAMDiskVE;RAMDiskVE;C:\Windows\System32\drivers\RAMDiskVE.sys [2010-11-21 63696] R3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2013-8-18 34336] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-10-22 535656] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2012-2-9 11856] S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2010-12-8 308304] S1 ESProtectionDriver;Malwarebytes Anti-Exploit;C:\Program Files\Malwarebytes Anti-Exploit\mbae64.sys [2013-6-20 62168] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 KSafeSvc;KSafe service;C:\Program Files (x86)\Kingsoft\PCDoctor\KSafeSvc.exe [2012-4-11 452512] S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-14 418376] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-14 701512] S2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;C:\Windows\System32\dllhost.exe [2009-7-14 9728] S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-3-10 29720] S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2010-10-9 25928] S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-21 19456] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-21 57856] S3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2013-8-18 23016] S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-10-9 1255736] S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2013-9-14 14544] S4 AdvancedSystemCareService7;Advanced SystemCare Service 7;C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [2013-9-5 962368] S4 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2013-8-18 23048] S4 GenericMount Helper Service;GenericMount Helper Service;C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe [2010-2-12 2227216] S4 IObitUnlocker;IObitUnlocker;C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [2011-4-12 35256] S4 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-10-9 1153368] S4 sprtsvc_teliada;SupportSoft Sprocket Service (teliada);C:\Program Files (x86)\Telia\Supportassistenten\bin\sprtsvc.exe [2010-10-9 206120] S4 SymSnapService;SymSnapService;C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [2010-2-11 2963960] S4 tgsrvc_teliada;SupportSoft Repair Service (teliada);C:\Program Files (x86)\Telia\Supportassistenten\bin\tgsrvc.exe [2010-10-9 185640] S4 WiseBootAssistant;Wise Boot Assistant;C:\Program Files (x86)\Wise Care 365\BootTime.exe [2012-6-28 580648] . =============== File Associations =============== . FileExt: .txt: Notepad++_file="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" FileExt: .ini: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [UserChoice] FileExt: .js: Notepad++_file="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" . =============== Created Last 30 ================ . 2013-10-15 03:42:26 -------- d-----w- C:\Users\Goran\AppData\Local\{7A8264C9-9D51-4C63-85F7-EDBE31C64ACF} 2013-10-15 03:42:13 -------- d-----w- C:\Users\Goran\AppData\Local\{5B47169A-B918-496D-8313-869DC9DC429B} 2013-10-15 03:22:24 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B43C73C2-74AC-42D9-9C11-4926DEC9FACF}\mpengine.dll 2013-10-08 18:20:34 878080 ----a-w- C:\Windows\System32\advapi32.dll 2013-10-08 18:18:03 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys 2013-10-08 18:18:03 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys 2013-10-08 18:18:03 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys 2013-10-08 18:18:03 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys 2013-10-08 18:18:03 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys 2013-10-08 18:18:03 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys 2013-10-08 18:18:03 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys 2013-10-07 21:44:20 -------- d-----w- C:\Program Files (x86)\PrivaZer 2013-10-07 21:07:03 -------- d-----w- C:\Users\Goran\AppData\Local\{C53E8192-E13D-410C-9A24-0E987D919A3C} 2013-10-07 21:06:41 -------- d-----w- C:\Users\Goran\AppData\Local\{DB6F032D-45CC-4928-AA09-7978F11E4C08} 2013-09-28 14:59:26 -------- d-----w- C:\Users\Goran\AppData\Local\{CDDA9356-FEC2-4338-9476-280270188E49} 2013-09-28 14:02:01 -------- d-----w- C:\Program Files\Pale Moon 2013-09-28 01:04:34 -------- d-----w- C:\Users\Goran\AppData\Local\{A43279FC-EA99-48B9-8820-AEF1183C104A} 2013-09-28 01:04:22 -------- d-----w- C:\Users\Goran\AppData\Local\{F93D8D72-C110-4CFB-A25F-79C6B648F1BA} 2013-09-28 01:03:20 -------- d-----w- C:\Users\Goran\AppData\Local\{2018225B-99A7-4187-B15E-D510EB50C588} 2013-09-26 17:53:25 -------- d-----w- C:\Users\Goran\AppData\Local\Paint.NET 2013-09-26 17:53:25 -------- d-----w- C:\Program Files\Paint.NET 2013-09-26 17:51:46 -------- d-----w- C:\Program Files (x86)\Paint.NET 2013-09-23 12:05:51 -------- d-----w- C:\Users\Goran\AppData\Local\{3DFBE8A4-8EE4-45A8-8B4E-6532947C53B6} 2013-09-23 12:05:39 -------- d-----w- C:\Users\Goran\AppData\Local\{2976458A-9961-44D7-AF2A-AD6A11821738} 2013-09-20 15:15:21 -------- d-----w- C:\Users\Goran\AppData\Local\{6D179F38-D8B2-493D-A9BA-36B677D01CBF} 2013-09-20 15:14:56 -------- d-----w- C:\Users\Goran\AppData\Local\{F71E7241-988C-4317-A341-F5FE9ABB04BC} 2013-09-20 01:33:33 -------- d-----w- C:\Users\Goran\AppData\Local\{24FA9EE0-1447-4A05-A4C8-8EF5EC1409C9} 2013-09-20 01:33:15 -------- d-----w- C:\Users\Goran\AppData\Local\{D31324DB-B2EB-4F6C-BB34-A005F6D2F0F1} 2013-09-17 23:50:21 -------- d-----w- C:\Users\Goran\AppData\Local\{E82A6155-EBA7-4840-AE0F-F94762C7577F} 2013-09-16 12:35:37 -------- d-----w- C:\Program Files (x86)\Licence Crawler 2013-09-16 08:52:35 -------- d-----w- C:\Users\Goran\AppData\Local\{773888D4-D9C8-4D06-ADBE-0262C98DAA6B} 2013-09-16 08:52:23 -------- d-----w- C:\Users\Goran\AppData\Local\{78C59456-2D02-4812-A4B8-5B6B6AB8C3AC} . ==================== Find3M ==================== . 2013-10-09 18:51:41 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-10-09 18:51:41 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-09-22 23:28:06 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-09-22 23:27:49 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-09-22 23:27:48 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-09-22 23:27:48 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-09-22 22:55:10 2241024 ----a-w- C:\Windows\System32\wininet.dll 2013-09-22 22:54:51 3959296 ----a-w- C:\Windows\System32\jscript9.dll 2013-09-22 22:54:50 67072 ----a-w- C:\Windows\System32\iesetup.dll 2013-09-22 22:54:50 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2013-09-21 03:38:39 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-09-21 03:30:24 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-09-21 02:48:36 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-09-21 02:39:47 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe 2013-09-14 01:10:19 497152 ----a-w- C:\Windows\System32\drivers\afd.sys 2013-09-13 08:32:10 117024 ----a-w- C:\Windows\System32\BootDefrag.exe 2013-09-12 02:50:54 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-09-12 02:50:48 868264 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2013-09-12 02:50:48 790440 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-09-12 02:48:30 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll 2013-09-12 02:48:25 973736 ----a-w- C:\Windows\System32\deployJava1.dll 2013-09-12 02:48:25 1095080 ----a-w- C:\Windows\System32\npdeployJava1.dll 2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll 2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll 2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll 2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll 2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll 2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll 2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll 2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll 2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe 2013-08-28 01:21:06 3155968 ----a-w- C:\Windows\System32\win32k.sys 2013-08-28 01:12:33 461312 ----a-w- C:\Windows\System32\scavengeui.dll 2013-08-15 15:31:14 268968 ----a-w- C:\Windows\SysWow64\sqlite3.dll 2013-08-07 02:22:02 278800 ------w- C:\Windows\System32\MpSigStub.exe 2013-08-05 02:25:45 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys 2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll 2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll 2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe 2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe 2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2013-08-01 12:09:36 983488 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL 2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL 2013-07-20 10:33:12 102608 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll 2013-07-20 10:33:08 124112 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll 2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll 2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2009-12-11 18:06:26 242143 ----a-w- C:\Program Files (x86)\Handy Shortcuts.exe . ============= FINISH: 6:37:40:14 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1 Install Date: 2010-09-08 16:07:31 System Uptime: 2013-10-15 05:08:18 (1 hours ago) . Motherboard: Gigabyte Technology Co., Ltd. | | P55-USB3 Processor: Intel® Core™ i3 CPU 530 @ 2.93GHz | Socket 1156 | 2633/133mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 293 GiB total, 255:029 GiB free. D: is FIXED (NTFS) - 98 GiB total, 76:251 GiB free. E: is FIXED (NTFS) - 49 GiB total, 40:571 GiB free. F: is FIXED (NTFS) - 98 GiB total, 93:882 GiB free. G: is FIXED (NTFS) - 238 GiB total, 96:379 GiB free. H: is FIXED (NTFS) - 108 GiB total, 101:456 GiB free. I: is FIXED (NTFS) - 341 GiB total, 289:697 GiB free. J: is FIXED (FAT32) - 0 GiB total, 0:476 GiB free. K: is FIXED (NTFS) - 95 GiB total, 79:941 GiB free. L: is CDROM () M: is FIXED (NTFS) - 42 GiB total, 39:57 GiB free. N: is FIXED (NTFS) - 95 GiB total, 91:56 GiB free. O: is FIXED (NTFS) - 232 GiB total, 90:405 GiB free. P: is FIXED (NTFS) - 105 GiB total, 98:765 GiB free. Q: is FIXED (NTFS) - 5 GiB total, 4:815 GiB free. R: is FIXED (NTFS) - 361 GiB total, 310:098 GiB free. V: is FIXED (NTFS) - 932 GiB total, 431:947 GiB free. W: is FIXED (NTFS) - 455 GiB total, 40:908 GiB free. X: is FIXED (NTFS) - 5 GiB total, 4:509 GiB free. Y: is CDROM (UDF) Z: is FIXED (NTFS) - 5 GiB total, 4:572 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: Description: WD SES Device USB Device Device ID: USBSTOR\OTHER&VEN_WD&PROD_SES_DEVICE&REV_1032\574341563932303039353434&2 Manufacturer: Name: WD SES Device USB Device PNP Device ID: USBSTOR\OTHER&VEN_WD&PROD_SES_DEVICE&REV_1032\574341563932303039353434&2 Service: . ==== System Restore Points =================== . No restore point in system. . ==== Hosts File Hijack ====================== . Hosts: 127.0.0.1 ads.bleepingcomputer.com Hosts: 127.0.0.1 ads.mcafee.com Hosts: 127.0.0.1 analytics.microsoft.com Hosts: 127.0.0.1 directads.mcafee.com Hosts: 127.0.0.1 metrics.bitdefender.com Hosts: 127.0.0.1 metrics.mcafee.com Hosts: 127.0.0.1 om.symantec.com Hosts: 127.0.0.1 ox-d.majorgeeks.com Hosts: 127.0.0.1 sdc.mcafee.com Hosts: 127.0.0.1 wdcs.trendmicro.com Hosts: 127.0.0.1 www.spywareinfo.com . ==== Installed Programs ====================== . 360Amigo System Speedup PRO 7-Zip 9.22 (x64 edition) Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.8) - Svenska Adobe Shockwave Player 12.0 Advanced SystemCare 6 Advanced SystemCare 7 Aspell English Dictionary-0.50-2 Auslogics Disk Defrag BankID Security Application Belarc Advisor 8.3 Brother MFL-Pro Suite MFC-8460N CCleaner CleanMem CleanMyPC - Registry Cleaner CleanUp! CPUID CPU-Z 1.66.1 D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition Driver Booster Dropbox Emsisoft Anti-Malware Everything 1.2.1.371 ExamDiff 1.9 (Build 1.9.0.2) FastStone Image Viewer 4.8 Feedback Tool FileHippo.com Update Checker FlashGet 1.9.6.1073 FlashPeak SlimBoat FlashPeak SlimBrowser Folder Size 1.9.5.0 FreeCommander 2009.02b Gadwin PrintScreen Game Booster 3 Gigabyte Raid Configurer Glary Utilities 2.56.0.1822 Glary Utilities PRO 3.9.3 GNU Aspell 0.50-3 GoodSync Google Chrome Google Earth Google Update Helper HiJackThis HitmanPro 3.7 HostsMan 3.2.73 IObit Apps Toolbar v7.2 IObit Malware Fighter IObit Surfing Protection IObit Uninstaller IObit Unlocker IrfanView (remove only) IZArc 4.1.7 Java 7 Update 40 Java 7 Update 40 (64-bit) Junk Mail filter update Kingsoft PC Doctor 3.3.0.67 MailWasher Pro Malwarebytes Anti-Exploit version 0.9.2 beta Malwarebytes Anti-Malware version 1.75.0.1300 Maxthon Cloud Browser Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile SVE Language Pack Microsoft Mouse and Keyboard Center Microsoft Office Access MUI (Swedish) 2010 Microsoft Office Excel MUI (Swedish) 2010 Microsoft Office Hem och Småföretag 2010 Microsoft Office Office 32-bit Components 2010 Microsoft Office OneNote MUI (Swedish) 2010 Microsoft Office Outlook MUI (Swedish) 2010 Microsoft Office PowerPoint MUI (Swedish) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (Finnish) 2010 Microsoft Office Proof (German) 2010 Microsoft Office Proof (Swedish) 2010 Microsoft Office Proofing (Swedish) 2010 Microsoft Office Publisher MUI (Swedish) 2010 Microsoft Office Shared 32-bit MUI (Swedish) 2010 Microsoft Office Shared MUI (Swedish) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (Swedish) 2010 Microsoft Outlook Hotmail Connector 64 bitar Microsoft Outlook Social Connector Provider for Windows Live Messenger 64-bit Microsoft Primary Interoperability Assemblies 2005 Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Mil Shield Moo0 ConnectionWatcher 1.53 Moo0 DiskRensare 1.22 Moo0 FileMonitor 1.08 Moo0 Font Viewer 1.081 Moo0 HögerKlickare Pro 1.52 Moo0 HashCode 1.131 Moo0 Ljud Effekter 1.261 Moo0 Multi-Desktop 1.142 Moo0 ScreenShot 1.11 Moo0 System Monitor 1.672 Moo0 Window Menu Plus 1.161 MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MySecretFolder NetWorx 5.1.7 Norton Ghost Notepad++ Notepad2 (Notepad Replacement) NVIDIA-uppdatering 1.11.3 NVIDIA Grafikdrivrutin 311.06 NVIDIA HD audiodrivrutin 1.3.18.0 NVIDIA PhysX NVIDIA PhysX systemprogramvara 9.12.0604 OpenDNS Updater 2.2.1 Paint.NET v3.5.11 Pale Moon 19.0.1-x64 (x64 en-US) ParetoLogic FileCure ParetoLogic Privacy Controls PeaZip 5.1.1 PeaZip configuration PerfectDisk 12.5 Home Premium PerfectDisk Free Defrag Poedit PrivaZer Process Blocker Protected Folder Qlock Pro R-Wipe&Clean 9.1 RAMDisk Realtek Ethernet Controller Driver Realtek High Definition Audio Driver Renesas Electronics USB 3.0 Host Controller Driver Revo Uninstaller 1.95 runtime64 Security Process Explorer 1.6 Security Update for Microsoft Excel 2010 (KB2826033) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2687423) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2826023) 64-Bit Edition Security Update for Microsoft Office 2010 (KB2826035) 64-Bit Edition Security Update for Microsoft Outlook 2010 (KB2794707) 64-Bit Edition Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition Smart Defrag 2 Speccy Spybot - Search & Destroy SpywareBlaster 5.0 Sublime Text Build 3047 SumatraPDF SUPERAntiSpyware Supportassistenten swMSM Task Catcher The KMPlayer (remove only) Toolwiz Care Toolwiz TimeFreeze TuneUp Utilities 2012 Unlocker 1.9.2 Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition Update for Microsoft Filter Pack 2.0 (KB2810071) 64-Bit Edition Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition Update for Microsoft Office 2010 (KB2826026) 64-Bit Edition Update for Microsoft OneNote 2010 (KB2810072) 64-Bit Edition Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition Update for Microsoft Word 2010 (KB2827323) 64-Bit Edition Vallen JPegger VirusTotal Uploader 2.0 VS10Runtime64 Windows Doctor 2.7.3 Windows Doctor 2.7.4 Windows Doctor 2.7.5 Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live MIME IFilter Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinMetro WinPatrol WinUtilities 10.4 Free Edition Wise Auto Shutdown 1.03 beta Wise Care 365 version 2.01 Wise Data Recovery 3.17 Wise Disk Cleaner 7.94 Wise Folder Hider 1.25 Wise JetSearch 1.22 Wise PC 1stAid 1.12 Wise PC Engineer 6.4.2 Wise Registry Cleaner 7.86 WOT for Internet Explorer Your Uninstaller! 7 YoWindow ZeroVulnerabilityLabs ExploitShield version 0.9.1 beta . ==== End Of File ===========================


Edited by Orange Blossom, 16 October 2013 - 10:54 PM.
Merged topics. ~ OB


#4 sweidre

sweidre
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Idre, Dalarna, Sweden
  • Local time:04:34 PM

Posted 15 October 2013 - 12:34 AM

Problem Description

I am using Perfect Disk as defragmenter, and it visualizes all blocks with different colors! When the computer is idle, I notice on the Perfect Disk chart, that a lot of purple boot blocks fills the beginning of the chart! This began already in the beginning of January 2013. When the purple blocks fill up the chart, I reload my systemdisk with the latest Norton Ghost (compressed image). Then the Perfect Disk chart looks OK without any purple blocks (until the computer gets idle again). Therefore I save Norton Ghosts of the systemdrive at least every day, so I can get a proper c-drive again, when needed! (I am using Norton Ghost instead of Restoring Points!)

 

Screenshots

I have not yet made any screenshots of the Perfect Disk chart, when the C-drive is OK or when it is full with purple blocks! When requested, I will create some and attach to this thread! 

 

Bye for now,

sweidre



#5 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:34 AM

Posted 17 October 2013 - 10:15 AM

Hi and Welcome!!   
 
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to the topic if you have not already done so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.

 
Having said that....   YBCQLm4.gif   Let's get going!!  
----------
 
Since it has been a few days since you posted the DDS log, please run a new scan with it and then attach both the DDS and Attach.txt logs to your reply.   :)
 
=======================
 

weVCzW0.jpg Please download TDSSKiller

  • Double click TDSSKiller.exe
  • Press Start Scan but do nothing else as we are just looking for what is there.
  • If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
  • Attach the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

----------
 

81mYIKe.jpgAdwCleaner
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#6 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:34 AM

Posted 19 October 2013 - 09:20 AM

Still need help??


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#7 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:34 AM

Posted 20 October 2013 - 10:41 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users