Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

'w' key keep click by itself.....


  • Please log in to reply
25 replies to this topic

#1 drsakura

drsakura

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:53 AM

Posted 16 October 2013 - 11:25 AM

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6000.16982
Run by saya kaya berjaya at 0:03:32 on 2013-10-17
Microsoft® Windows Vista™ Home Premium   6.0.6000.0.1252.1.1033.18.2038.623 [GMT 8:00]
.
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Wise\Wise Care 365\WiseTray.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\PROGRA~1\AD-AWA~1\AdAware.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
C:\Windows\system32\igfxext.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\osk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://us.yahoo.com?fr=fp-comodo
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
TB: &Google: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: &Google: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Ad-Aware Antivirus] "c:\program files\ad-aware antivirus\AdAwareLauncher" --windows-run
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:221
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{376B6E5A-B242-4B6B-B66E-2B2989885DF4} : NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{376B6E5A-B242-4B6B-B66E-2B2989885DF4} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\30.0.1599.69\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\saya kaya berjaya\appdata\roaming\mozilla\firefox\profiles\trcwr0bq.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.my/
FF - prefs.js: keyword.URL - hxxp://us.search.yahoo.com/search?fr=ytff-comodo&p=
FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
FF - ExtSQL: 2013-09-16 20:49; mozilla_cc@internetdownloadmanager.com; c:\users\saya kaya berjaya\appdata\roaming\mozilla\firefox\profiles\trcwr0bq.default\extensions\mozilla_cc@internetdownloadmanager.com
FF - ExtSQL: 2013-10-10 18:01; jid0-oaigUQGA2ZRxwuE73QtybFDjBSo@jetpack; c:\users\saya kaya berjaya\appdata\roaming\mozilla\firefox\profiles\trcwr0bq.default\extensions\jid0-oaigUQGA2ZRxwuE73QtybFDjBSo@jetpack.xpi
FF - ExtSQL: !HIDDEN! 2013-09-30 22:59; mozilla_cc@internetdownloadmanager.com; c:\users\saya kaya berjaya\appdata\roaming\idm\idmmzcc5
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-9-29 13560]
R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2013-9-18 104928]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2012-9-12 66344]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2013-9-15 17920]
R3 athur;Wireless Network Adapter Service;c:\windows\system32\drivers\athur.sys [2013-9-15 1387008]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2007-12-21 28464]
R3 R5U870FLx86;R5U870 UVC Lower Filter  ;c:\windows\system32\drivers\R5U870FLx86.sys [2007-12-21 73472]
R3 R5U870FUx86;R5U870 UVC Upper Filter  ;c:\windows\system32\drivers\R5U870FUx86.sys [2007-12-21 43904]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2007-12-21 9344]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-12-21 818688]
.
=============== File Associations ===============
.
ShellExec: VCExporterLaunch.exe: open="c:\program files\sony\vaio vp utilities\VCELaunch.exe" "%1"
.
=============== Created Last 30 ================
.
2013-10-16 15:31:43    --------    d-----w-    C:\da2211078bf9ef70a58fa5
2013-10-10 12:38:14    --------    d-----w-    c:\users\saya kaya berjaya\appdata\local\temp
2013-10-10 12:37:16    --------    d-sh--w-    C:\$RECYCLE.BIN
2013-10-10 07:17:09    98816    ----a-w-    c:\windows\sed.exe
2013-10-10 07:17:09    256000    ----a-w-    c:\windows\PEV.exe
2013-10-10 07:17:09    208896    ----a-w-    c:\windows\MBR.exe
2013-10-01 09:21:06    69632    ----a-w-    c:\windows\system32\spool\prtprocs\w32x86\CNMPP7X.DLL
2013-10-01 09:21:05    27136    ----a-w-    c:\windows\system32\spool\prtprocs\w32x86\CNMPD7X.DLL
2013-10-01 09:18:05    197632    ----a-w-    c:\windows\system32\CNMLM7X.DLL
2013-09-30 16:54:38    378368    ----a-w-    c:\windows\system32\winhttp.dll
2013-09-30 16:54:07    268800    ----a-w-    c:\windows\system32\es.dll
2013-09-30 15:22:05    --------    d-----w-    c:\users\saya kaya berjaya\appdata\local\DuplicateCleaner
2013-09-30 15:21:54    --------    d-----w-    c:\program files\Duplicate Cleaner
2013-09-30 15:01:01    --------    d-----w-    c:\users\saya kaya berjaya\appdata\roaming\Philipp Winterberg
2013-09-30 15:00:58    --------    d-----w-    c:\program files\Free RAR Extract Frog
2013-09-30 14:59:06    --------    d-----w-    c:\users\saya kaya berjaya\appdata\roaming\IDM
2013-09-30 14:58:58    --------    d-----w-    c:\program files\Internet Download Manager
2013-09-30 07:15:44    --------    d-----w-    c:\users\saya kaya berjaya\appdata\roaming\Wise Care 365
2013-09-30 07:14:11    --------    d-----w-    c:\program files\Wise
2013-09-29 13:25:02    43368    ----a-w-    c:\windows\system32\drivers\gfiark.sys
2013-09-29 13:01:41    --------    d-----w-    c:\programdata\Ad-Aware Antivirus
2013-09-29 13:00:10    --------    d-----w-    c:\users\saya kaya berjaya\appdata\roaming\LavasoftStatistics
2013-09-29 12:57:13    --------    d-----w-    c:\windows\system32\drivers\VDD
2013-09-29 12:57:13    --------    d-----w-    c:\program files\Ad-Aware Antivirus
2013-09-29 12:56:40    --------    d-----w-    c:\programdata\Downloaded Installations
2013-09-29 12:52:03    13560    ----a-w-    c:\windows\system32\drivers\gfibto.sys
2013-09-29 12:52:02    --------    d-----w-    c:\users\saya kaya berjaya\appdata\roaming\Ad-Aware Antivirus
2013-09-29 12:45:41    --------    d-----w-    c:\programdata\CheckPoint
2013-09-29 11:05:41    289792    ----a-w-    c:\windows\system32\atmfd.dll
2013-09-29 11:05:41    156672    ----a-w-    c:\windows\system32\t2embed.dll
2013-09-29 11:05:40    34304    ----a-w-    c:\windows\system32\atmlib.dll
2013-09-29 11:05:40    24064    ----a-w-    c:\windows\system32\lpk.dll
2013-09-29 11:05:40    10240    ----a-w-    c:\windows\system32\dciman32.dll
2013-09-29 11:05:39    72704    ----a-w-    c:\windows\system32\fontsub.dll
2013-09-29 11:02:59    389120    ----a-w-    c:\windows\system32\html.iec
2013-09-29 11:00:30    28672    ----a-w-    c:\windows\system32\FwRemoteSvr.dll
2013-09-29 11:00:29    61440    ----a-w-    c:\windows\system32\winipsec.dll
2013-09-29 11:00:29    361984    ----a-w-    c:\windows\system32\IPSECSVC.DLL
2013-09-29 11:00:29    272896    ----a-w-    c:\windows\system32\polstore.dll
2013-09-29 10:59:38    84992    ----a-w-    c:\windows\system32\drivers\srvnet.sys
2013-09-29 10:59:38    306688    ----a-w-    c:\windows\system32\drivers\srv.sys
2013-09-29 10:58:47    95232    ----a-w-    c:\windows\system32\PortableDeviceClassExtension.dll
2013-09-29 10:58:47    241152    ----a-w-    c:\windows\system32\PortableDeviceApi.dll
2013-09-29 10:58:46    160768    ----a-w-    c:\windows\system32\PortableDeviceTypes.dll
2013-09-29 10:57:32    9728    ----a-w-    c:\windows\system32\TCPSVCS.EXE
2013-09-29 10:57:32    15360    ----a-w-    c:\windows\system32\netevent.dll
2013-09-29 10:57:32    11264    ----a-w-    c:\windows\system32\MRINFO.EXE
2013-09-29 10:57:31    8704    ----a-w-    c:\windows\system32\HOSTNAME.EXE
2013-09-29 10:57:31    103936    ----a-w-    c:\windows\system32\netiohlp.dll
2013-09-29 10:57:30    27136    ----a-w-    c:\windows\system32\NETSTAT.EXE
2013-09-29 10:57:30    19968    ----a-w-    c:\windows\system32\ARP.EXE
2013-09-29 10:57:30    17920    ----a-w-    c:\windows\system32\ROUTE.EXE
2013-09-29 10:57:30    10240    ----a-w-    c:\windows\system32\finger.exe
2013-09-29 10:55:47    704000    ----a-w-    c:\windows\system32\PhotoScreensaver.scr
2013-09-29 10:55:46    356352    ----a-w-    c:\windows\system32\wbem\wbemcomn.dll
2013-09-29 10:55:42    24064    ----a-w-    c:\windows\system32\wtsapi32.dll
2013-09-29 10:55:41    20920    ----a-w-    c:\windows\system32\drivers\compbatt.sys
2013-09-29 10:55:40    258232    ----a-w-    c:\windows\system32\drivers\acpi.sys
2013-09-29 10:55:39    28344    ----a-w-    c:\windows\system32\drivers\battc.sys
2013-09-29 10:55:39    14208    ----a-w-    c:\windows\system32\drivers\CmBatt.sys
2013-09-29 10:55:35    542720    ----a-w-    c:\windows\system32\sysmain.dll
2013-09-29 10:54:48    110080    ----a-w-    c:\windows\system32\drivers\mrxdav.sys
2013-09-29 10:54:47    194560    ----a-w-    c:\windows\system32\WebClnt.dll
2013-09-29 10:54:01    123904    ----a-w-    c:\windows\system32\L2SecHC.dll
2013-09-29 10:53:59    67584    ----a-w-    c:\windows\system32\wlanhlp.dll
2013-09-29 10:53:59    47104    ----a-w-    c:\windows\system32\wlanapi.dll
2013-09-29 10:53:59    290816    ----a-w-    c:\windows\system32\wlanmsm.dll
2013-09-29 10:53:58    502272    ----a-w-    c:\windows\system32\wlansvc.dll
2013-09-29 10:53:58    297984    ----a-w-    c:\windows\system32\wlansec.dll
2013-09-29 10:52:45    2048    ----a-w-    c:\windows\system32\msxml3r.dll
2013-09-29 10:52:45    1260032    ----a-w-    c:\windows\system32\msxml3.dll
2013-09-29 10:52:43    2048    ----a-w-    c:\windows\system32\msxml6r.dll
2013-09-29 10:52:43    1406464    ----a-w-    c:\windows\system32\msxml6.dll
2013-09-29 10:51:43    216576    ----a-w-    c:\windows\system32\msv1_0.dll
2013-09-29 10:50:44    211968    ----a-w-    c:\windows\system32\drivers\mrxsmb10.sys
2013-09-29 10:50:43    58368    ----a-w-    c:\windows\system32\drivers\mrxsmb20.sys
2013-09-29 10:50:43    102400    ----a-w-    c:\windows\system32\drivers\mrxsmb.sys
2013-09-29 10:49:46    2855424    ----a-w-    c:\windows\system32\mf.dll
2013-09-29 10:49:45    98816    ----a-w-    c:\windows\system32\mfps.dll
2013-09-29 10:49:45    52736    ----a-w-    c:\windows\system32\rrinstaller.exe
2013-09-29 10:49:45    2048    ----a-w-    c:\windows\system32\mferror.dll
2013-09-29 10:49:44    24576    ----a-w-    c:\windows\system32\mfpmp.exe
2013-09-29 10:48:24    3502480    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-09-29 10:48:24    3468168    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-09-29 10:46:43    434176    ----a-w-    c:\windows\system32\vbscript.dll
2013-09-29 10:45:55    71680    ----a-w-    c:\windows\system32\atl.dll
2013-09-29 10:45:09    297472    ----a-w-    c:\windows\system32\gdi32.dll
2013-09-29 10:44:28    1060920    ----a-w-    c:\windows\system32\drivers\ntfs.sys
2013-09-29 10:44:27    41984    ----a-w-    c:\windows\system32\drivers\monitor.sys
2013-09-29 10:42:31    500736    ----a-w-    c:\windows\system32\msdtcprx.dll
2013-09-29 10:42:31    30208    ----a-w-    c:\windows\system32\xolehlp.dll
2013-09-29 10:41:47    156160    ----a-w-    c:\windows\system32\wkssvc.dll
2013-09-29 10:41:00    116736    ----a-w-    c:\windows\system32\aaclient.dll
2013-09-29 10:40:59    36352    ----a-w-    c:\windows\system32\tsgqec.dll
2013-09-29 10:40:59    1871872    ----a-w-    c:\windows\system32\mstscax.dll
2013-09-29 10:40:06    303616    ----a-w-    c:\windows\system32\wmpeffects.dll
2013-09-29 10:38:34    713728    ----a-w-    c:\windows\system32\timedate.cpl
2013-09-29 10:37:04    1700352    ----a-w-    c:\windows\system32\gdiplus.dll
2013-09-29 10:36:15    150016    ----a-w-    c:\program files\movie maker\MOVIEMK.exe
2013-09-29 10:36:14    10922496    ----a-w-    c:\program files\movie maker\MOVIEMK.dll
2013-09-29 10:36:13    23040    ----a-w-    c:\program files\movie maker\WMM2EXT.dll
2013-09-29 10:36:13    195072    ----a-w-    c:\program files\movie maker\WMM2AE.dll
2013-09-29 10:33:34    1244672    ----a-w-    c:\windows\system32\mcmde.dll
2013-09-29 10:33:33    177152    ----a-w-    c:\windows\system32\mpg2splt.ax
2013-09-29 10:33:32    80896    ----a-w-    c:\windows\system32\MSNP.ax
2013-09-29 10:33:32    428032    ----a-w-    c:\windows\system32\EncDec.dll
2013-09-29 10:33:31    68608    ----a-w-    c:\windows\system32\Mpeg2Data.ax
2013-09-29 10:33:31    217088    ----a-w-    c:\windows\system32\psisrndr.ax
2013-09-29 10:33:30    57856    ----a-w-    c:\windows\system32\MSDvbNP.ax
2013-09-29 10:33:30    292352    ----a-w-    c:\windows\system32\psisdecd.dll
2013-09-29 10:29:24    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-09-29 10:28:29    696832    ----a-w-    c:\windows\system32\localspl.dll
2013-09-29 10:27:47    45112    ----a-w-    c:\windows\system32\drivers\pciidex.sys
2013-09-29 10:27:47    21560    ----a-w-    c:\windows\system32\drivers\atapi.sys
2013-09-29 10:27:46    17464    ----a-w-    c:\windows\system32\drivers\intelide.sys
2013-09-29 10:27:46    109624    ----a-w-    c:\windows\system32\drivers\ataport.sys
2013-09-29 10:27:43    211000    ----a-w-    c:\windows\system32\drivers\volsnap.sys
2013-09-29 10:27:42    154624    ----a-w-    c:\windows\system32\drivers\nwifi.sys
2013-09-29 10:27:12    2923520    ----a-w-    c:\windows\explorer.exe
2013-09-29 10:25:54    494592    ----a-w-    c:\windows\system32\kerberos.dll
2013-09-29 10:25:52    408136    ----a-w-    c:\windows\system32\drivers\ksecdd.sys
2013-09-29 10:25:52    175104    ----a-w-    c:\windows\system32\wdigest.dll
2013-09-29 10:25:51    7680    ----a-w-    c:\windows\system32\lsass.exe
2013-09-29 10:25:51    72704    ----a-w-    c:\windows\system32\secur32.dll
2013-09-29 10:25:51    1233920    ----a-w-    c:\windows\system32\lsasrv.dll
2013-09-29 10:25:48    272384    ----a-w-    c:\windows\system32\schannel.dll
2013-09-29 10:25:06    24064    ----a-w-    c:\windows\system32\netcfg.exe
2013-09-29 10:24:37    29184    ----a-w-    c:\windows\system32\drivers\BTHUSB.SYS
2013-09-29 10:24:37    220160    ----a-w-    c:\windows\system32\drivers\bthport.sys
2013-09-29 10:24:37    19456    ----a-w-    c:\windows\system32\drivers\bthenum.sys
2013-09-29 10:24:37    181760    ----a-w-    c:\windows\system32\fsquirt.exe
2013-09-29 10:22:47    1585664    ----a-w-    c:\windows\system32\setupapi.dll
2013-09-29 10:18:23    549888    ----a-w-    c:\windows\system32\rpcss.dll
2013-09-29 10:18:19    654336    ----a-w-    c:\windows\system32\printfilterpipelinesvc.exe
2013-09-29 10:18:19    24576    ----a-w-    c:\windows\system32\printfilterpipelineprxy.dll
2013-09-29 10:18:17    501760    ----a-w-    c:\windows\system32\wbem\WmiPrvSD.dll
2013-09-29 10:18:17    247296    ----a-w-    c:\windows\system32\wbem\WmiPrvSE.exe
2013-09-29 10:18:17    130560    ----a-w-    c:\windows\system32\wbem\WmiDcPrv.dll
2013-09-29 10:18:16    614912    ----a-w-    c:\windows\system32\wbem\fastprox.dll
2013-09-29 10:18:14    53248    ----a-w-    c:\windows\system32\iasads.dll
2013-09-29 10:18:13    97280    ----a-w-    c:\windows\system32\iasrecst.dll
2013-09-29 10:18:13    37888    ----a-w-    c:\windows\system32\iasdatastore.dll
2013-09-29 10:18:13    158720    ----a-w-    c:\windows\system32\sdohlp.dll
2013-09-29 10:17:27    62464    ----a-w-    c:\windows\system32\l3codeca.acm
2013-09-29 10:17:27    220672    ----a-w-    c:\windows\system32\l3codecp.acm
2013-09-29 10:16:03    25088    ----a-w-    c:\windows\system32\drivers\tunnel.sys
2013-09-29 10:16:03    179712    ----a-w-    c:\windows\system32\iphlpsvc.dll
2013-09-29 10:16:02    15360    ----a-w-    c:\windows\system32\drivers\TUNMP.SYS
2013-09-29 10:16:01    213592    ----a-w-    c:\windows\system32\drivers\netio.sys
2013-09-29 10:16:00    815104    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-09-29 10:16:00    22016    ----a-w-    c:\windows\system32\netiougc.exe
2013-09-29 10:16:00    167424    ----a-w-    c:\windows\system32\tcpipcfg.dll
2013-09-29 10:15:04    454656    ----a-w-    c:\program files\common files\system\msadc\msadce.dll
2013-09-29 10:14:35    9728    ----a-w-    c:\windows\system32\LAPRXY.DLL
2013-09-29 10:14:35    223232    ----a-w-    c:\windows\system32\WMASF.DLL
2013-09-29 10:14:35    2048    ----a-w-    c:\windows\system32\asferror.dll
2013-09-29 10:13:57    25600    ----a-w-    c:\windows\system32\amxread.dll
2013-09-29 10:13:57    14848    ----a-w-    c:\windows\system32\apilogen.dll
2013-09-29 10:13:04    223232    ----a-w-    c:\windows\system32\SLC.dll
2013-09-29 10:13:03    268288    ----a-w-    c:\windows\system32\mcbuilder.exe
2013-09-29 10:13:02    33280    ----a-w-    c:\windows\system32\slwmi.dll
2013-09-29 10:13:00    566784    ----a-w-    c:\windows\system32\SLCommDlg.dll
2013-09-29 10:12:59    57856    ----a-w-    c:\windows\system32\SLUINotify.dll
2013-09-29 10:12:59    351232    ----a-w-    c:\windows\system32\SLUI.exe
2013-09-29 10:12:59    186368    ----a-w-    c:\windows\system32\SLLUA.exe
2013-09-29 10:12:57    39936    ----a-w-    c:\windows\system32\slcinst.dll
2013-09-29 10:12:57    2605568    ----a-w-    c:\windows\system32\SLsvc.exe
2013-09-29 10:12:17    425472    ----a-w-    c:\windows\system32\PhotoMetadataHandler.dll
2013-09-29 10:12:16    712192    ----a-w-    c:\windows\system32\WindowsCodecs.dll
2013-09-29 10:12:15    347136    ----a-w-    c:\windows\system32\WindowsCodecsExt.dll
2013-09-29 10:11:08    37376    ----a-w-    c:\windows\system32\printcom.dll
2013-09-29 10:11:07    441856    ----a-w-    c:\windows\system32\win32spl.dll
2013-09-29 10:10:30    2031104    ----a-w-    c:\windows\system32\win32k.sys
2013-09-29 10:09:56    14848    ----a-w-    c:\windows\system32\wshrm.dll
2013-09-29 10:09:56    113664    ----a-w-    c:\windows\system32\drivers\rmcast.sys
2013-09-29 10:09:12    313344    ----a-w-    c:\windows\system32\wmpdxm.dll
2013-09-29 10:09:11    43520    ----a-w-    c:\windows\system32\msdxm.tlb
2013-09-29 10:09:11    18432    ----a-w-    c:\windows\system32\amcompat.tlb
2013-09-29 10:08:05    435712    ----a-w-    c:\windows\system32\RMActivate_ssp.exe
2013-09-29 10:08:05    312320    ----a-w-    c:\windows\system32\msdrm.dll
2013-09-29 10:08:04    154112    ----a-w-    c:\windows\system32\secproc_ssp.dll
2013-09-29 10:08:03    154624    ----a-w-    c:\windows\system32\secproc_ssp_isv.dll
2013-09-29 10:08:02    431104    ----a-w-    c:\windows\system32\RMActivate_ssp_isv.exe
2013-09-29 10:08:01    515584    ----a-w-    c:\windows\system32\RMActivate.exe
2013-09-29 10:08:01    472576    ----a-w-    c:\windows\system32\secproc.dll
2013-09-29 10:07:59    523776    ----a-w-    c:\windows\system32\RMActivate_isv.exe
2013-09-29 10:07:59    473088    ----a-w-    c:\windows\system32\secproc_isv.dll
2013-09-29 10:07:08    66048    ----a-w-    c:\program files\windows sidebar\sbdrop.dll
2013-09-29 10:07:08    1232896    ----a-w-    c:\program files\windows sidebar\sidebar.exe
2013-09-29 10:07:08    11776    ----a-w-    c:\windows\system32\sbunattend.exe
2013-09-29 10:06:28    83968    ----a-w-    c:\windows\system32\dnsrslvr.dll
2013-09-29 10:06:27    24576    ----a-w-    c:\windows\system32\dnscacheugc.exe
2013-09-29 10:05:18    28672    ----a-w-    c:\windows\system32\Apphlpdm.dll
2013-09-29 10:05:12    4247552    ----a-w-    c:\windows\system32\GameUXLegacyGDFs.dll
2013-09-29 10:05:10    1686528    ----a-w-    c:\windows\system32\gameux.dll
2013-09-29 10:04:00    94720    ----a-w-    c:\windows\system32\logagent.exe
2013-09-29 10:03:59    996352    ----a-w-    c:\windows\system32\WMNetMgr.dll
2013-09-29 10:03:07    148992    ----a-w-    c:\windows\system32\drivers\ks.sys
2013-09-29 10:02:46    84480    ----a-w-    c:\windows\system32\INETRES.dll
2013-09-29 10:02:45    737792    ----a-w-    c:\windows\system32\inetcomm.dll
2013-09-29 10:02:11    60928    ----a-w-    c:\windows\system32\msasn1.dll
2013-09-29 10:01:38    1645568    ----a-w-    c:\windows\system32\connect.dll
2013-09-29 10:01:01    788992    ----a-w-    c:\windows\system32\rpcrt4.dll
2013-09-29 09:59:28    31232    ----a-w-    c:\windows\system32\httpapi.dll
2013-09-29 09:59:27    396800    ----a-w-    c:\windows\system32\drivers\http.sys
2013-09-29 09:59:26    24064    ----a-w-    c:\windows\system32\nshhttp.dll
2013-09-29 09:56:48    130048    ----a-w-    c:\windows\system32\drivers\srv2.sys
2013-09-29 09:55:53    274432    ----a-w-    c:\windows\system32\raschap.dll
2013-09-29 09:55:53    232960    ----a-w-    c:\windows\system32\rastls.dll
2013-09-29 09:55:21    321536    ----a-w-    c:\windows\system32\WSDApi.dll
2013-09-29 09:52:57    22528    ----a-w-    c:\windows\system32\msyuv.dll
2013-09-29 09:52:56    50176    ----a-w-    c:\windows\system32\iyuv_32.dll
2013-09-29 09:52:56    11776    ----a-w-    c:\windows\system32\tsbyuv.dll
2013-09-29 09:52:55    1327616    ----a-w-    c:\windows\system32\quartz.dll
2013-09-29 09:52:54    65024    ----a-w-    c:\windows\system32\avicap32.dll
2013-09-29 09:52:54    123904    ----a-w-    c:\windows\system32\msvfw32.dll
2013-09-29 09:52:53    88576    ----a-w-    c:\windows\system32\avifil32.dll
2013-09-29 09:52:53    82944    ----a-w-    c:\windows\system32\mciavi32.dll
2013-09-29 09:52:53    31232    ----a-w-    c:\windows\system32\msvidc32.dll
2013-09-29 09:52:52    13312    ----a-w-    c:\windows\system32\msrle32.dll
2013-09-29 09:52:01    604672    ----a-w-    c:\windows\system32\WMSPDMOD.DLL
2013-09-29 09:51:19    8147968    ----a-w-    c:\windows\system32\wmploc.DLL
2013-09-29 09:51:16    7680    ----a-w-    c:\windows\system32\spwmp.dll
2013-09-29 09:51:16    168960    ----a-w-    c:\program files\windows media player\wmplayer.exe
2013-09-29 09:51:16    107520    ----a-w-    c:\program files\windows media player\wmpshare.exe
2013-09-29 09:51:15    4096    ----a-w-    c:\windows\system32\dxmasf.dll
2013-09-29 09:51:14    4096    ----a-w-    c:\windows\system32\msdxm.ocx
2013-09-29 09:51:14    107520    ----a-w-    c:\program files\windows media player\wmpconfig.exe
2013-09-29 09:51:08    1418240    ----a-w-    c:\program files\windows media player\setup_wm.exe
2013-09-29 09:51:07    311296    ----a-w-    c:\windows\system32\unregmp2.exe
2013-09-29 06:22:40    --------    d-----w-    c:\program files\AdTrustMedia
2013-09-29 06:22:39    --------    d-----w-    c:\programdata\Adtrustmedia
2013-09-29 06:22:19    --------    d-----w-    c:\programdata\COMODO
2013-09-29 06:21:30    --------    d-----w-    c:\users\saya kaya berjaya\appdata\local\Comodo
2013-09-29 06:02:04    2565432    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2013-09-29 06:01:21    7328304    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{6fd00602-233a-438f-b264-8954c57f6048}\mpengine.dll
2013-09-29 06:01:16    238872    ------w-    c:\windows\system32\MpSigStub.exe
2013-09-29 04:35:58    --------    d-----w-    c:\users\saya kaya berjaya\appdata\roaming\QuickScan
2013-09-18 10:56:01    104928    ----a-w-    c:\windows\system32\drivers\idmwfp.sys
.
==================== Find3M  ====================
.
2013-10-09 06:34:46    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-09 06:34:46    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-09-30 16:53:20    36864    ----a-w-    c:\windows\system32\drivers\en-us\http.sys.mui
2013-09-29 11:03:12    72704    ----a-w-    c:\windows\system32\admparse.dll
2013-09-29 11:03:09    52736    ----a-w-    c:\windows\apppatch\iebrshim.dll
2013-09-29 11:03:08    832512    ----a-w-    c:\windows\system32\wininet.dll
2013-09-29 11:02:57    78336    ----a-w-    c:\windows\system32\ieencode.dll
2013-09-29 11:02:57    48128    ----a-w-    c:\windows\system32\mshtmler.dll
2013-09-29 11:02:54    1383424    ----a-w-    c:\windows\system32\mshtml.tlb
2013-09-29 11:02:49    1830912    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-09-29 11:02:47    26624    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-09-29 11:02:41    56320    ----a-w-    c:\windows\system32\iesetup.dll
2013-09-29 10:13:57    40960    ----a-w-    c:\windows\apppatch\apihex86.dll
2013-09-29 10:05:18    2560    ----a-w-    c:\windows\apppatch\AcRes.dll
2013-09-29 10:05:16    2143744    ----a-w-    c:\windows\apppatch\AcGenral.dll
2013-09-29 10:05:15    449024    ----a-w-    c:\windows\apppatch\AcSpecfc.dll
2013-09-29 10:05:14    537600    ----a-w-    c:\windows\apppatch\AcLayers.dll
2013-09-29 10:05:13    173056    ----a-w-    c:\windows\apppatch\AcXtrnal.dll
2013-09-16 13:14:58    171520    ----a-w-    c:\windows\system32\wintrust.dll
2013-09-16 13:13:48    97792    ----a-w-    c:\windows\system32\cabview.dll
.
============= FINISH:  0:05:08.27 ===============
 

 

actually i just format my laptop recently....after that, i install antivirus and some program....suddenly, key 'w' keep click like wwwwwwwww any page or in search box at start menu....it also appear with some sound....1st, i install avast...then, comodo....when i install both antivirus n 'w' key is click by itself i change my antivirus again...n now ad-aware antivirus....after i install ad-aware i think my computer become better....but, sometime key 'w' is click by itself again....n also the sound....when, 'w' key is click by itself....if i click 'w' key its not appear....but sometime, when i open my computer n 'w' key is not click by itself i can use my computer as usual....i also don't know what is my computer problem since it happen sometime n not all the time....i hope u can help me solve this problem since IT is not my expertise.....thanx....

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:53 PM

Posted 19 October 2013 - 09:06 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: Turorial
Link 1
Link 2

IMPORTANT !!! Save ComboFix.exe to your Desktop

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Please paste the logs in your next reply DO NOT ATTACH THEM.
Let me know what problem persists.

#3 drsakura

drsakura
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:53 AM

Posted 22 October 2013 - 07:35 AM

RogueKiller V8.7.5 [Oct 22 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6000 ) 32 bits version
Started in : Normal mode
User : saya kaya berjaya [Admin rights]
Mode : Scan -- Date : 10/22/2013 20:05:36
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][SUSP PATH] CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805} : C:\ProgramData\cis8813.exe - --PostUninstall {15198508-521A-4D69-8E5B-B94A6CCFF805} [x][x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Inline] EAT @explorer.exe (?MILLIS_PER_SECOND@GCDate@@2JB) : GrooveUtil.DLL -> HOOKED (Unknown @ 0xC8F70CD4)
[Inline] EAT @explorer.exe (?ms_GlobalPointersInitializationSemaphore@GCUtilDLL@@2VGCReentrantSemaphore@@A) : GrooveUtil.DLL -> HOOKED (Unknown @ 0x67FAA75E)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost
::1             localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MK1637GSX ATA Device +++++
--- User ---
[MBR] f567f7452aab3a1b22333ce1fc1e9ad2
[BSP] 7fc212e1dc1e4b00c868abc55c30fc88 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10019 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20520960 | Size: 142606 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_10222013_200536.txt >>

RogueKiller V8.7.5 [Oct 22 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6000 ) 32 bits version
Started in : Normal mode
User : saya kaya berjaya [Admin rights]
Mode : Remove -- Date : 10/22/2013 20:05:50
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> REPLACED (1)
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> REPLACED (1)
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowRun (0) -> REPLACED (1)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][SUSP PATH] CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805} : C:\ProgramData\cis8813.exe - --PostUninstall {15198508-521A-4D69-8E5B-B94A6CCFF805} [x][x] -> DELETED

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Inline] EAT @explorer.exe (?MILLIS_PER_SECOND@GCDate@@2JB) : GrooveUtil.DLL -> HOOKED (Unknown @ 0xC8F70CD4)
[Inline] EAT @explorer.exe (?ms_GlobalPointersInitializationSemaphore@GCUtilDLL@@2VGCReentrantSemaphore@@A) : GrooveUtil.DLL -> HOOKED (Unknown @ 0x67FAA75E)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost
::1             localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MK1637GSX ATA Device +++++
--- User ---
[MBR] f567f7452aab3a1b22333ce1fc1e9ad2
[BSP] 7fc212e1dc1e4b00c868abc55c30fc88 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10019 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20520960 | Size: 142606 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_10222013_200550.txt >>
RKreport[0]_S_10222013_200536.txt
 

# AdwCleaner v3.010 - Report created 22/10/2013 at 20:09:57
# Updated 20/10/2013 by Xplode
# Operating System : Windows Vista ™ Home Premium  (32 bits)
# Username : saya kaya berjaya - DISK-PC
# Running from : C:\Users\saya kaya berjaya\Desktop\dr_heart\LaEn2\Program\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\boost_interprocess

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\Software\DigitalVolcano\OpenCandy

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6000.16982


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\saya kaya berjaya\AppData\Roaming\Mozilla\Firefox\Profiles\trcwr0bq.default\prefs.js ]


-\\ Google Chrome v30.0.1599.101

[ File : C:\Users\saya kaya berjaya\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1060 octets] - [22/10/2013 20:08:13]
AdwCleaner[S0].txt - [989 octets] - [22/10/2013 20:09:57]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1048 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows Vista ™ Home Premium x86
Ran by saya kaya berjaya on Tue 10/22/2013 at 20:16:19.51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\adawarebp



~~~ Files

Successfully deleted: [File] "C:\Windows\Tasks\wise care 365.job"



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\saya kaya berjaya\AppData\Roaming\mozilla\firefox\profiles\trcwr0bq.default\minidumps [6 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\saya kaya berjaya\appdata\local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 10/22/2013 at 20:19:25.73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

wwwComboFix 13-10-21.01 - saya kaya berjaya 10/22/2013  20:22:27.3.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6000.0.1252.1.1033.18.2038.1148 [GMT 8:00]
Running from: c:\users\saya kaya berjaya\Desktop\dr_heart\LaEn2\Program\ComboFix.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-09-22 to 2013-10-22  )))))))))))))))))))))))))))))))
.
.
2013-10-22 12:28 . 2013-10-22 12:28    --------    d-----w-    c:\users\saya kaya berjaya\AppData\Local\temp
2013-10-22 12:28 . 2013-10-22 12:28    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-10-22 12:16 . 2013-10-22 12:16    --------    d-----w-    c:\windows\ERUNT
2013-10-22 12:07 . 2013-10-22 12:10    --------    d-----w-    C:\AdwCleaner
2013-10-21 08:39 . 2013-10-21 08:45    --------    d-----w-    c:\windows\system32\MRT
2013-10-21 07:54 . 2008-06-20 01:17    97800    ----a-w-    c:\windows\system32\infocardapi.dll
2013-10-21 07:54 . 2008-06-20 01:18    105016    ----a-w-    c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-21 07:54 . 2008-06-20 01:17    622080    ----a-w-    c:\windows\system32\icardagt.exe
2013-10-21 07:54 . 2008-06-20 01:17    37384    ----a-w-    c:\windows\system32\infocardcpl.cpl
2013-10-21 07:54 . 2008-06-20 01:18    43544    ----a-w-    c:\windows\system32\PresentationHostProxy.dll
2013-10-21 07:54 . 2008-06-20 01:17    11264    ----a-w-    c:\windows\system32\icardres.dll
2013-10-21 07:54 . 2008-06-20 01:18    781344    ----a-w-    c:\windows\system32\PresentationNative_v0300.dll
2013-10-21 07:53 . 2008-06-20 01:18    326160    ----a-w-    c:\windows\system32\PresentationHost.exe
2013-10-21 07:33 . 2008-07-27 18:00    96760    ----a-w-    c:\windows\system32\dfshim.dll
2013-10-21 07:33 . 2008-07-27 18:00    282112    ----a-w-    c:\windows\system32\mscoree.dll
2013-10-21 07:33 . 2008-07-27 18:00    41984    ----a-w-    c:\windows\system32\netfxperf.dll
2013-10-21 07:33 . 2008-07-27 18:00    158720    ----a-w-    c:\windows\system32\mscorier.dll
2013-10-21 07:33 . 2008-07-27 18:00    83968    ----a-w-    c:\windows\system32\mscories.dll
2013-10-21 07:21 . 2008-06-26 00:33    12240896    ----a-w-    c:\windows\system32\NlsLexicons0007.dll
2013-10-21 07:21 . 2008-06-26 00:33    2644480    ----a-w-    c:\windows\system32\NlsLexicons0009.dll
2013-10-21 07:19 . 2008-06-26 00:34    1558016    ----a-w-    c:\windows\system32\NlsLexicons0049.dll
2013-10-21 07:19 . 2008-06-26 00:34    1702912    ----a-w-    c:\windows\system32\NlsLexicons004b.dll
2013-10-21 07:19 . 2008-06-26 00:33    1808896    ----a-w-    c:\windows\system32\NlsLexicons0046.dll
2013-10-21 07:19 . 2008-06-26 00:33    1411072    ----a-w-    c:\windows\system32\NlsLexicons0047.dll
2013-10-21 07:19 . 2008-06-26 00:34    1236992    ----a-w-    c:\windows\system32\NlsLexicons0020.dll
2013-10-21 07:19 . 2008-06-26 00:34    4096    ----a-w-    c:\windows\system32\NlsLexicons002a.dll
2013-10-21 07:19 . 2008-06-26 00:34    1793536    ----a-w-    c:\windows\system32\NlsLexicons0045.dll
2013-10-21 07:19 . 2008-06-26 00:33    1782272    ----a-w-    c:\windows\system32\NlsLexicons0039.dll
2013-10-21 07:19 . 2008-06-26 00:33    1452544    ----a-w-    c:\windows\system32\NlsLexicons0003.dll
2013-10-21 07:19 . 2008-06-26 00:33    1722368    ----a-w-    c:\windows\system32\NlsLexicons000d.dll
2013-10-01 13:54 . 2013-10-01 13:54    --------    d-----w-    c:\users\saya kaya berjaya\AppData\Roaming\ArcSoft
2013-10-01 09:21 . 2013-10-01 09:21    --------    d--h--w-    c:\programdata\CanonBJ
2013-10-01 09:21 . 2006-09-12 21:00    69632    ----a-w-    c:\windows\system32\Spool\prtprocs\w32x86\CNMPP7X.DLL
2013-10-01 09:21 . 2006-09-12 21:00    27136    ----a-w-    c:\windows\system32\Spool\prtprocs\w32x86\CNMPD7X.DLL
2013-10-01 09:20 . 2013-10-01 09:20    --------    d--h--w-    c:\windows\system32\CanonIJ Uninstaller Information
2013-10-01 09:18 . 2006-09-12 21:00    197632    ----a-w-    c:\windows\system32\CNMLM7X.DLL
2013-10-01 09:17 . 2013-10-01 09:17    --------    d--h--w-    c:\program files\CanonBJ
2013-09-30 16:54 . 2013-09-30 16:54    378368    ----a-w-    c:\windows\system32\winhttp.dll
2013-09-30 16:54 . 2013-09-30 16:54    268800    ----a-w-    c:\windows\system32\es.dll
2013-09-30 15:22 . 2013-09-30 15:22    --------    d-----w-    c:\users\saya kaya berjaya\AppData\Local\DuplicateCleaner
2013-09-30 15:21 . 2013-09-30 15:21    --------    d-----w-    c:\program files\Duplicate Cleaner
2013-09-30 15:01 . 2013-09-30 15:01    --------    d-----w-    c:\users\saya kaya berjaya\AppData\Roaming\Philipp Winterberg
2013-09-30 15:00 . 2013-09-30 15:00    --------    d-----w-    c:\program files\Free RAR Extract Frog
2013-09-30 14:59 . 2013-10-18 06:14    --------    d-----w-    c:\users\saya kaya berjaya\AppData\Roaming\IDM
2013-09-30 14:58 . 2013-09-30 14:59    --------    d-----w-    c:\program files\Internet Download Manager
2013-09-30 07:15 . 2013-10-22 12:12    --------    d-----w-    c:\users\saya kaya berjaya\AppData\Roaming\Wise Care 365
2013-09-30 07:14 . 2013-09-30 07:14    --------    d-----w-    c:\program files\Wise
2013-09-29 13:25 . 2013-05-23 00:39    43368    ----a-w-    c:\windows\system32\drivers\gfiark.sys
2013-09-29 13:01 . 2013-09-29 13:05    --------    d-----w-    c:\programdata\Ad-Aware Antivirus
2013-09-29 13:00 . 2013-09-29 13:02    --------    d-----w-    c:\users\saya kaya berjaya\AppData\Roaming\LavasoftStatistics
2013-09-29 12:57 . 2013-10-17 12:59    --------    d-----w-    c:\programdata\Lavasoft
2013-09-29 12:57 . 2013-10-21 23:07    --------    d-----w-    c:\program files\Ad-Aware Antivirus
2013-09-29 12:57 . 2013-09-29 12:57    --------    d-----w-    c:\windows\system32\drivers\VDD
2013-09-29 12:56 . 2013-09-29 12:56    --------    d-----w-    c:\programdata\Downloaded Installations
2013-09-29 12:52 . 2013-09-29 12:52    13560    ----a-w-    c:\windows\system32\drivers\gfibto.sys
2013-09-29 12:52 . 2013-09-29 22:52    --------    d-----w-    c:\users\saya kaya berjaya\AppData\Roaming\Ad-Aware Antivirus
2013-09-29 12:45 . 2013-09-29 12:45    --------    d-----w-    c:\programdata\CheckPoint
2013-09-29 11:05 . 2013-09-29 11:05    289792    ----a-w-    c:\windows\system32\atmfd.dll
2013-09-29 11:05 . 2013-09-29 11:05    156672    ----a-w-    c:\windows\system32\t2embed.dll
2013-09-29 11:05 . 2013-09-29 11:05    34304    ----a-w-    c:\windows\system32\atmlib.dll
2013-09-29 11:05 . 2013-09-29 11:05    24064    ----a-w-    c:\windows\system32\lpk.dll
2013-09-29 11:05 . 2013-09-29 11:05    10240    ----a-w-    c:\windows\system32\dciman32.dll
2013-09-29 11:05 . 2013-09-29 11:05    72704    ----a-w-    c:\windows\system32\fontsub.dll
2013-09-29 11:02 . 2013-09-29 11:02    389120    ----a-w-    c:\windows\system32\html.iec
2013-09-29 11:00 . 2013-09-29 11:00    28672    ----a-w-    c:\windows\system32\FwRemoteSvr.dll
2013-09-29 11:00 . 2013-09-29 11:00    61440    ----a-w-    c:\windows\system32\winipsec.dll
2013-09-29 11:00 . 2013-09-29 11:00    361984    ----a-w-    c:\windows\system32\IPSECSVC.DLL
2013-09-29 11:00 . 2013-09-29 11:00    272896    ----a-w-    c:\windows\system32\polstore.dll
2013-09-29 10:59 . 2013-09-29 10:59    84992    ----a-w-    c:\windows\system32\drivers\srvnet.sys
2013-09-29 10:59 . 2013-09-29 10:59    306688    ----a-w-    c:\windows\system32\drivers\srv.sys
2013-09-29 10:58 . 2013-09-29 10:58    95232    ----a-w-    c:\windows\system32\PortableDeviceClassExtension.dll
2013-09-29 10:58 . 2013-09-29 10:58    241152    ----a-w-    c:\windows\system32\PortableDeviceApi.dll
2013-09-29 10:58 . 2013-09-29 10:58    160768    ----a-w-    c:\windows\system32\PortableDeviceTypes.dll
2013-09-29 10:57 . 2013-09-29 10:57    9728    ----a-w-    c:\windows\system32\TCPSVCS.EXE
2013-09-29 10:57 . 2013-09-29 10:57    15360    ----a-w-    c:\windows\system32\netevent.dll
2013-09-29 10:57 . 2013-09-29 10:57    11264    ----a-w-    c:\windows\system32\MRINFO.EXE
2013-09-29 10:57 . 2013-09-29 10:57    8704    ----a-w-    c:\windows\system32\HOSTNAME.EXE
2013-09-29 10:57 . 2013-09-29 10:57    103936    ----a-w-    c:\windows\system32\netiohlp.dll
2013-09-29 10:57 . 2013-09-29 10:57    27136    ----a-w-    c:\windows\system32\NETSTAT.EXE
2013-09-29 10:57 . 2013-09-29 10:57    19968    ----a-w-    c:\windows\system32\ARP.EXE
2013-09-29 10:57 . 2013-09-29 10:57    17920    ----a-w-    c:\windows\system32\ROUTE.EXE
2013-09-29 10:57 . 2013-09-29 10:57    10240    ----a-w-    c:\windows\system32\finger.exe
2013-09-29 10:55 . 2013-09-29 10:55    704000    ----a-w-    c:\windows\system32\PhotoScreensaver.scr
2013-09-29 10:55 . 2013-09-29 10:55    356352    ----a-w-    c:\windows\system32\wbem\wbemcomn.dll
2013-09-29 10:55 . 2013-09-29 10:55    24064    ----a-w-    c:\windows\system32\wtsapi32.dll
2013-09-29 10:55 . 2013-09-29 10:55    20920    ----a-w-    c:\windows\system32\drivers\compbatt.sys
2013-09-29 10:55 . 2013-09-29 10:55    258232    ----a-w-    c:\windows\system32\drivers\acpi.sys
2013-09-29 10:55 . 2013-09-29 10:55    28344    ----a-w-    c:\windows\system32\drivers\battc.sys
2013-09-29 10:55 . 2013-09-29 10:55    14208    ----a-w-    c:\windows\system32\drivers\CmBatt.sys
2013-09-29 10:55 . 2013-09-29 10:55    542720    ----a-w-    c:\windows\system32\sysmain.dll
2013-09-29 10:54 . 2013-09-29 10:54    110080    ----a-w-    c:\windows\system32\drivers\mrxdav.sys
2013-09-29 10:54 . 2013-09-29 10:54    194560    ----a-w-    c:\windows\system32\WebClnt.dll
2013-09-29 10:54 . 2013-09-29 10:54    123904    ----a-w-    c:\windows\system32\L2SecHC.dll
2013-09-29 10:53 . 2013-09-29 10:53    67584    ----a-w-    c:\windows\system32\wlanhlp.dll
2013-09-29 10:53 . 2013-09-29 10:53    47104    ----a-w-    c:\windows\system32\wlanapi.dll
2013-09-29 10:53 . 2013-09-29 10:53    290816    ----a-w-    c:\windows\system32\wlanmsm.dll
2013-09-29 10:53 . 2013-09-29 10:53    502272    ----a-w-    c:\windows\system32\wlansvc.dll
2013-09-29 10:53 . 2013-09-29 10:53    297984    ----a-w-    c:\windows\system32\wlansec.dll
2013-09-29 10:52 . 2013-09-29 10:52    2048    ----a-w-    c:\windows\system32\msxml3r.dll
2013-09-29 10:52 . 2013-09-29 10:52    1260032    ----a-w-    c:\windows\system32\msxml3.dll
2013-09-29 10:52 . 2013-09-29 10:52    2048    ----a-w-    c:\windows\system32\msxml6r.dll
2013-09-29 10:52 . 2013-09-29 10:52    1406464    ----a-w-    c:\windows\system32\msxml6.dll
2013-09-29 10:51 . 2013-09-29 10:51    216576    ----a-w-    c:\windows\system32\msv1_0.dll
2013-09-29 10:50 . 2013-09-29 10:50    211968    ----a-w-    c:\windows\system32\drivers\mrxsmb10.sys
2013-09-29 10:50 . 2013-09-29 10:50    58368    ----a-w-    c:\windows\system32\drivers\mrxsmb20.sys
2013-09-29 10:50 . 2013-09-29 10:50    102400    ----a-w-    c:\windows\system32\drivers\mrxsmb.sys
2013-09-29 10:49 . 2013-09-29 10:49    2855424    ----a-w-    c:\windows\system32\mf.dll
2013-09-29 10:49 . 2013-09-29 10:49    98816    ----a-w-    c:\windows\system32\mfps.dll
2013-09-29 10:49 . 2013-09-29 10:49    52736    ----a-w-    c:\windows\system32\rrinstaller.exe
2013-09-29 10:49 . 2013-09-29 10:49    2048    ----a-w-    c:\windows\system32\mferror.dll
2013-09-29 10:49 . 2013-09-29 10:49    24576    ----a-w-    c:\windows\system32\mfpmp.exe
2013-09-29 10:48 . 2013-09-29 10:48    3502480    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-09-29 10:48 . 2013-09-29 10:48    3468168    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-09-29 10:46 . 2013-09-29 10:46    434176    ----a-w-    c:\windows\system32\vbscript.dll
2013-09-29 10:45 . 2013-09-29 10:45    71680    ----a-w-    c:\windows\system32\atl.dll
2013-09-29 10:45 . 2013-09-29 10:45    297472    ----a-w-    c:\windows\system32\gdi32.dll
2013-09-29 10:44 . 2013-09-29 10:44    1060920    ----a-w-    c:\windows\system32\drivers\ntfs.sys
2013-09-29 10:44 . 2013-09-29 10:44    41984    ----a-w-    c:\windows\system32\drivers\monitor.sys
2013-09-29 10:42 . 2013-09-29 10:42    500736    ----a-w-    c:\windows\system32\msdtcprx.dll
2013-09-29 10:42 . 2013-09-29 10:42    30208    ----a-w-    c:\windows\system32\xolehlp.dll
2013-09-29 10:41 . 2013-09-29 10:41    156160    ----a-w-    c:\windows\system32\wkssvc.dll
2013-09-29 10:41 . 2013-09-29 10:41    116736    ----a-w-    c:\windows\system32\aaclient.dll
2013-09-29 10:40 . 2013-09-29 10:40    36352    ----a-w-    c:\windows\system32\tsgqec.dll
2013-09-29 10:40 . 2013-09-29 10:40    1871872    ----a-w-    c:\windows\system32\mstscax.dll
2013-09-29 10:40 . 2013-09-29 10:40    303616    ----a-w-    c:\windows\system32\wmpeffects.dll
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-09 06:34 . 2013-09-16 12:57    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-09 06:34 . 2013-09-16 12:57    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-09-30 16:53 . 2013-09-30 16:53    36864    ----a-w-    c:\windows\system32\drivers\en-US\http.sys.mui
2013-09-29 11:03 . 2013-09-29 11:03    52736    ----a-w-    c:\windows\apppatch\iebrshim.dll
2013-09-29 10:20 . 2013-09-29 10:20    5632    ----a-w-    c:\windows\system32\drivers\en-US\sermouse.sys.mui
2013-09-29 10:20 . 2013-09-29 10:20    4608    ----a-w-    c:\windows\system32\drivers\en-US\mouclass.sys.mui
2013-09-29 10:20 . 2013-09-29 10:20    3072    ----a-w-    c:\windows\system32\drivers\en-US\mouhid.sys.mui
2013-09-29 10:20 . 2013-09-29 10:20    10752    ----a-w-    c:\windows\system32\drivers\en-US\i8042prt.sys.mui
2013-09-29 10:20 . 2013-09-29 10:20    4608    ----a-w-    c:\windows\system32\drivers\en-US\kbdclass.sys.mui
2013-09-29 10:20 . 2013-09-29 10:20    3072    ----a-w-    c:\windows\system32\drivers\en-US\kbdhid.sys.mui
2013-09-29 10:13 . 2013-09-29 10:13    40960    ----a-w-    c:\windows\apppatch\apihex86.dll
2013-09-29 10:05 . 2013-09-29 10:05    2560    ----a-w-    c:\windows\apppatch\AcRes.dll
2013-09-29 10:05 . 2013-09-29 10:05    2143744    ----a-w-    c:\windows\apppatch\AcGenral.dll
2013-09-29 10:05 . 2013-09-29 10:05    449024    ----a-w-    c:\windows\apppatch\AcSpecfc.dll
2013-09-29 10:05 . 2013-09-29 10:05    537600    ----a-w-    c:\windows\apppatch\AcLayers.dll
2013-09-29 10:05 . 2013-09-29 10:05    173056    ----a-w-    c:\windows\apppatch\AcXtrnal.dll
2013-09-16 13:14 . 2013-09-16 13:14    171520    ----a-w-    c:\windows\system32\wintrust.dll
2013-09-16 13:13 . 2013-09-16 13:13    97792    ----a-w-    c:\windows\system32\cabview.dll
2013-08-30 07:47 . 2013-09-16 12:29    229648    ----a-w-    c:\windows\system32\aswBoot.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07    21904    ----a-w-    c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2013-09-29 1232896]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2013-09-18 3665488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-20 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-20 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-20 137752]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-08 4423680]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-09-19 311296]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-10-31 748072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-15 04:05    98304    ----a-w-    c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-11 10:06    40048    ----a-w-    c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
S2 Ad-Aware Service;Ad-Aware Service;c:\program files\Ad-Aware Antivirus\AdAwareService.exe [2013-06-12 1236336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs    REG_MULTI_SZ       BthServ
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-21 12:19    1185744    ----a-w-    c:\program files\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-16 06:34]
.
2013-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-09-14 23:44]
.
2013-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-09-14 23:44]
.
2013-10-21 c:\windows\Tasks\Wise Turbo Checker.job
- c:\program files\Wise\Wise Care 365\WiseTurbo.exe [2013-09-30 04:46]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://us.yahoo.com?fr=fp-comodo
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{376B6E5A-B242-4B6B-B66E-2B2989885DF4}: NameServer = 156.154.70.22,156.154.71.22
FF - ProfilePath - c:\users\saya kaya berjaya\AppData\Roaming\Mozilla\Firefox\Profiles\trcwr0bq.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.my/
FF - prefs.js: keyword.URL - hxxp://us.search.yahoo.com/search?fr=ytff-comodo&p=
FF - ExtSQL: 2013-09-16 20:49; mozilla_cc@internetdownloadmanager.com; c:\users\saya kaya berjaya\AppData\Roaming\Mozilla\Firefox\Profiles\trcwr0bq.default\extensions\mozilla_cc@internetdownloadmanager.com
FF - ExtSQL: 2013-10-10 18:01; jid0-oaigUQGA2ZRxwuE73QtybFDjBSo@jetpack; c:\users\saya kaya berjaya\AppData\Roaming\Mozilla\Firefox\Profiles\trcwr0bq.default\extensions\jid0-oaigUQGA2ZRxwuE73QtybFDjBSo@jetpack.xpi
FF - ExtSQL: 2013-10-21 16:01; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2013-09-30 22:59; mozilla_cc@internetdownloadmanager.com; c:\users\saya kaya berjaya\AppData\Roaming\IDM\idmmzcc5
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-10-22 20:28
Windows 6.0.6000  NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-10-22  20:30:57
ComboFix-quarantined-files.txt  2013-10-22 12:30
ComboFix2.txt  2013-10-10 12:38
ComboFix3.txt  2013-10-10 07:27
.
Pre-Run: 120,115,089,408 bytes free
Post-Run: 120,096,374,784 bytes free
.
- - End Of File - - 6D0CEDC12A2480D3C1B691174186EB9C
5C616939100B85E558DA92B899A0FC36
 


 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:53 PM

Posted 22 October 2013 - 09:56 AM

FF - ExtSQL: 2013-10-10 18:01; jid0-oaigUQGA2ZRxwuE73QtybFDjBSo@jetpack; c:\users\saya kaya berjaya\AppData\Roaming\Mozilla\Firefox\Profiles\trcwr0bq.default\extensions\jid0-oaigUQGA2ZRxwuE73QtybFDjBSo@jetpack.xpi


This is identified as You Google Bar not YOUR Google Bar.
Did you installed this?
If affermative, can you give me a link/URL so that I can investigate further.
===

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please let me know if the problem persists.

Edited by nasdaq, 22 October 2013 - 09:56 AM.


#5 drsakura

drsakura
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:53 AM

Posted 23 October 2013 - 04:06 AM

Quote

FF - ExtSQL: 2013-10-10 18:01; jid0-oaigUQGA2ZRxwuE73QtybFDjBSo@jetpack; c:\users\saya kaya berjaya\AppData\Roaming\Mozilla\Firefox\Profiles\trcwr0bq.default\extensions\jid0-oaigUQGA2ZRxwuE73QtybFDjBSo@jetpack.xpi

 

im not sure about that. but, i install you google bar....n i check on mozilwla extension.....you googlwe bar 0.1.3.1...

yesterdway n 2day, da problem still persists.....

 

 Results of screen317's Security Check version 0.99.74  
 Windows Vista  x86 (UAC is enabled)  
 Out of date service pack!!
 Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Ad-Aware
 Duplicate Cleaner 2.0   
 Adobe Flash Player 9 Flash Player out of Date!
 Adobe Flash Player     11.9.900.117  
 Adobe Reader 8 Adobe Reader out of Date!
 Mozilla Firefox (24.0)
 Google Chrome 30.0.1599.101  
 Google Chrome 30.0.1599.69  
````````Process Check: objlist.exe by Laurent````````  
 Ad-Aware AAWService.exe is disabled!
 Ad-Aware AAWTray.exe is disabled!
 Ad-Aware Antivirus AdAwareService.exe   
 Ad-Aware Antivirus SBAMSvc.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 5 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

w



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:53 PM

Posted 23 October 2013 - 09:51 AM

FF - ExtSQL: 2013-10-10 18:01; jid0-oaigUQGA2ZRxwuE73QtybFDjBSo@jetpack; c:\users\saya kaya berjaya\AppData\Roaming\Mozilla\Firefox\Profiles\trcwr0bq.default\extensions\jid0-oaigUQGA2ZRxwuE73QtybFDjBSo@jetpack.xpi

im not sure about that. but, i install you google bar....n i check on mozilwla extension.....you googlwe bar 0.1.3.1...
yesterdway n 2day, da problem still persists.....


OK thank you it should be safe.
===

Important security issue

http://support.microsoft.com/lifecycle/search/?sort=PN&alpha=WINDOWS+vista
Support for Windows Vista without any service packs has ended on April 13, 2010.
Windows Vista Service Pack 1 support ended on 12/07/2011

For continued security support from Microsoft get the Service Pack 2.
http://support.microsoft.com/kb/935791

As indicated on the Microsoft page SP1 must be installed before proceeding to install SP2.
You will find the necessary link on the page.
===

Using the Add/Remove programs delete this old version of Flash
Adobe Flash Player 9 Flash Player out of Date!
===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
Adobe Reader 8 Adobe Reader out of Date!
<<<>>>

I do not think that the problem with the "W" key is caused by malware.

There could be some dust under the plastic key. If you can try to blow it out with a Vacuum cleaner.
If that fails you can purchase a can of "Air" from a Computer center. Air comes out at a high pressure. If the problem is caused by dust or a small peace of pager you may be able to remove it.

#7 drsakura

drsakura
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:53 AM

Posted 10 November 2013 - 12:40 AM

i already install what u told me....thanx 4 helping me....i think da problem is already fixed...since, no more wwww appear....but, i just want 2 ask something.... i create folder in my destop name sakura, but in that folder sometime got new folder name sakura also....it is virus????do i need to do anything or just move it to recycle bin????i think i already delete a few times...is it my antivirus can protect my laptop or i should buy another antivirus????sory 4 reply late since i outstation....



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:53 PM

Posted 10 November 2013 - 09:00 AM

Let me have a look at this folder.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe
  • to run it.
  • Copy and paste the content
  • of the following bold text into the main textfield:
    :filefind
    sakura.*

    :folderfind
    sakura
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.[/*
  • Note: The log can also be found on your Desktop entitled SystemLook.txt.


#9 drsakura

drsakura
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:53 AM

Posted 15 November 2013 - 01:25 AM

my folder name that keep appear is not sakura but dr_heart...so i type like this....it is right???

 

:filefind
dr_heart.*

:folderfind
dr_heart

 

SystemLook 30.07.11 by jpshortstuff
Log created at 14:21 on 15/11/2013 by saya kaya berjaya
Administrator - Elevation successful

========== filefind ==========

Searching for "dr_heart.*"
C:\Users\saya kaya berjaya\AppData\Roaming\Microsoft\Office\Recent\dr_heart.LNK    --a---- 416 bytes    [10:03 23/10/2013]    [09:00 08/11/2013] C881B8BC6D52215EECAA612ED1BF00EA
C:\Users\saya kaya berjaya\AppData\Roaming\Microsoft\Windows\Recent\dr_heart.lnk    --a---- 416 bytes    [12:01 10/10/2013]    [10:57 08/11/2013] 459B3F427DADC65AECB8B35B449227A4

========== folderfind ==========

Searching for "dr_heart"
C:\Users\saya kaya berjaya\Desktop\dr_heart    dr-----    [12:57 16/09/2013]

-= EOF =-



#10 drsakura

drsakura
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:53 AM

Posted 15 November 2013 - 01:27 AM

i dont understant the content of log....but, im just delete a folder name dr_heart in dr_heart's folder itself yesterday....



#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:53 PM

Posted 15 November 2013 - 08:45 AM

Delete these two files in Bold.

C:\Users\saya kaya berjaya\AppData\Roaming\Microsoft\Office\Recent\dr_heart.LNK
C:\Users\saya kaya berjaya\AppData\Roaming\Microsoft\Windows\Recent\dr_heart.lnk

Restart the computer normally.

How is it now?

#12 drsakura

drsakura
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:53 AM

Posted 15 November 2013 - 11:53 AM

sorry, but i not found the folder that u said....i found dr_heart folder but the shortcut in the destop....it is that file or another file....im not sure...so, i not delete yet bcoz i afraid that my folder in destop will be deleted....



#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:53 PM

Posted 15 November 2013 - 02:29 PM

Delete the folder on the Desktop.

Keep it in your recycle bin.

Restart the computer normally.

Keep me posted.

#14 drsakura

drsakura
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:53 AM

Posted 15 November 2013 - 09:25 PM

after i restart, cn i restore back????



#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:53 PM

Posted 16 November 2013 - 08:12 AM

Run this Script.

Open notepad and copy/paste the text in the quote box below into it:
 
File::
c:\windows\Tasks\Wise Turbo Checker.job
c:\users\saya kaya berjaya\appdata\roaming\mozilla\firefox\profiles\trcwr0bq.default\extensions\jid0-oaigUQGA2ZRxwuE73QtybFDjBSo@jetpack.xpi
C:\Users\saya kaya berjaya\AppData\Roaming\Microsoft\Office\Recent\dr_heart.LNK
C:\Users\saya kaya berjaya\AppData\Roaming\Microsoft\Windows\Recent\dr_heart.lnk

Folder::
c:\users\saya kaya berjaya\AppData\Roaming\Wise Care 365
c:\program files\Wise
Save this as CFScript.txt on your desktop.

CFScriptB-4.gif

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

===

Keep me posted.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users