Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

startqone8.exe infection in my IExplorer browser


  • This topic is locked This topic is locked
15 replies to this topic

#1 Sjaco

Sjaco

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 07 November 2013 - 07:11 AM

 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16720  BrowserJavaVersion: 10.45.2
Run by Sjaak Reuvers at 13:48:29 on 2013-11-05
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.31.1043.18.4094.2362 [GMT 1:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\WinService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TC2Service.exe
C:\Program Files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexTray.exe
C:\Windows\System32\TC2Tray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files (x86)\NETGEAR\WG111v2 Configuration Utility\WG111v2.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\Users\SJAAKR~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
StartupFolder: C:\Users\SJAAKR~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WG111v2\WG111v2.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WG111V~1.LNK - C:\Program Files (x86)\NETGEAR\WG111v2 Configuration Utility\WG111v2.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{DE86C7D1-9CEE-4DEB-BAAC-308387AC5057} : DHCPNameServer = 212.54.40.25 212.54.35.25
TCP: Interfaces\{DF8A4488-EC1D-40E8-9835-9154EC9158B2} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{DF8A4488-EC1D-40E8-9835-9154EC9158B2}\A5967676F6430383830323 : DHCPNameServer = 192.168.1.1
AppInit_DLLs=  
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://start.qone8.com/?type=hp&ts=1382827500&from=amt&uid=WDCXWD7501AALS-00E8B0_WD-WMATV176235662356
x64-mDefault_Page_URL = hxxp://start.qone8.com/?type=hp&ts=1382827500&from=amt&uid=WDCXWD7501AALS-00E8B0_WD-WMATV176235662356
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [tpcexTray] "C:\Program Files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexTray.exe"
x64-Run: [TC2Tray] "C:\Windows\System32\TC2Tray.exe"
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 bftpdskc;BUFFALO TurboPC EX Cache Filter Driver;C:\Windows\System32\drivers\bftpdskc64.sys [2013-3-26 72016]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]
R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\System32\drivers\SCMNdisP.sys [2013-10-5 25312]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-3-30 28600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-11-16 238080]
R2 AntiVirSchedulerService;Avira Planner;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-3-26 84024]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-3-26 108088]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-3-30 105344]
R2 SCM_Service;SCM_Service;C:\Windows\SysWOW64\WinService.exe [2013-10-5 186848]
R2 TC2Service;TurboPC EX FileCopy Service;C:\Windows\System32\TC2Service.exe -Service_Execute --> C:\Windows\System32\TC2Service.exe -Service_Execute [?]
R2 tpcexdccs;TurboPC EX DiskCache Control Service;C:\Program Files (x86)\BUFFALO\TurboPC_EX\DiskCache\tpcexService.exe [2013-3-26 134216]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-2-23 95760]
R3 bftpusbx;BUFFALO TurboPC EX USB Filter Driver;C:\Windows\System32\drivers\bftpusbx64.sys [2013-3-26 20608]
R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;C:\Windows\System32\drivers\netr7364.sys [2011-10-5 729152]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-1 187392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-8 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 139616]
S3 NisSrv;Microsoft Netwerkinspectie;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-8-12 366600]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-10-10 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-10-10 57856]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-3-26 1255736]
.
=============== Created Last 30 ================
.
2013-11-05 12:38:46 10280728 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E424A0A1-8EE2-45B3-9050-F3496633BB22}\mpengine.dll
2013-11-04 10:48:30 10280728 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-11-01 13:47:43 -------- d-----w- C:\Program Files (x86)\Silabs
2013-11-01 13:47:33 -------- d-----w- C:\Windows\SysWow64\Silabs
2013-11-01 13:47:26 -------- d-----w- C:\Program Files (x86)\ETI Ltd
2013-10-31 16:55:11 -------- d-----w- C:\ProgramData\Trymedia
2013-10-31 10:27:45 -------- d-sh--w- C:\$RECYCLE.BIN
2013-10-31 10:26:10 -------- d-----w- C:\Users\Sjaak Reuvers\AppData\Local\Temp
2013-10-31 10:12:38 -------- d-----w- C:\zoek_backup
2013-10-28 12:01:39 -------- d-----w- C:\ProgramData\Steam
2013-10-28 12:00:30 -------- d-----w- C:\ProgramData\Bohemia Interactive
2013-10-28 11:58:59 469264 ----a-w- C:\Windows\System32\d3dx10.dll
2013-10-28 11:35:32 -------- d-----w- C:\Program Files (x86)\ARMA 3
2013-10-27 15:19:20 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2013-10-27 15:19:18 -------- d-----w- C:\Program Files (x86)\Steam
2013-10-22 15:59:40 -------- d-----w- C:\Windows\SysWow64\SearchProtect
2013-10-17 12:41:26 -------- d-----w- C:\ProgramData\Oracle
2013-10-17 12:41:17 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-10 11:39:50 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
2013-10-10 11:39:50 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-10-10 11:39:50 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-10-10 11:39:50 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-10-10 11:39:50 1448448 ----a-w- C:\Windows\System32\lsasrv.dll
2013-10-10 11:39:49 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-10-10 11:39:49 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-10-10 11:39:48 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2013-10-10 11:39:48 366592 ----a-w- C:\Windows\System32\qdvd.dll
2013-10-10 11:15:34 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-10-10 11:15:34 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-10-10 11:15:34 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-10-10 11:15:34 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-10-10 11:15:34 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-10-10 11:15:34 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-10-10 11:15:34 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-10-10 09:54:23 633856 ----a-w- C:\Windows\System32\comctl32.dll
2013-10-10 09:53:50 81920 ----a-w- C:\Windows\SysWow64\davclnt.dll
2013-10-10 09:53:50 259584 ----a-w- C:\Windows\System32\WebClnt.dll
2013-10-10 09:53:50 205824 ----a-w- C:\Windows\SysWow64\WebClnt.dll
2013-10-10 09:53:50 140800 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
2013-10-10 09:53:50 102400 ----a-w- C:\Windows\System32\davclnt.dll
2013-10-10 09:53:40 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-10-10 09:53:40 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-10-10 09:53:40 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-10-10 09:53:40 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-10-10 09:52:37 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-10-10 09:52:00 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-10-10 09:49:32 124112 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 09:49:32 102608 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 09:49:01 983488 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-10-10 09:48:39 461312 ----a-w- C:\Windows\System32\scavengeui.dll
2013-10-06 22:30:16 40960 ----a-r- C:\Users\Sjaak Reuvers\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2013-10-06 22:30:16 40960 ----a-r- C:\Users\Sjaak Reuvers\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2013-10-06 22:30:14 -------- d-----w- C:\Program Files (x86)\Project64 1.6
.
==================== Find3M  ====================
.
2013-10-09 06:44:33 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-09 06:44:33 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-22 23:28:06 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-09-22 23:27:49 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-09-22 23:27:48 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-09-22 23:27:48 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-09-22 22:55:10 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-09-22 22:54:51 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2013-09-22 22:54:50 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-09-22 22:54:50 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-09-21 03:38:39 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-09-21 03:30:24 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-09-21 02:48:36 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-09-21 02:39:47 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-09-10 10:45:23 81112 ----a-w- C:\Windows\System32\drivers\avnetflt.sys
2013-09-10 10:45:23 105344 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll
2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll
2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe
.
============= FINISH: 13:49:07,83 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate 
Boot Device: \Device\HarddiskVolume1
Install Date: 26-3-2013 13:30:22
System Uptime: 5-11-2013 13:27:42 (0 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. |  | P43-ES3G
Processor: Intel® Core™2 Duo CPU     E8400  @ 3.00GHz | Socket 775 | 3000/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 98 GiB total, 23,45 GiB free.
D: is FIXED (NTFS) - 601 GiB total, 584,969 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 932 GiB total, 475,099 GiB free.
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP163: 1-11-2013 14:47:17 - ThermaData Logger
RP164: 1-11-2013 14:54:47 - ThermaData Logger
RP165: 3-11-2013 8:45:53 - Windows Update
RP166: 3-11-2013 19:00:20 - Windows Back-up
.
==== Installed Programs ======================
.
«The Sims 3 Deluxe Edition» (build 8.1)
10 Talismans
64 Bit HP CIO Components Installer
7-Zip 9.20
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.1
Adobe Shockwave Player 12.0
AIO_Scan
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
ARMA 3
µTorrent
Avira Free Antivirus
Big City Adventure - New York City Deluxe
Big City Adventure - San Francisco
Big City Adventure - Vancouver Deluxe
Big City Adventure™ - Sydney
BrowserProtect
BUFFALO TurboPC EX Series
BufferChm
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Copy
Counter-Strike: Global Offensive
Cradle of Rome
Destinations
DeviceDiscovery
DJ_AIO_ProductContext
DJ_AIO_Software
DJ_AIO_Software_min
Eusing Free Registry Cleaner
F2100
F2100_Help
Free YouTube Downloader 3.5.136
Garrys Mod version 13.05.29
Google Chrome
Google Earth Plug-in
Google Update Helper
GPBaseService2
GTA San Andreas
HP Customer Participation Program 13.0
HP Deskjet All-In-One Driver Software 13.0 Rel. 1
HP Imaging Device Functions 13.0
HP Photosmart Essential 3.5
HP Smart Web Printing 4.51
HP Solution Center 13.0
HP Update
HPDiagnosticAlert
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
Java 7 Update 45
Java Auto Updater
Magic ISO Maker v5.5 (build 0281)
MagicDisc 2.7.106
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4.5
Microsoft .NET Framework 4.5 NLD Language Pack
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
MIDI-OX
Minecraft1.6.4
Mortal Kombat Komplete Edition
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter
NETGEAR WG111v2 wireless USB 2.0 adapter
OpenOffice.org 3.4.1
Project64 1.6
PSP ISO Compressor
RCT3 Soaked
RollerCoaster Tycoon® 3
Scan
Security Update for Microsoft .NET Framework 4.5 (KB2737083)
Security Update for Microsoft .NET Framework 4.5 (KB2742613)
Security Update for Microsoft .NET Framework 4.5 (KB2789648)
Security Update for Microsoft .NET Framework 4.5 (KB2804582)
Security Update for Microsoft .NET Framework 4.5 (KB2833957)
Security Update for Microsoft .NET Framework 4.5 (KB2840642)
Security Update for Microsoft .NET Framework 4.5 (KB2840642v2)
Security Update for Microsoft .NET Framework 4.5 (KB2861208)
SmartWebPrinting
SolutionCenter
Status
Steam
swMSM
Taalpakket voor Microsoft .NET Framework 4.5 - NLD
The Sims™ 3
The Sims™ 3 ? ????????
The Sims™ 3 ???-??????
The Sims™ 3 ??? ????????
The Sims™ 3 ??? ???????????
The Sims™ 3 ????? ?? ??????? ???????
The Sims™ 3 ???????
The Sims™ 3 ??????? ????
The Sims™ 3 ???????? 70-?, 80-?, 90-? ???????
The Sims™ 3 ????????? ????? ???????
The Sims™ 3 ?????????? ????? ???????
The Sims™ 3 ?????????? ??????? ???????
The Sims™ 3 ??????????? ??????? ???????
The Sims™ 3 ???????????? ?????
The Sims™ 3 ??????????????????
The Sims™ 3 Diesel ???????
The Sims™ 3 Katy Perry ??????? ???????
Toolbox
TrayApp
Tunatic
UnloadSupport
Update for Microsoft .NET Framework 4.5 (KB2750147)
Update for Microsoft .NET Framework 4.5 (KB2805221)
Update for Microsoft .NET Framework 4.5 (KB2805226)
VLC media player 2.0.6
WebReg
Windows Driver Package - Silicon Laboratories (silabenm) Ports  (12/10/2012 6.6.1.0)
WinRAR 4.20 (32-bit)
.
==== End Of File ===========================

 



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:25 PM

Posted 07 November 2013 - 07:46 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.
  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 Sjaco

Sjaco
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 07 November 2013 - 08:02 PM

Hello Marius,

 

I did the uncheck of IAT/EAT before the scan after 2 minuts my screen went black

en then it went blue. The system restarted it self and asked wich systemboot and

I used normal safetymode to bootup then Windows 7 asked me to report a file they

have created in Minidump about the bluescreen issue, I have no permission to open

that file.



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:25 PM

Posted 08 November 2013 - 02:32 AM

Retry Gmer, if it fails again, skip it and do the following instead:

 

 

 

Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.

  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).

 

 

 

 

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.exe and save it to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please post the contents of that log in your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 Sjaco

Sjaco
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 08 November 2013 - 06:59 AM

I have 2 logfiles, the Gmer made a logfile of the first scan. The second scan was good I made a logfile of that one too.

 

 
 
 

Attached Files

  • Attached File  ask.txt   2.27KB   2 downloads
  • Attached File  ask2.txt   5.68KB   0 downloads


#6 Sjaco

Sjaco
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 08 November 2013 - 07:00 AM

BTW I have a Dutch OS.



#7 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:25 PM

Posted 08 November 2013 - 07:46 AM

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also

 

 

 

 

Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#8 Sjaco

Sjaco
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 08 November 2013 - 04:20 PM

I have tried first to copy adwcleaner.exe to my desktop but Avira said,

it is trojan TR/Dropper.gen,I did not used it, I did the the JRT scan, 

are the files.



#9 Sjaco

Sjaco
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 08 November 2013 - 04:30 PM

Attached File  JRT.txt   4.28KB   2 downloads



#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:25 PM

Posted 11 November 2013 - 03:13 AM

ADWCleaner is safe - please deactivate Avira for the scan and post the log.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 Sjaco

Sjaco
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 11 November 2013 - 05:47 AM

Attached File  AdwCleanerR0.txt   2.1KB   1 downloadsAttached File  AdwCleanerS0.txt   1.99KB   2 downloads


Keep fingers crossed



#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:25 PM

Posted 11 November 2013 - 05:48 AM

Fine! :)

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 Sjaco

Sjaco
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 11 November 2013 - 07:51 AM

Attached File  log.txt   10.38KB   1 downloads



#14 Sjaco

Sjaco
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:25 AM

Posted 11 November 2013 - 07:53 AM

O.K Marius,

 

let´s go and carrie on!



#15 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:25 PM

Posted 11 November 2013 - 08:13 AM

Your logs show obvious signs of having cracked software on your system. This is the main reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk.

Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.

Additionally, cracked programs are illegal. Referring to the Forum Rules which you should have read at the time of Registering at this forum, this forum does not support illegal activity. As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if the cracked (illegal) software is still present on the machine

Having said that we can help you clean your machine this time BUT this would be a ONCE ONLY offer on the understanding that all cracks are removed. This would apply not only here but at many other Malware Support forums if you were to appear again with cracks onboard, as many of us analysts work at multiple support sites. Please remove all cracked software and illegally obtained copyrighted material you have on the system so we may continue with the clean up.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users