Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

New malware removal request (re: Win Live mail won't open et al)


  • This topic is locked This topic is locked
75 replies to this topic

#1 Konadan

Konadan

  • Members
  • 261 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 09 December 2013 - 02:25 PM

Please see

"Windows Live mail won't open - Win 7 64 bits" topic for details.

 

 

I uninstalled Avira anti-virus and Malwarebytes (it wouldn't open, anyway), in safe mode. Now, I am able to go to my Firefox home page. But all my other problems are still there.  ESET still stops half-way through the scan (it has identified 12 threats that are still there), and F-secure doesn't open.  

 

Windows IE doesn't open.

 

I sometimes get "Windows Explorer has stopped working" and sometimes programs don't open.

 

All my problems started after I installed Baidu anti-virus. So, I tried to uninstall it, but couldn't find in "Uninstall or change a program." Do you know how to uninstall it? I believe we need to uninstall Baidu before we go to the next steps.

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.25.2
Run by Danny at 11:05:23 on 2013-12-09
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6131.3790 [GMT -8:00]
.
AV: Baidu Antivirus *Enabled/Updated* {10616E6C-0E20-8594-D377-A7D03F6128A6}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Baidu Antivirus *Enabled/Updated* {AB008F88-281A-8A1A-E9C7-9CA244E6621B}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BAVSvc.exe
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Future Systems Solutions\Services\CASPERABSVC.EXE
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\bavhm.exe
C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Dual Monitor\DualMonitor.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavTray.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Bav.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Bar = Preserve
uSearch Page = hxxp://www.google.com
mStart Page = about:blank
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [dualmonitor] C:\Program Files (x86)\Dual Monitor\DualMonitor.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Baidu Antivirus] "C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavTray.exe" -auto
uPolicies-Explorer: NoDriveTypeAutoRun = dword:189
mPolicies-Explorer: NoDriveTypeAutoRun = dword:189
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001025-0002-0025-ABCDEFFEDCBC} - <orphaned>
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.5.1
TCP: Interfaces\{4E0CFC77-09F4-430D-A558-710C1914C493} : DHCPNameServer = 192.168.5.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\tgue0r2r.default-1384505792888\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\browser\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Danny\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-11-15 22:18; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\tgue0r2r.default-1384505792888\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-11-15 22:24; artur.dubovoy@gmail.com; C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\tgue0r2r.default-1384505792888\extensions\artur.dubovoy@gmail.com.xpi
FF - ExtSQL: 2013-11-28 12:11; {95ab36d4-fb6f-47b0-8b8d-e5f3bd547953}; C:\Users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\tgue0r2r.default-1384505792888\extensions\{95ab36d4-fb6f-47b0-8b8d-e5f3bd547953}.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2013-3-31 82600]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2013-3-31 42664]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-3-28 28600]
R1 Bfilter;Baidu Antivirus Minifilter Driver;C:\Windows\System32\drivers\Bfilter.sys [2013-11-12 50496]
R1 Bfmon;Baidu FS Monitor Driver;C:\Windows\System32\drivers\Bfmon.sys [2013-11-12 32576]
R1 Bprotect;Baidu Protect;C:\Windows\System32\drivers\Bprotect.sys [2013-11-12 109408]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-7-18 140672]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-9-19 204288]
R2 BAVSvc;Baidu Antivirus Service;C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BAVSvc.exe [2013-11-19 1840976]
R2 BHipsSvc;Baidu Hips Service;C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe [2013-11-19 451736]
R2 casperhpb;Casper SmartSense;C:\Program Files\Common Files\Future Systems Solutions\Services\CASPERABSVC.EXE [2012-11-28 422192]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672]
R2 RosettaStoneDaemon;RosettaStoneDaemon;C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe [2012-6-19 1646608]
R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.SYS [2011-3-13 11576]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]
R3 CompFilter64;UVCCompositeFilter;C:\Windows\System32\drivers\lvbflt64.sys [2012-1-18 25632]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
R3 LVUVC64;Logitech HD Pro Webcam C910(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
R3 rcmirror;rcmirror;C:\Windows\System32\drivers\rcmirror.sys [2010-1-18 4608]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-5-16 533096]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-9-19 47232]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-11-12 111616]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2011-12-4 31800]
S3 rspMMFS;rspMMFS;C:\Windows\System32\drivers\rspmmfs64.sys [2013-8-31 19512]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-2-13 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-5 1255736]
S4 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S4 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2012-7-6 109352]
S4 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-9-19 1128952]
S4 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
S4 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
S4 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-12-08 17:27:30    --------    d-----w-    C:\Program Files (x86)\VS Revo Group
2013-12-06 07:44:49    10285968    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{523CCA23-EFF6-4525-A798-2B0890B2B44A}\mpengine.dll
2013-12-06 06:51:51    --------    d-----w-    C:\Program Files (x86)\ESET
2013-12-06 06:43:38    --------    d-----w-    C:\ProgramData\Baidu
2013-12-06 04:17:31    --------    d-----w-    C:\Windows\ERUNT
2013-12-06 00:42:14    --------    d-----w-    C:\AdwCleaner
2013-11-28 19:24:50    --------    d-----w-    C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-28 19:24:49    116440    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2013-11-13 08:31:58    1474048    ----a-w-    C:\Windows\System32\crypt32.dll
2013-11-13 06:50:17    50496    ----a-w-    C:\Windows\System32\drivers\Bfilter.sys
2013-11-13 06:50:17    32576    ----a-w-    C:\Windows\System32\drivers\Bfmon.sys
2013-11-13 06:50:17    109408    ----a-w-    C:\Windows\System32\drivers\Bprotect.sys
2013-11-13 06:19:29    --------    d-----w-    C:\Users\Danny\AppData\Roaming\Baidu Security
2013-11-13 06:19:25    --------    d-----w-    C:\ProgramData\Log
2013-11-13 06:17:53    --------    d-----w-    C:\ProgramData\Baidu Security
2013-11-13 06:17:53    --------    d-----w-    C:\Program Files (x86)\Baidu Security
2013-11-09 21:38:10    138152    ----a-w-    C:\Windows\SysWow64\drivers\AnyDVD.sys
2013-11-09 21:38:10    138152    ----a-w-    C:\Windows\System32\drivers\AnyDVD.sys
.
==================== Find3M  ====================
.
2013-12-03 10:03:58    107416    ----a-w-    C:\Windows\System32\drivers\avgntflt.sys
2013-11-19 15:07:47    83160    ----a-w-    C:\Windows\System32\drivers\avnetflt.sys
2013-11-19 15:07:47    28600    ----a-w-    C:\Windows\System32\drivers\avkmgr.sys
2013-11-11 13:50:16    267936    ------w-    C:\Windows\System32\MpSigStub.exe
2013-10-22 12:25:04    170344    ----a-w-    C:\ProgramData\FileSplitUpLoad.dll
2013-10-18 03:52:10    108968    ----a-w-    C:\Windows\System32\WindowsAccessBridge-64.dll
2013-10-14 16:50:39    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-14 16:50:39    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-10-12 02:30:42    830464    ----a-w-    C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21    859648    ----a-w-    C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08    324096    ----a-w-    C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:03:08    656896    ----a-w-    C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25    216576    ----a-w-    C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-05 19:57:25    1168384    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-10-04 02:28:31    190464    ----a-w-    C:\Windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17    197120    ----a-w-    C:\Windows\System32\credui.dll
2013-10-04 02:24:49    1930752    ----a-w-    C:\Windows\System32\authui.dll
2013-10-04 01:58:50    152576    ----a-w-    C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25    168960    ----a-w-    C:\Windows\SysWow64\credui.dll
2013-10-04 01:56:00    1796096    ----a-w-    C:\Windows\SysWow64\authui.dll
2013-10-03 02:23:48    404480    ----a-w-    C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44    311808    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2013-09-30 23:38:16    97176    ----a-w-    C:\Windows\SysWow64\ElbyCDIO.dll
2013-09-28 01:09:10    497152    ----a-w-    C:\Windows\System32\drivers\afd.sys
2013-09-25 02:26:40    95680    ----a-w-    C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40    154560    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33    28672    ----a-w-    C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33    135680    ----a-w-    C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01    28160    ----a-w-    C:\Windows\System32\secur32.dll
2013-09-25 02:22:59    340992    ----a-w-    C:\Windows\System32\schannel.dll
2013-09-25 02:21:50    307200    ----a-w-    C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07    1447936    ----a-w-    C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24    247808    ----a-w-    C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42    220160    ----a-w-    C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24    30720    ----a-w-    C:\Windows\System32\lsass.exe
.
============= FINISH: 11:05:40.51 ===============

Attached File  attach.txt   14.92KB   4 downloadsAttached File  attach.txt   14.92KB   4 downloads


Edited by Konadan, 09 December 2013 - 07:01 PM.


BC AdBot (Login to Remove)

 


#2 polskamachina

polskamachina

  • Malware Response Team
  • 3,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:05 PM

Posted 13 December 2013 - 02:34 PM

Hi Konadan :)

 

I will be handling your computer issues to help you get up and running again. Please give me some time to look over your situation and I will get back to you as soon as possible.

Thanks for your patience.

polskamachina



#3 Konadan

Konadan
  • Topic Starter

  • Members
  • 261 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 13 December 2013 - 04:46 PM

Thank you for looking at my situation...happy to hear from you!



#4 polskamachina

polskamachina

  • Malware Response Team
  • 3,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:05 PM

Posted 14 December 2013 - 11:05 AM

Hi Konadan  :)
 
Hi, my name is polskamachina and I will be assisting you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine. And, if your computer is running at even the slowest level of performance, I strongly urge you to BACKUP YOUR HARD DRIVE NOW. This is really the only safety net you have in case some unforeseen problem occurs later down the road.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------
If you have since resolved the original problem you were having, we would appreciate you letting us know.  If not please perform the following steps below so we can have a look at the current condition of your machine.
 

All my problems started after I installed Baidu anti-virus. So, I tried to uninstall it, but couldn't find in "Uninstall or change a program." Do you know how to uninstall it? I believe we need to uninstall Baidu before we go to the next steps.


I noticed you have Revo  Uninstaller in your list of programs. Have you tried using that to remove Baidu? Failing that, please proceed with the following instructions.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.
 
polskamachina



#5 Konadan

Konadan
  • Topic Starter

  • Members
  • 261 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 14 December 2013 - 06:11 PM

The link you gave me http://www.bleepingcomputer.com/combofix/how-to-use-combofix goes back to my post.  It doesn't go to combofix.  Please help.



#6 polskamachina

polskamachina

  • Malware Response Team
  • 3,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:05 PM

Posted 15 December 2013 - 12:17 AM

Hi Konadan,
 
Sorry about the bad link.
 
This is the correct link. http://www.bleepingcomputer.com/combofix/how-to-use-combofix
 
polskamachina



#7 Konadan

Konadan
  • Topic Starter

  • Members
  • 261 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 15 December 2013 - 02:08 AM

Sorry, but it's not the correct link. Please try again. The next time you post the link, please make sure it works.



#8 polskamachina

polskamachina

  • Malware Response Team
  • 3,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:05 PM

Posted 15 December 2013 - 12:19 PM

Hi Konadan,

 

Once again, sorry about the bad link. I'm going to just post it as a link. In the meantime, I'll investigate why the hyperlinks I insert are getting altered when I post them.

 

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

 

Just to make sure this works, I'll put some spaces in between the link below which you should delete if the above link doesn't work.

 

www. bleepingcomputer .com /combofix/how-to-use-combofix

 

polskamachina


Edited by polskamachina, 15 December 2013 - 12:19 PM.


#9 Konadan

Konadan
  • Topic Starter

  • Members
  • 261 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 15 December 2013 - 02:57 PM

ComboFix 13-12-13.01 - Danny 12/15/2013  10:57:51.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6131.3482 [GMT -8:00]
Running from: c:\users\Danny\Desktop\ComboFix.exe
AV: Baidu Antivirus *Enabled/Updated* {10616E6C-0E20-8594-D377-A7D03F6128A6}
SP: Baidu Antivirus *Disabled/Updated* {AB008F88-281A-8A1A-E9C7-9CA244E6621B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
N:\Autorun.inf
N:\Setup.exe
O:\Autorun.inf
.
.
(((((((((((((((((((((((((   Files Created from 2013-11-15 to 2013-12-15  )))))))))))))))))))))))))))))))
.
.
2013-12-13 09:48 . 2013-11-08 03:12    10285968    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{A721E48C-DF9E-47F7-B4B1-598B2FB71E61}\mpengine.dll
2013-12-11 11:02 . 2013-05-10 04:30    167424    ----a-w-    c:\program files\Windows Media Player\wmplayer.exe
2013-12-11 11:02 . 2013-05-10 03:48    164864    ----a-w-    c:\program files (x86)\Windows Media Player\wmplayer.exe
2013-12-11 11:02 . 2013-05-10 05:56    12625920    ----a-w-    c:\windows\system32\wmploc.DLL
2013-12-11 11:02 . 2013-05-10 04:56    12625408    ----a-w-    c:\windows\SysWow64\wmploc.DLL
2013-12-11 11:02 . 2013-05-10 05:56    14631424    ----a-w-    c:\windows\system32\wmp.dll
2013-12-11 02:25 . 2013-10-30 02:32    335360    ----a-w-    c:\windows\system32\msieftp.dll
2013-12-08 17:27 . 2013-12-08 17:27    --------    d-----w-    c:\program files (x86)\VS Revo Group
2013-12-06 06:51 . 2013-12-06 06:51    --------    d-----w-    c:\program files (x86)\ESET
2013-12-06 06:43 . 2013-12-06 06:43    --------    d-----w-    c:\programdata\Baidu
2013-12-06 04:17 . 2013-12-06 04:17    --------    d-----w-    c:\windows\ERUNT
2013-12-06 00:42 . 2013-12-06 06:42    --------    d-----w-    C:\AdwCleaner
2013-11-28 19:24 . 2013-12-07 03:04    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-11-28 19:24 . 2013-12-07 02:51    116440    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-11-26 14:46 . 2013-11-26 14:46    138152    ----a-w-    c:\windows\SysWow64\drivers\AnyDVD.sys
2013-11-26 14:46 . 2013-11-26 14:46    138152    ----a-w-    c:\windows\system32\drivers\AnyDVD.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-14 11:00 . 2011-12-09 03:25    90708896    ----a-w-    c:\windows\system32\MRT.exe
2013-12-03 10:03 . 2013-03-29 03:05    107416    ----a-w-    c:\windows\system32\drivers\avgntflt.sys
2013-11-19 15:07 . 2013-05-07 13:53    83160    ----a-w-    c:\windows\system32\drivers\avnetflt.sys
2013-11-19 15:07 . 2013-03-29 03:05    28600    ----a-w-    c:\windows\system32\drivers\avkmgr.sys
2013-11-19 15:07 . 2013-03-29 03:05    132600    ----a-w-    c:\windows\system32\drivers\avipbb.sys
2013-11-18 07:45 . 2013-11-13 06:50    50496    ----a-w-    c:\windows\system32\drivers\Bfilter.sys
2013-11-18 07:45 . 2013-11-13 06:50    109408    ----a-w-    c:\windows\system32\drivers\Bprotect.sys
2013-11-12 11:01 . 2013-11-12 11:01    940032    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-12 11:01 . 2013-11-12 11:01    194048    ----a-w-    c:\windows\SysWow64\elshyph.dll
2013-11-12 11:01 . 2013-11-12 11:01    71680    ----a-w-    c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-11-12 11:01 . 2013-11-12 11:01    645120    ----a-w-    c:\windows\SysWow64\jsIntl.dll
2013-11-12 11:01 . 2013-11-12 11:01    62464    ----a-w-    c:\windows\SysWow64\tdc.ocx
2013-11-12 11:01 . 2013-11-12 11:01    34816    ----a-w-    c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-11-12 11:01 . 2013-11-12 11:01    337408    ----a-w-    c:\windows\SysWow64\html.iec
2013-11-12 11:01 . 2013-11-12 11:01    235008    ----a-w-    c:\windows\system32\elshyph.dll
2013-11-12 11:01 . 2013-11-12 11:01    182272    ----a-w-    c:\windows\SysWow64\msls31.dll
2013-11-12 11:01 . 2013-11-12 11:01    942592    ----a-w-    c:\windows\system32\jsIntl.dll
2013-11-12 11:01 . 2013-11-12 11:01    86016    ----a-w-    c:\windows\SysWow64\iesysprep.dll
2013-11-12 11:01 . 2013-11-12 11:01    74240    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2013-11-12 11:01 . 2013-11-12 11:01    61952    ----a-w-    c:\windows\SysWow64\MshtmlDac.dll
2013-11-12 11:01 . 2013-11-12 11:01    61952    ----a-w-    c:\windows\SysWow64\iesetup.dll
2013-11-12 11:01 . 2013-11-12 11:01    51200    ----a-w-    c:\windows\SysWow64\ieetwproxystub.dll
2013-11-12 11:01 . 2013-11-12 11:01    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2013-11-12 11:01 . 2013-11-12 11:01    454656    ----a-w-    c:\windows\SysWow64\vbscript.dll
2013-11-12 11:01 . 2013-11-12 11:01    36352    ----a-w-    c:\windows\SysWow64\imgutil.dll
2013-11-12 11:01 . 2013-11-12 11:01    24576    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2013-11-12 11:01 . 2013-11-12 11:01    151552    ----a-w-    c:\windows\SysWow64\iexpress.exe
2013-11-12 11:01 . 2013-11-12 11:01    139264    ----a-w-    c:\windows\SysWow64\wextract.exe
2013-11-12 11:01 . 2013-11-12 11:01    13312    ----a-w-    c:\windows\SysWow64\mshta.exe
2013-11-12 11:01 . 2013-11-12 11:01    112128    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2013-11-12 11:01 . 2013-11-12 11:01    111616    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2013-11-12 11:01 . 2013-11-12 11:01    1051136    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2013-11-12 11:01 . 2013-11-12 11:01    90112    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2013-11-12 11:01 . 2013-11-12 11:01    86016    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2013-11-12 11:01 . 2013-11-12 11:01    81408    ----a-w-    c:\windows\system32\icardie.dll
2013-11-12 11:01 . 2013-11-12 11:01    77312    ----a-w-    c:\windows\system32\tdc.ocx
2013-11-12 11:01 . 2013-11-12 11:01    616104    ----a-w-    c:\windows\system32\ieapfltr.dat
2013-11-12 11:01 . 2013-11-12 11:01    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2013-11-12 11:01 . 2013-11-12 11:01    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2013-11-12 11:01 . 2013-11-12 11:01    453120    ----a-w-    c:\windows\system32\dxtmsft.dll
2013-11-12 11:01 . 2013-11-12 11:01    413696    ----a-w-    c:\windows\system32\html.iec
2013-11-12 11:01 . 2013-11-12 11:01    40448    ----a-w-    c:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-12 11:01 . 2013-11-12 11:01    30208    ----a-w-    c:\windows\system32\licmgr10.dll
2013-11-12 11:01 . 2013-11-12 11:01    296960    ----a-w-    c:\windows\system32\dxtrans.dll
2013-11-12 11:01 . 2013-11-12 11:01    263376    ----a-w-    c:\windows\system32\iedkcs32.dll
2013-11-12 11:01 . 2013-11-12 11:01    247808    ----a-w-    c:\windows\system32\msls31.dll
2013-11-12 11:01 . 2013-11-12 11:01    243200    ----a-w-    c:\windows\system32\webcheck.dll
2013-11-12 11:01 . 2013-11-12 11:01    235520    ----a-w-    c:\windows\system32\url.dll
2013-11-12 11:01 . 2013-11-12 11:01    195584    ----a-w-    c:\windows\system32\msrating.dll
2013-11-12 11:01 . 2013-11-12 11:01    13312    ----a-w-    c:\windows\system32\msfeedssync.exe
2013-11-12 11:01 . 2013-11-12 11:01    131072    ----a-w-    c:\windows\system32\IEAdvpack.dll
2013-11-12 11:01 . 2013-11-12 11:01    1228800    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2013-11-12 11:01 . 2013-11-12 11:01    105984    ----a-w-    c:\windows\system32\iesysprep.dll
2013-11-12 11:01 . 2013-11-12 11:01    84992    ----a-w-    c:\windows\system32\mshtmled.dll
2013-11-12 11:01 . 2013-11-12 11:01    83968    ----a-w-    c:\windows\system32\MshtmlDac.dll
2013-11-12 11:01 . 2013-11-12 11:01    774144    ----a-w-    c:\windows\system32\jscript.dll
2013-11-12 11:01 . 2013-11-12 11:01    626176    ----a-w-    c:\windows\system32\msfeeds.dll
2013-11-12 11:01 . 2013-11-12 11:01    62464    ----a-w-    c:\windows\system32\pngfilt.dll
2013-11-12 11:01 . 2013-11-12 11:01    548352    ----a-w-    c:\windows\system32\vbscript.dll
2013-11-12 11:01 . 2013-11-12 11:01    48128    ----a-w-    c:\windows\system32\imgutil.dll
2013-11-12 11:01 . 2013-11-12 11:01    167424    ----a-w-    c:\windows\system32\iexpress.exe
2013-11-12 11:01 . 2013-11-12 11:01    147968    ----a-w-    c:\windows\system32\occache.dll
2013-11-12 11:01 . 2013-11-12 11:01    143872    ----a-w-    c:\windows\system32\wextract.exe
2013-11-12 11:01 . 2013-11-12 11:01    13824    ----a-w-    c:\windows\system32\mshta.exe
2013-11-12 11:01 . 2013-11-12 11:01    135680    ----a-w-    c:\windows\system32\iepeers.dll
2013-11-12 11:01 . 2013-11-12 11:01    101376    ----a-w-    c:\windows\system32\inseng.dll
2013-11-11 13:50 . 2010-11-21 03:27    267936    ------w-    c:\windows\system32\MpSigStub.exe
2013-10-22 12:25 . 2013-10-22 12:25    170344    ----a-w-    c:\programdata\FileSplitUpLoad.dll
2013-10-18 03:52 . 2013-10-18 03:52    312744    ----a-w-    c:\windows\system32\javaws.exe
2013-10-18 03:52 . 2013-10-18 03:52    189352    ----a-w-    c:\windows\system32\javaw.exe
2013-10-18 03:52 . 2013-10-18 03:52    189352    ----a-w-    c:\windows\system32\java.exe
2013-10-18 03:52 . 2013-10-18 03:52    108968    ----a-w-    c:\windows\system32\WindowsAccessBridge-64.dll
2013-10-15 02:00 . 2013-11-12 11:03    28368    ----a-w-    c:\windows\system32\IEUDINIT.EXE
2013-10-14 16:50 . 2012-12-10 22:39    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-14 16:50 . 2012-12-10 22:39    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-12 02:30 . 2013-11-13 08:31    830464    ----a-w-    c:\windows\system32\nshwfp.dll
2013-10-12 02:29 . 2013-11-13 08:31    859648    ----a-w-    c:\windows\system32\IKEEXT.DLL
2013-10-12 02:29 . 2013-11-13 08:31    324096    ----a-w-    c:\windows\system32\FWPUCLNT.DLL
2013-10-12 02:03 . 2013-11-13 08:31    656896    ----a-w-    c:\windows\SysWow64\nshwfp.dll
2013-10-12 02:01 . 2013-11-13 08:31    216576    ----a-w-    c:\windows\SysWow64\FWPUCLNT.DLL
2013-10-05 20:25 . 2013-11-13 08:31    1474048    ----a-w-    c:\windows\system32\crypt32.dll
2013-10-05 19:57 . 2013-11-13 08:31    1168384    ----a-w-    c:\windows\SysWow64\crypt32.dll
2013-10-04 02:28 . 2013-11-13 08:31    190464    ----a-w-    c:\windows\system32\SmartcardCredentialProvider.dll
2013-10-04 02:25 . 2013-11-13 08:31    197120    ----a-w-    c:\windows\system32\credui.dll
2013-10-04 02:24 . 2013-11-13 08:31    1930752    ----a-w-    c:\windows\system32\authui.dll
2013-10-04 01:58 . 2013-11-13 08:31    152576    ----a-w-    c:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56 . 2013-11-13 08:31    168960    ----a-w-    c:\windows\SysWow64\credui.dll
2013-10-04 01:56 . 2013-11-13 08:31    1796096    ----a-w-    c:\windows\SysWow64\authui.dll
2013-10-03 02:23 . 2013-11-13 08:31    404480    ----a-w-    c:\windows\system32\gdi32.dll
2013-10-03 02:00 . 2013-11-13 08:31    311808    ----a-w-    c:\windows\SysWow64\gdi32.dll
2013-09-30 23:38 . 2013-09-30 23:38    97176    ----a-w-    c:\windows\SysWow64\ElbyCDIO.dll
2013-09-28 01:09 . 2013-11-13 08:31    497152    ----a-w-    c:\windows\system32\drivers\afd.sys
2013-09-25 02:26 . 2013-11-13 08:31    95680    ----a-w-    c:\windows\system32\drivers\ksecdd.sys
2013-09-25 02:26 . 2013-11-13 08:31    154560    ----a-w-    c:\windows\system32\drivers\ksecpkg.sys
2013-09-25 02:23 . 2013-11-13 08:31    28672    ----a-w-    c:\windows\system32\sspisrv.dll
2013-09-25 02:23 . 2013-11-13 08:31    135680    ----a-w-    c:\windows\system32\sspicli.dll
2013-09-25 02:23 . 2013-11-13 08:31    28160    ----a-w-    c:\windows\system32\secur32.dll
2013-09-25 02:22 . 2013-11-13 08:31    340992    ----a-w-    c:\windows\system32\schannel.dll
2013-09-25 02:21 . 2013-11-13 08:31    307200    ----a-w-    c:\windows\system32\ncrypt.dll
2013-09-25 02:21 . 2013-11-13 08:31    1447936    ----a-w-    c:\windows\system32\lsasrv.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dualmonitor"="c:\program files (x86)\Dual Monitor\DualMonitor.exe" [2013-02-18 478720]
"AnyDVD"="c:\program files (x86)\SlySoft\AnyDVD\AnyDVD.exe" [2013-12-12 93096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
"Baidu Antivirus"="c:\program files (x86)\Baidu Security\Baidu Antivirus\BavTray.exe" [2013-11-18 696680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BavSvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AutoUpdateDisableNotify"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
R3 BprotectEx;Baidu ProtectEx;c:\windows\System32\drivers\BprotectEx.sys;c:\windows\SYSNATIVE\drivers\BprotectEx.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MMPSY;MMPSY;c:\users\Danny\AppData\Local\Temp\mmpsy64.sys;c:\users\Danny\AppData\Local\Temp\mmpsy64.sys [x]
R3 PCFApiUtil;PCFApiUtil;c:\program files (x86)\Baidu Security\PC Faster\3.7.0.0\PCFApiUtil64.sys;c:\program files (x86)\Baidu Security\PC Faster\3.7.0.0\PCFApiUtil64.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 rspMMFS;rspMMFS;c:\windows\system32\DRIVERS\rspmmfs64.sys;c:\windows\SYSNATIVE\DRIVERS\rspmmfs64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R4 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x]
R4 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
R4 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [x]
R4 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [x]
R4 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 Bfilter;Baidu Antivirus Minifilter Driver;c:\windows\System32\drivers\Bfilter.sys;c:\windows\SYSNATIVE\drivers\Bfilter.sys [x]
S1 Bfmon;Baidu FS Monitor Driver;c:\windows\System32\drivers\Bfmon.sys;c:\windows\SYSNATIVE\drivers\Bfmon.sys [x]
S1 Bprotect;Baidu Protect;c:\windows\System32\drivers\Bprotect.sys;c:\windows\SYSNATIVE\drivers\Bprotect.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 BAVSvc;Baidu Antivirus Service;c:\program files (x86)\Baidu Security\Baidu Antivirus\BAVSvc.exe;c:\program files (x86)\Baidu Security\Baidu Antivirus\BAVSvc.exe [x]
S2 BHipsSvc;Baidu Hips Service;c:\program files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe;c:\program files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe [x]
S2 casperhpb;Casper SmartSense;c:\program files\Common Files\Future Systems Solutions\Services\CASPERABSVC.EXE;c:\program files\Common Files\Future Systems Solutions\Services\CASPERABSVC.EXE [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe;c:\program files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys;c:\windows\SYSNATIVE\DRIVERS\lvbflt64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Pro Webcam C910(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys;c:\windows\SYSNATIVE\DRIVERS\rcmirror.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys;c:\windows\SYSNATIVE\drivers\usbfilter.sys [x]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - BavR3base
*Deregistered* - BdApiUtil
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-10 16:50]
.
2013-11-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3775917008-4114546540-3718032512-1000Core1ce80ac66aa5970.job
- c:\users\Danny\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-06 00:26]
.
2013-11-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3775917008-4114546540-3718032512-1000UA1ce80ac66b1d39c.job
- c:\users\Danny\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-06 00:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.5.1
FF - ProfilePath - c:\users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\tgue0r2r.default-1384505792888\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - ExtSQL: 2013-11-15 22:18; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\tgue0r2r.default-1384505792888\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-11-15 22:24; artur.dubovoy@gmail.com; c:\users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\tgue0r2r.default-1384505792888\extensions\artur.dubovoy@gmail.com.xpi
FF - ExtSQL: 2013-11-28 12:11; {95ab36d4-fb6f-47b0-8b8d-e5f3bd547953}; c:\users\Danny\AppData\Roaming\Mozilla\Firefox\Profiles\tgue0r2r.default-1384505792888\extensions\{95ab36d4-fb6f-47b0-8b8d-e5f3bd547953}.xpi
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{10880D85-AAD9-4558-ABDC-2AB1552D831F} - c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Coupon Printer for Windows5.0.0.3 - c:\program files (x86)\Coupons\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2013-12-15  11:08:20 - machine was rebooted
ComboFix-quarantined-files.txt  2013-12-15 19:08
.
Pre-Run: 19,548,172,288 bytes free
Post-Run: 19,803,656,192 bytes free
.
- - End Of File - - 4FC1516141B01103CFE896DEC76C99B1
A36C5E4F47E84449FF07ED3517B43A31



#10 polskamachina

polskamachina

  • Malware Response Team
  • 3,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:05 PM

Posted 15 December 2013 - 09:02 PM

Hi Konadan,

 

Good job with the log.  :thumbup2:

 

How is your computer behaving now? Are you able to open the programs that weren't opening before?

 

polskamachina



#11 Konadan

Konadan
  • Topic Starter

  • Members
  • 261 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 15 December 2013 - 09:25 PM

No, F-Secure,  Malwarebytes, and Win Live still don't open.  I am going to  see if  ESET still stops half-way through the scan (it has identified 12 threats that are still there). What ever I have won't let me do a System Restore.

 

Did the Combo-fix log indicate it found threats and corrected them?


Edited by Konadan, 16 December 2013 - 12:37 AM.


#12 Konadan

Konadan
  • Topic Starter

  • Members
  • 261 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 16 December 2013 - 06:52 AM

ESET completed its scan, and it reported it got rid of 10 of 11 threats. I ran MWAV/ESCAN  and it got rid of more threats.

 

Bidu doesn't show up in Revo. I can't uninstall it.

 

I was able to set a System Restore point.

 

F-Secure,  Malwarebytes, Win IE and Win Live still don't open.


Edited by Konadan, 16 December 2013 - 01:15 PM.


#13 Konadan

Konadan
  • Topic Starter

  • Members
  • 261 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 16 December 2013 - 12:32 PM

I ran ESET again, and it found no threats.



#14 polskamachina

polskamachina

  • Malware Response Team
  • 3,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:05 PM

Posted 16 December 2013 - 02:15 PM

Hi Konadan :)

 

Can you please use the instructions below to forward me the ESET log?

 

  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Then copy and paste it in your next reply.

polskamachina



#15 Konadan

Konadan
  • Topic Starter

  • Members
  • 261 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 16 December 2013 - 05:43 PM

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=091e33e6e9de464fa0a9d57caa5a61e5
# engine=16157
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-12-06 05:18:02
# local_time=2013-12-06 09:18:02 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 0 156899187 0 0
# compatibility_mode=5893 16776573 100 94 0 137893732 0 0
# scanned=604534
# found=10
# cleaned=0
# scan_time=37288
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\apnic.dll"
sh=1A3F14C0A66F9AF050D1F34FBACBAADC31751A07 ft=1 fh=2704a03a0f47b728 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\apntoolbarinstaller.exe"
sh=4B553651EF610C0614F8393D6C25ABA0A8F09ECA ft=1 fh=92ef1bb072edf568 vn="a variant of Win32/Bundled.Toolbar.Ask.D application" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe"
sh=4AA41B7093764FE23F8060605FD07B018A214164 ft=1 fh=fc3a0dd9b86765a0 vn="a variant of Win32/CNETInstaller.B application" ac=I fn="C:\Users\Danny\AppData\Local\Temp\KMP_3.7.0.113.exe"
sh=713EF952AC6A358C8ABFA39550AA98592EC79D47 ft=1 fh=77e3e4d500a73749 vn="Win32/DownloadAdmin.G application" ac=I fn="C:\Users\Danny\Desktop\APPs\cbsidlm-tr1_14-MultiMon-SEO-75300294.exe"
sh=40E49124AD0B55A25F947333CA88E9D0BC30A7E3 ft=1 fh=e26ad988592b2af9 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ApnIC[1].0"
sh=40E49124AD0B55A25F947333CA88E9D0BC30A7E3 ft=1 fh=e26ad988592b2af9 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ApnIC[1].0"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="G:\Program Files (x86)\Avira\AntiVir Desktop\apnic.dll"
sh=1A3F14C0A66F9AF050D1F34FBACBAADC31751A07 ft=1 fh=2704a03a0f47b728 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="G:\Program Files (x86)\Avira\AntiVir Desktop\apntoolbarinstaller.exe"
sh=4B553651EF610C0614F8393D6C25ABA0A8F09ECA ft=1 fh=92ef1bb072edf568 vn="a variant of Win32/Bundled.Toolbar.Ask.D application" ac=I fn="G:\Program Files (x86)\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=091e33e6e9de464fa0a9d57caa5a61e5
# engine=16166
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-12-06 10:43:41
# local_time=2013-12-06 02:43:41 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 0 156918726 0 0
# compatibility_mode=5893 16776574 100 94 0 137913271 0 0
# scanned=604482
# found=10
# cleaned=0
# scan_time=18965
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\apnic.dll"
sh=1A3F14C0A66F9AF050D1F34FBACBAADC31751A07 ft=1 fh=2704a03a0f47b728 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\apntoolbarinstaller.exe"
sh=4B553651EF610C0614F8393D6C25ABA0A8F09ECA ft=1 fh=92ef1bb072edf568 vn="a variant of Win32/Bundled.Toolbar.Ask.D application" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe"
sh=4AA41B7093764FE23F8060605FD07B018A214164 ft=1 fh=fc3a0dd9b86765a0 vn="a variant of Win32/CNETInstaller.B application" ac=I fn="C:\Users\Danny\AppData\Local\Temp\KMP_3.7.0.113.exe"
sh=713EF952AC6A358C8ABFA39550AA98592EC79D47 ft=1 fh=77e3e4d500a73749 vn="Win32/DownloadAdmin.G application" ac=I fn="C:\Users\Danny\Desktop\APPs\cbsidlm-tr1_14-MultiMon-SEO-75300294.exe"
sh=40E49124AD0B55A25F947333CA88E9D0BC30A7E3 ft=1 fh=e26ad988592b2af9 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ApnIC[1].0"
sh=40E49124AD0B55A25F947333CA88E9D0BC30A7E3 ft=1 fh=e26ad988592b2af9 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ApnIC[1].0"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="G:\Program Files (x86)\Avira\AntiVir Desktop\apnic.dll"
sh=1A3F14C0A66F9AF050D1F34FBACBAADC31751A07 ft=1 fh=2704a03a0f47b728 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="G:\Program Files (x86)\Avira\AntiVir Desktop\apntoolbarinstaller.exe"
sh=4B553651EF610C0614F8393D6C25ABA0A8F09ECA ft=1 fh=92ef1bb072edf568 vn="a variant of Win32/Bundled.Toolbar.Ask.D application" ac=I fn="G:\Program Files (x86)\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=091e33e6e9de464fa0a9d57caa5a61e5
# engine=16190
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-12-09 05:59:43
# local_time=2013-12-09 09:59:43 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16774142 0 1 0 0 0 0
# compatibility_mode=5893 16776573 100 94 0 138155433 0 0
# scanned=605599
# found=12
# cleaned=0
# scan_time=48238
sh=4B553651EF610C0614F8393D6C25ABA0A8F09ECA ft=1 fh=92ef1bb072edf568 vn="a variant of Win32/Bundled.Toolbar.Ask.D application" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-3775917008-4114546540-3718032512-1000\$R88A66G.exe"
sh=1A3F14C0A66F9AF050D1F34FBACBAADC31751A07 ft=1 fh=2704a03a0f47b728 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-3775917008-4114546540-3718032512-1000\$RI4ENNW.exe"
sh=E2D817D293553946FBCCBF47E66D5C781B3083E9 ft=1 fh=c71c0011977b0723 vn="a variant of Win32/InstallCore.ES application" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-3775917008-4114546540-3718032512-1000\$RMPEIPX.exe"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-3775917008-4114546540-3718032512-1000\$RTYNQN3.dll"
sh=4AA41B7093764FE23F8060605FD07B018A214164 ft=1 fh=fc3a0dd9b86765a0 vn="a variant of Win32/CNETInstaller.B application" ac=I fn="C:\Users\Danny\AppData\Local\Temp\KMP_3.7.0.113.exe"
sh=713EF952AC6A358C8ABFA39550AA98592EC79D47 ft=1 fh=77e3e4d500a73749 vn="Win32/DownloadAdmin.G application" ac=I fn="C:\Users\Danny\Desktop\APPs\cbsidlm-tr1_14-MultiMon-SEO-75300294.exe"
sh=40E49124AD0B55A25F947333CA88E9D0BC30A7E3 ft=1 fh=e26ad988592b2af9 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ApnIC[1].0"
sh=40E49124AD0B55A25F947333CA88E9D0BC30A7E3 ft=1 fh=e26ad988592b2af9 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ApnIC[1].0"
sh=4B553651EF610C0614F8393D6C25ABA0A8F09ECA ft=1 fh=92ef1bb072edf568 vn="a variant of Win32/Bundled.Toolbar.Ask.D application" ac=I fn="C:\Windows\Temp\AVSETUP_52a5232c\Offercast_AVIRAV7_.exe"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="G:\Program Files (x86)\Avira\AntiVir Desktop\apnic.dll"
sh=1A3F14C0A66F9AF050D1F34FBACBAADC31751A07 ft=1 fh=2704a03a0f47b728 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="G:\Program Files (x86)\Avira\AntiVir Desktop\apntoolbarinstaller.exe"
sh=4B553651EF610C0614F8393D6C25ABA0A8F09ECA ft=1 fh=92ef1bb072edf568 vn="a variant of Win32/Bundled.Toolbar.Ask.D application" ac=I fn="G:\Program Files (x86)\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=091e33e6e9de464fa0a9d57caa5a61e5
# engine=16280
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-12-16 08:22:15
# local_time=2013-12-16 12:22:15 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 0 138725585 0 0
# scanned=679758
# found=11
# cleaned=10
# scan_time=17113
sh=40E49124AD0B55A25F947333CA88E9D0BC30A7E3 ft=1 fh=e26ad988592b2af9 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ApnIC[1].0"
sh=713EF952AC6A358C8ABFA39550AA98592EC79D47 ft=1 fh=77e3e4d500a73749 vn="Win32/DownloadAdmin.G application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Danny\Desktop\APPs\cbsidlm-tr1_14-MultiMon-SEO-75300294.exe"
sh=40E49124AD0B55A25F947333CA88E9D0BC30A7E3 ft=1 fh=e26ad988592b2af9 vn="a variant of Win32/Bundled.Toolbar.Ask application (cleaned by deleting - quarantined)" ac=C fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ApnIC[1].0"
sh=A4854C3C5A7277D3C02F88330D2023AAD3667533 ft=1 fh=818bd9cd8f0d2ffa vn="Win32/Bundled.Toolbar.Google.D application (cleaned by deleting - quarantined)" ac=C fn="D:\BaiduDownloads\CCleaner4.03.4151.exe"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="a variant of Win32/Bundled.Toolbar.Ask application (cleaned by deleting - quarantined)" ac=C fn="G:\Program Files (x86)\Avira\AntiVir Desktop\apnic.dll"
sh=1A3F14C0A66F9AF050D1F34FBACBAADC31751A07 ft=1 fh=2704a03a0f47b728 vn="a variant of Win32/Bundled.Toolbar.Ask application (cleaned by deleting - quarantined)" ac=C fn="G:\Program Files (x86)\Avira\AntiVir Desktop\apntoolbarinstaller.exe"
sh=4B553651EF610C0614F8393D6C25ABA0A8F09ECA ft=1 fh=92ef1bb072edf568 vn="a variant of Win32/Bundled.Toolbar.Ask.D application (cleaned by deleting - quarantined)" ac=C fn="G:\Program Files (x86)\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe"
sh=5357E97F4D68F68B8C7278D4EA9191B53711FA11 ft=1 fh=b8e328b3d4bb0561 vn="Win32/MyPCBackup.A application (cleaned by deleting - quarantined)" ac=C fn="G:\Users\Danny\AppData\Local\Temp\1371786419_Cloud_Backup_Setup.exe"
sh=5357E97F4D68F68B8C7278D4EA9191B53711FA11 ft=1 fh=b8e328b3d4bb0561 vn="Win32/MyPCBackup.A application (cleaned by deleting - quarantined)" ac=C fn="G:\Users\Danny\AppData\Local\Temp\dmtempdownload3736129D09483E41A618249502BA7F81.tmp"
sh=42C3980205B8B32265E3663608D3252D5B9EC740 ft=1 fh=0f503c0c4b3a4851 vn="a variant of Win32/Soft32Downloader.D application (cleaned by deleting - quarantined)" ac=C fn="G:\Users\Danny\Desktop\APPs\mozilla firefox setup.exe"
sh=40E49124AD0B55A25F947333CA88E9D0BC30A7E3 ft=1 fh=e26ad988592b2af9 vn="a variant of Win32/Bundled.Toolbar.Ask application (cleaned by deleting - quarantined)" ac=C fn="G:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\ApnIC[1].0"
ESETSmartInstaller@High as downloader log:
Can not read file from internet.ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=091e33e6e9de464fa0a9d57caa5a61e5
# engine=16283
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-12-16 04:41:36
# local_time=2013-12-16 08:41:36 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 0 138755546 0 0
# scanned=683404
# found=0
# cleaned=0
# scan_time=16506






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users