Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus (possibly Paladin virus) avoids all scanners and crashes desktop on start


  • This topic is locked This topic is locked
41 replies to this topic

#1 PaintbrushoftheWolf

PaintbrushoftheWolf

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:01 PM

Posted 12 February 2014 - 08:01 PM

Accidental double post. 
 
Here is the link to my real thread: http://www.bleepingcomputer.com/forums/t/524143/virus-possibly-paladin-virus-avoids-all-scanners-and-crashes-desktop-on-start/


Edit: Merged two topics for continuity of context and MR Team topic management.~ Animal

Attached Files


Edited by Animal, 12 February 2014 - 08:13 PM.


BC AdBot (Login to Remove)

 


#2 PaintbrushoftheWolf

PaintbrushoftheWolf
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:01 PM

Posted 12 February 2014 - 08:04 PM

Computer: Windows Vista 64 bit / / Dell XPS 420

 

Problems started occurring out of the blue when I tried to resume my computer from sleep mode and it froze. I had not downloaded anything recently, not anything I was aware of anyway. My computer has had several corrupted files that contained error messages on start up. I have been able to fix these but my computer freezes soon after I start up. I am only able to access safe mode. 

 

I have been able to remove 42 entries of malware via Spybot. And 1 virus via Avast. The virus was called Paladin. However, in my virus chest there are multiple entries each named unknown, all with the same date of quarantine. Despite my quarantining of this virus, a [Paladin] program still pops up very briefly in normal mode in my start-up tray. 

 

I have been able to install and update a number of anti-virus and malware removal programs despite being infected. Although initially, the virus had somehow removed Adwcleaner, I was able to reinstall it and scan my registry. The problem, however, was not fixed. For some reason, despite downloading them, I have been unable to fully install Avira Anti-virus and am unable to get AVG to run.

 

Everything else comes up with zero results despite continuing problems. MRT says I have 1 infected file on a Full Scan, however, it always locks up when attempting to scan: D:\dell\Image\Factory.wim\Windows\Help\Windows\en-US\mail.wmv

Custom and quick scans yield no results.

 

My restore points are all gone. 

 

Here is a copy/paste of the info in my original post:

 

 

Problems from Day 1 of this virus

 

  • Computer locks up on shutdown
  • Computer locks up when trying to scan with anti-virus software in normal mode
  • Computer locks up sometime after start up / Unable to run outside of safe mode
  • A [Paladin] window pops up in the bottom tray of my desktop and then vanishes a second later. It does not appear in my list of programs
  • Explore.exe constantly rising in memory upon start up (has since been fixed? It averages out at about 28k)
  • All my system restore points wiped
  • Adwcleaner was somehow removed? (I was initially unable to reinstall it but have been able to recently)
  • Several corrupted files that resulted in a massive stream of error messages on start up. I have been able to repair most of these. (Presumably, at least. I don't get anymore error messages now.) (Some of the error messages contained: propys.dll , wer.dll , ODBC32.dll)

 

What I have done so far:

 

  • Malwarebytes is up to date and after several scans has turned up nothing.
  • Spybot Search and Destroy was able to remove 42 entries of malware
  • Avast found 1 virus (currently quarantined) which it said was Paladin. However, the log lists multiple entries in the chest with [Uncomfirmed] as their names. The [Paladin] program box still pops up if I attempt to run on normal mode.
  • After quarantining virus, Avast prompted to do a boot-time scan. I accepted and....the boot scan did not run.
  • MRT has found 1 infected file in Full Scan. It locks up whenever it tries to scan this file:  ( D:\dell\Image\Factory.wim\Windows\Help\Windows\en-US\mail.wmv ) Scanning C and D separately produces no results.
  • Installed and ran Hitman Pro. No results.
  • Installed RKill and ran malwarebytes again. No results.
  • Installed and ran Super Antispyware. Only found cookies.
  • Installed AVG...would not scan properly in safe mode and immediately locked up my computer on trying to scan it.
  • Downloaded Anvira Antivirus....however it was unable to install.
  • Re-downloaded, installed, and successfully used Adwcleaner to clean my registry

 

 

The Log:

(This log was ran in Safe Mode with Networking)

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 9.0.8112.16526  BrowserJavaVersion: 1.6.0_31
Run by Kristen at 19:26:22 on 2014-02-12
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.6077.4742 [GMT -5:00]
.
AV: AVG AntiVirus Free Edition 2014 *Disabled/Outdated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Outdated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.yahoo.com?type=586383&fr=spigot-yhp-ie
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2090120
mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2090120
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - 
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - 
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll
BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - 
BHO: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - <orphaned>
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - 
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files (x86)\Dell\BAE\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - 
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
uRun: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRunOnce: [Application Restart #7] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe  --flag-switches-begin --flag-switches-end --flag-switches-begin --flag-switches-end --restore-last-session -- https://my.screenname.aol.com/_cqr/login/login.psp?entryType=client2Web&authToken=%2FBcAG0%2BGUs8AAKo8AcC1kE%2BGU%2FsImDFIW9hNt0cAAA%3D%3D&lang=en&locale=US
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
mRun: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ESOSUR~1.LNK - C:\Program Files (x86)\ESO Survey Live\ESOSurveyLive.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WPN111\wpn111.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MI1933~1\Office12\EXCEL.EXE/3000
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - 
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{61AC453E-FADF-4FCF-A1C0-B1277FA1E144} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{CBDFD4DB-1113-434A-9137-4A56E2DD7249} : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2090120
x64-BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll
x64-BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - 
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - 
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-Run: [IAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"
x64-Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
x64-Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray64.exe
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - LocalServer32 - <no file>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kristen\AppData\Roaming\Mozilla\Firefox\Profiles\i0xwgyg6.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://search.yahoo.com?type=586383&fr=spigot-yhp-ff
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=586383&p=
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
FF - component: C:\Users\Kristen\AppData\Roaming\Mozilla\Firefox\Profiles\i0xwgyg6.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}\components\MailUtil.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
FF - ExtSQL: !HIDDEN! 2009-09-02 03:01; {20a82645-c095-46ed-80e3-08825760534b}; C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-10-24 194872]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-10-31 294712]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-10-1 123704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-10 31544]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-1-20 55024]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2012-7-1 19600]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-10 144152]
S0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-12-13 65776]
S0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-12-13 205320]
S1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-7-18 1032416]
S1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-7-19 409832]
S1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-11-5 150808]
S1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-4 240920]
S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-10-31 212280]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-3-28 241152]
S2 Apache2.2;Remote Access Media Server;C:\ProgramData\SingleClick Systems\apache\bin\httpd.exe [2007-9-21 15872]
S2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-7-19 38984]
S2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-7-19 84328]
S2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-7-19 50344]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2013-11-11 3478544]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-24 348008]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.EXE [2013-12-16 193696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-9-23 155648]
S2 dsl-db;Remote Access DB;C:\ProgramData\SingleClick Systems\MySQL\bin\mysqld.exe [2007-9-14 5730304]
S2 dsl-fs-sync;Remote Access File Sync Service;C:\ProgramData\SingleClick Systems\Remote Access File Sync Service\dsl_fs_sync.exe [2008-9-30 173296]
S2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
S2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2008-7-26 187928]
S2 RalinkRegistryWriter64;RalinkRegistryWriter64;C:\Program Files (x86)\Medialink\Common\RaRegistry64.exe [2013-11-20 454208]
S2 RaMediaServer;RaMediaServer;C:\Program Files (x86)\Medialink\Common\RaMediaServer.exe [2013-11-20 621632]
S2 RoxLiveShare10;LiveShare P2P Server 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2008-5-14 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2008-5-14 166384]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-3-29 1153368]
S2 SessionLauncher;SessionLauncher;C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]
S2 uvnc_service;UltraVNC Server;C:\ProgramData\UltraVNC\winvnc.exe -service --> C:\ProgramData\UltraVNC\winvnc.exe -service [?]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdLH6.sys [2013-1-15 92160]
S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.EXE [2013-12-16 247968]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-10-20 89920]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2012-4-5 21712]
S3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;C:\Windows\System32\drivers\evolve.sys [2012-3-11 21656]
S3 fssfltr;FssFltr;C:\Windows\System32\drivers\fssfltr.sys [2011-5-22 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]
S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2008-7-26 30232]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2009-10-7 327704]
S3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2009-3-27 50072]
S3 LVUVC64;Logitech QuickCam S5500(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2009-10-7 6379288]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;C:\Windows\System32\drivers\PCAMp50a64.sys [2009-1-23 43328]
S3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;C:\Windows\System32\drivers\PCASp50a64.sys [2009-1-23 41280]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-5-14 1120752]
S3 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-9-11 1012344]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;C:\Windows\System32\drivers\WPN111vx.sys [2009-3-13 1075712]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2014-02-05 14:20:52 320704 ----a-w- C:\Windows\System32\drivers\aswndis2.sys
2014-01-16 08:02:06 86054176 ----a-w- C:\Windows\System32\mrt.exe
2013-12-18 11:13:56 270496 ------w- C:\Windows\System32\MpSigStub.exe
2013-12-13 23:15:19 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-12-13 23:15:19 65264 ----a-w- C:\Windows\System32\drivers\aswTdi.sys
2013-12-13 23:15:19 205320 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-12-13 23:15:19 1032416 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-12-13 23:15:18 84328 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-12-13 23:15:18 409832 ----a-w- C:\Windows\System32\drivers\aswSP.sys
2013-12-13 23:15:18 38984 ----a-w- C:\Windows\System32\drivers\aswFsBlk.sys
2013-12-13 23:15:18 334648 ----a-w- C:\Windows\System32\aswBoot.exe
2013-12-13 23:15:17 64752 ----a-w- C:\Windows\System32\drivers\aswRdr.sys
2013-12-13 23:15:15 43152 ----a-w- C:\Windows\avastSS.scr
2013-12-11 18:09:17 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 18:09:17 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-15 02:09:03 17847296 ----a-w- C:\Windows\System32\mshtml.dll
2013-11-15 01:42:57 10926080 ----a-w- C:\Windows\System32\ieframe.dll
2013-11-15 01:37:29 2334720 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-15 01:29:33 1347072 ----a-w- C:\Windows\System32\urlmon.dll
2013-11-15 01:29:03 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-11-15 01:28:41 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-15 01:28:00 237056 ----a-w- C:\Windows\System32\url.dll
2013-11-15 01:25:24 85504 ----a-w- C:\Windows\System32\jsproxy.dll
2013-11-15 01:22:21 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-15 01:20:47 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-11-15 01:20:45 816640 ----a-w- C:\Windows\System32\jscript.dll
2013-11-15 01:19:54 2147840 ----a-w- C:\Windows\System32\iertutil.dll
2013-11-15 01:19:47 729088 ----a-w- C:\Windows\System32\msfeeds.dll
2013-11-15 01:18:24 96768 ----a-w- C:\Windows\System32\mshtmled.dll
2013-11-15 01:18:03 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-15 01:12:57 248320 ----a-w- C:\Windows\System32\ieui.dll
.
============= FINISH: 19:28:25.57 ===============


#3 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:01 PM

Posted 17 February 2014 - 11:24 AM

Hello and welcome to BleepingComputer! 
 
 
 
I am Elle and I will be helping you out with your problem. Firstly, you should know that we are working with specific tools which are used to identify the possible threats present on your system so I will analyze the results they produce. 
 
 
As a start we need to have some more up-to-date logs than the ones you have already provided. The current state of the files on your system might have changed so we need to get a clear look on that aspect. DO NOT bring any changes to the system except the ones I tell you to as that may produce more damage than helping us. 
 
If you will encounter a delay of over 2 days from me, please don't hesitate and private message me (link in the signature). 
Do not forget to check your topic periodically and subscribe to it so that you can receive notifications regarding my replies.
 
 
 
Please generate other DDS logs (download it from here if you haven't already) and post them in your next reply along with other changes that may have occured since you last posted.
Also download and run GMER from this link: GMER download link.
 
 
 
Thank you very much for your patience. 
 
 
 
 
Regards,
 
Elle

Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#4 PaintbrushoftheWolf

PaintbrushoftheWolf
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:01 PM

Posted 18 February 2014 - 11:01 PM

Hello, Elle.

Thank you for checking in on me.

 

I was able to fully download the GMER link you linked here. However, when I attempt to run it I receive an error message saying "Application not found."

 

I have not been running my computer in the meantime since I am unable to really use the computer in any productive way and because of that I haven't noticed or experienced any changes since.

 

Here is my new log:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 9.0.8112.16526  BrowserJavaVersion: 1.6.0_31
Run by Kristen at 22:49:31 on 2014-02-18
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.6077.5081 [GMT -5:00]
.
AV: AVG AntiVirus Free Edition 2014 *Disabled/Outdated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Outdated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\helppane.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.yahoo.com?type=586383&fr=spigot-yhp-ie
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2090120
mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2090120
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - 
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - 
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll
BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - 
BHO: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - <orphaned>
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - 
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files (x86)\Dell\BAE\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - 
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
uRun: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRunOnce: [Application Restart #7] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe  --flag-switches-begin --flag-switches-end --flag-switches-begin --flag-switches-end --restore-last-session -- https://my.screenname.aol.com/_cqr/login/login.psp?entryType=client2Web&authToken=%2FBcAG0%2BGUs8AAKo8AcC1kE%2BGU%2FsImDFIW9hNt0cAAA%3D%3D&lang=en&locale=US
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
mRun: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ESOSUR~1.LNK - C:\Program Files (x86)\ESO Survey Live\ESOSurveyLive.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WPN111\wpn111.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MI1933~1\Office12\EXCEL.EXE/3000
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - 
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{61AC453E-FADF-4FCF-A1C0-B1277FA1E144} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{CBDFD4DB-1113-434A-9137-4A56E2DD7249} : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2090120
x64-BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll
x64-BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - 
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - 
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-Run: [IAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"
x64-Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
x64-Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray64.exe
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - LocalServer32 - <no file>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kristen\AppData\Roaming\Mozilla\Firefox\Profiles\i0xwgyg6.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://search.yahoo.com?type=586383&fr=spigot-yhp-ff
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=586383&p=
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
FF - component: C:\Users\Kristen\AppData\Roaming\Mozilla\Firefox\Profiles\i0xwgyg6.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}\components\MailUtil.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
FF - ExtSQL: !HIDDEN! 2009-09-02 03:01; {20a82645-c095-46ed-80e3-08825760534b}; C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-10-24 194872]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-10-31 294712]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-10-1 123704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-10 31544]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-1-20 55024]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2012-7-1 19600]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-10 144152]
S0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-12-13 65776]
S0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-12-13 205320]
S1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-7-18 1032416]
S1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-7-19 409832]
S1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-11-5 150808]
S1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-4 240920]
S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-10-31 212280]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-3-28 241152]
S2 Apache2.2;Remote Access Media Server;C:\ProgramData\SingleClick Systems\apache\bin\httpd.exe [2007-9-21 15872]
S2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-7-19 38984]
S2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-7-19 84328]
S2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-7-19 50344]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2013-11-11 3478544]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-24 348008]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.EXE [2013-12-16 193696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-9-23 155648]
S2 dsl-db;Remote Access DB;C:\ProgramData\SingleClick Systems\MySQL\bin\mysqld.exe [2007-9-14 5730304]
S2 dsl-fs-sync;Remote Access File Sync Service;C:\ProgramData\SingleClick Systems\Remote Access File Sync Service\dsl_fs_sync.exe [2008-9-30 173296]
S2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
S2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2008-7-26 187928]
S2 RalinkRegistryWriter64;RalinkRegistryWriter64;C:\Program Files (x86)\Medialink\Common\RaRegistry64.exe [2013-11-20 454208]
S2 RaMediaServer;RaMediaServer;C:\Program Files (x86)\Medialink\Common\RaMediaServer.exe [2013-11-20 621632]
S2 RoxLiveShare10;LiveShare P2P Server 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2008-5-14 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2008-5-14 166384]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-3-29 1153368]
S2 SessionLauncher;SessionLauncher;C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]
S2 uvnc_service;UltraVNC Server;C:\ProgramData\UltraVNC\winvnc.exe -service --> C:\ProgramData\UltraVNC\winvnc.exe -service [?]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdLH6.sys [2013-1-15 92160]
S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.EXE [2013-12-16 247968]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-10-20 89920]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2012-4-5 21712]
S3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;C:\Windows\System32\drivers\evolve.sys [2012-3-11 21656]
S3 fssfltr;FssFltr;C:\Windows\System32\drivers\fssfltr.sys [2011-5-22 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]
S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2008-7-26 30232]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2009-10-7 327704]
S3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2009-3-27 50072]
S3 LVUVC64;Logitech QuickCam S5500(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2009-10-7 6379288]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;C:\Windows\System32\drivers\PCAMp50a64.sys [2009-1-23 43328]
S3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;C:\Windows\System32\drivers\PCASp50a64.sys [2009-1-23 41280]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-5-14 1120752]
S3 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-9-11 1012344]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;C:\Windows\System32\drivers\WPN111vx.sys [2009-3-13 1075712]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2014-02-05 14:20:52 320704 ----a-w- C:\Windows\System32\drivers\aswndis2.sys
2014-01-16 08:02:06 86054176 ----a-w- C:\Windows\System32\mrt.exe
2013-12-18 11:13:56 270496 ------w- C:\Windows\System32\MpSigStub.exe
2013-12-13 23:15:19 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-12-13 23:15:19 65264 ----a-w- C:\Windows\System32\drivers\aswTdi.sys
2013-12-13 23:15:19 205320 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-12-13 23:15:19 1032416 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-12-13 23:15:18 84328 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-12-13 23:15:18 409832 ----a-w- C:\Windows\System32\drivers\aswSP.sys
2013-12-13 23:15:18 38984 ----a-w- C:\Windows\System32\drivers\aswFsBlk.sys
2013-12-13 23:15:18 334648 ----a-w- C:\Windows\System32\aswBoot.exe
2013-12-13 23:15:17 64752 ----a-w- C:\Windows\System32\drivers\aswRdr.sys
2013-12-13 23:15:15 43152 ----a-w- C:\Windows\avastSS.scr
2013-12-11 18:09:17 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 18:09:17 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
.
============= FINISH: 22:52:38.89 ===============


#5 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:01 PM

Posted 20 February 2014 - 09:03 AM

Hello,

 

I understand. Hasn't DDS produced another log called Attached.txt?

 

Thank you for providing the info so far! 

 

 

 

Elle


Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#6 PaintbrushoftheWolf

PaintbrushoftheWolf
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:01 PM

Posted 20 February 2014 - 11:06 AM

Oh, oops. Let's try this again:

 

Log:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 9.0.8112.16526  BrowserJavaVersion: 1.6.0_31
Run by Kristen at 10:55:07 on 2014-02-20
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.6077.5252 [GMT -5:00]
.
AV: AVG AntiVirus Free Edition 2014 *Disabled/Outdated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Outdated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\helppane.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.yahoo.com?type=586383&fr=spigot-yhp-ie
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2090120
mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2090120
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - 
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - 
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll
BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - 
BHO: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - <orphaned>
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - 
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files (x86)\Dell\BAE\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - 
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
uRun: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRunOnce: [Application Restart #7] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe  --flag-switches-begin --flag-switches-end --flag-switches-begin --flag-switches-end --restore-last-session -- https://my.screenname.aol.com/_cqr/login/login.psp?entryType=client2Web&authToken=%2FBcAG0%2BGUs8AAKo8AcC1kE%2BGU%2FsImDFIW9hNt0cAAA%3D%3D&lang=en&locale=US
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
mRun: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ESOSUR~1.LNK - C:\Program Files (x86)\ESO Survey Live\ESOSurveyLive.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WPN111\wpn111.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MI1933~1\Office12\EXCEL.EXE/3000
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - 
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{61AC453E-FADF-4FCF-A1C0-B1277FA1E144} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{CBDFD4DB-1113-434A-9137-4A56E2DD7249} : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2090120
x64-BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll
x64-BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - 
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - 
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-Run: [IAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"
x64-Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
x64-Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray64.exe
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - LocalServer32 - <no file>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kristen\AppData\Roaming\Mozilla\Firefox\Profiles\i0xwgyg6.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://search.yahoo.com?type=586383&fr=spigot-yhp-ff
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=586383&p=
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
FF - component: C:\Users\Kristen\AppData\Roaming\Mozilla\Firefox\Profiles\i0xwgyg6.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}\components\MailUtil.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
FF - ExtSQL: !HIDDEN! 2009-09-02 03:01; {20a82645-c095-46ed-80e3-08825760534b}; C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-10-24 194872]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-10-31 294712]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-10-1 123704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-10 31544]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-1-20 55024]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2012-7-1 19600]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-10 144152]
S0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-12-13 65776]
S0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-12-13 205320]
S1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-7-18 1032416]
S1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-7-19 409832]
S1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-11-5 150808]
S1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-4 240920]
S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-10-31 212280]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-3-28 241152]
S2 Apache2.2;Remote Access Media Server;C:\ProgramData\SingleClick Systems\apache\bin\httpd.exe [2007-9-21 15872]
S2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-7-19 38984]
S2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-7-19 84328]
S2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-7-19 50344]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2013-11-11 3478544]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-24 348008]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.EXE [2013-12-16 193696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-9-23 155648]
S2 dsl-db;Remote Access DB;C:\ProgramData\SingleClick Systems\MySQL\bin\mysqld.exe [2007-9-14 5730304]
S2 dsl-fs-sync;Remote Access File Sync Service;C:\ProgramData\SingleClick Systems\Remote Access File Sync Service\dsl_fs_sync.exe [2008-9-30 173296]
S2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
S2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2008-7-26 187928]
S2 RalinkRegistryWriter64;RalinkRegistryWriter64;C:\Program Files (x86)\Medialink\Common\RaRegistry64.exe [2013-11-20 454208]
S2 RaMediaServer;RaMediaServer;C:\Program Files (x86)\Medialink\Common\RaMediaServer.exe [2013-11-20 621632]
S2 RoxLiveShare10;LiveShare P2P Server 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2008-5-14 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2008-5-14 166384]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-3-29 1153368]
S2 SessionLauncher;SessionLauncher;C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]
S2 uvnc_service;UltraVNC Server;C:\ProgramData\UltraVNC\winvnc.exe -service --> C:\ProgramData\UltraVNC\winvnc.exe -service [?]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdLH6.sys [2013-1-15 92160]
S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.EXE [2013-12-16 247968]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-10-20 89920]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2012-4-5 21712]
S3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;C:\Windows\System32\drivers\evolve.sys [2012-3-11 21656]
S3 fssfltr;FssFltr;C:\Windows\System32\drivers\fssfltr.sys [2011-5-22 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]
S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2008-7-26 30232]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2009-10-7 327704]
S3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2009-3-27 50072]
S3 LVUVC64;Logitech QuickCam S5500(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2009-10-7 6379288]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;C:\Windows\System32\drivers\PCAMp50a64.sys [2009-1-23 43328]
S3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;C:\Windows\System32\drivers\PCASp50a64.sys [2009-1-23 41280]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-5-14 1120752]
S3 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-9-11 1012344]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;C:\Windows\System32\drivers\WPN111vx.sys [2009-3-13 1075712]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2014-02-05 14:20:52 320704 ----a-w- C:\Windows\System32\drivers\aswndis2.sys
2014-01-16 08:02:06 86054176 ----a-w- C:\Windows\System32\mrt.exe
2013-12-18 11:13:56 270496 ------w- C:\Windows\System32\MpSigStub.exe
2013-12-13 23:15:19 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-12-13 23:15:19 65264 ----a-w- C:\Windows\System32\drivers\aswTdi.sys
2013-12-13 23:15:19 205320 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-12-13 23:15:19 1032416 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-12-13 23:15:18 84328 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-12-13 23:15:18 409832 ----a-w- C:\Windows\System32\drivers\aswSP.sys
2013-12-13 23:15:18 38984 ----a-w- C:\Windows\System32\drivers\aswFsBlk.sys
2013-12-13 23:15:18 334648 ----a-w- C:\Windows\System32\aswBoot.exe
2013-12-13 23:15:17 64752 ----a-w- C:\Windows\System32\drivers\aswRdr.sys
2013-12-13 23:15:15 43152 ----a-w- C:\Windows\avastSS.scr
2013-12-11 18:09:17 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 18:09:17 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
.
============= FINISH: 10:58:06.00 ===============
 

Attached Files



#7 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:01 PM

Posted 21 February 2014 - 07:56 PM

Hello,

 

Thank you! :grinner:

 

 

Please download ComboFix from one of these locations:
 
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.
 

Query_RC.gif

 
 
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
 

RC_successful.gif

 
 
Click on Yes, to continue scanning for malware.
 
When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.
 
 
 
 
 
 
 
Elle 

Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#8 PaintbrushoftheWolf

PaintbrushoftheWolf
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:01 PM

Posted 22 February 2014 - 01:07 PM

I am able to install and run this.

 

However, I am having some trouble getting it to work properly

 

1. Combo Fix keeps telling me that I am running Avast even though I've already disabled it and even when there are no applications or processes being ran by Avast. 

 

2. Despite right clicking and choosing to run with administrator privileges (which normally works for other programs), ComboFix keeps telling me that I am don't have administrator privileges.  

 

Edit: I have disabled my antivirus auto-start up and have changed their services from "automatic" to "disabled" and I am still being told that my computer is running anti-virus software.

 

 

Edit 2: Decided to include a screenshot: http://imgur.com/ifhElWg


Edited by PaintbrushoftheWolf, 22 February 2014 - 02:42 PM.


#9 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:01 PM

Posted 24 February 2014 - 05:03 PM

Hi,

 

 

If you press "Ok", does it not continue with the scan?

 

And I am extremely sorry for the late reply. This will not happen again. 

 

 

 

Elle 


Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#10 PaintbrushoftheWolf

PaintbrushoftheWolf
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:01 PM

Posted 24 February 2014 - 09:42 PM

Hey, I had been under the impression that Combo Fix was dangerous to run with anti-virus up. I have disabled it but it keeps saying I have it up. If that is not an issue I can finish the scan.

#11 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:01 PM

Posted 25 February 2014 - 11:22 AM

The Antivirus is disabled, Combofix is being a bit buggy right now as I can notice. Finish the scan whatsoever, it is safe. :)

 

 

Elle 


Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#12 PaintbrushoftheWolf

PaintbrushoftheWolf
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:01 PM

Posted 26 February 2014 - 04:13 PM

Alright, I have scanned it but since it automatically restarted into normal mode for the log, and my computer doesn't really run very well at all in normal mode, I am still stuck on the "Generating log" screen.

 

I am going to try and set up the computer to automatically go to safe mode on restart. If it is safe to run again I will do so or if there is an alternative way to access the log I will try that.



#13 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:01 PM

Posted 28 February 2014 - 01:57 PM

Hello,

 

Can you look for the C:\Combofix.txt log? Maybe it generated but it could not be opened.

 

 

 

Elle 


Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#14 PaintbrushoftheWolf

PaintbrushoftheWolf
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:01 PM

Posted 28 February 2014 - 10:34 PM

I don't see a log, I did a search and went into the Combo Fix folders looking for it.



#15 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:01 PM

Posted 02 March 2014 - 08:54 AM

Hello,

 

 

Please download GMER from one of the following locations and save it to your desktop:
 

  • Main Mirror which will download a randomly named file
  • Zipped Mirror - Unzip the file to its own folder such as C:\gmer
  • Disconnect from the Internet and close all running programs
  • Temporarily disable any real-time active protection
  • It is very important you do not use your computer while GMER is running
  • Double-click on the randomly named GMER gmericon_zps951fd5aa.jpg icon
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan
  • If you receive a warning about rootkit activity and are asked to fully scan your system click NO
  • Please check in the Quick scan box
  • Please uncheck the following:
    • IAT/EAT
    • Show All <<< Important
    GMER2new_zpsdd936679.jpg
  • Click Scan
  • If you see a rootkit warning window click OK
  • When the scan is finished, Save the results to your desktop as gmer.log
  • Click Copy then paste the results in your reply
  • Exit GMER and be sure to re-enable your Antivirus, Firewall and any other security programs you had disabled

Note:

 

  • If you encounter any problems, try running GMER in Safe Mode
  • If GMER crashes or keeps resulting in a Blue Screen of Death, uncheck Devices on the right side before scanning

 

 

 

Elle 


Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users