Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How to remove "Webpage unavailable offline" virus / malware ?


  • This topic is locked This topic is locked
37 replies to this topic

#1 Bass1000

Bass1000

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 10 March 2014 - 08:00 PM

I  have included  dds.txt   and  HiJackThis  log  in the paragraphs of this posting and attach.txt  as an attachment.
 
My computer recently has been popping up the message box  "Webpage unavailable while offline.   The webpage you have requested is not available offline. To view this page click "Connect"  and has a box with icons to "Connect", Cancel" , or "X"  to close the box.
 
A Google search identifies this pop up as a virus or malware , and the search also returns an archived BleepingComputer dialog from a few years ago. The archived mentions the advice is specific to that user's computer, so I  am posting details from computer for a solution.
 
Questions :
 
(1)  How to remove this virus / malware ?  
I have tried a full system Avast scan and an ccCleaner but neither has solved the problem.
I am surprised these programs did not remove the problem because apparently it is well-known and  been around many years.
 
 
 
(2)  How dangerous is this virus / malware ?  What does it do  ?
Can it read my keystrokes and send my passwords and other sensitive information to another computer ?
Can it hack into the information on my computer even if I do not open the files myself ?
Or, is the only harm  just the nuisance of turning   off the pop ups ?
 
 
 
(3)  During the HiJackThis scan the system stops and pops up a message saying "For some reason your system denied wrtie access to the Hosts file. If any hijacked domains are in this file , HiJackThis might NOT be able to fix this.  If that happens, you need to edit the file yourself. To do this Click  Start , Run , and then type :
 notepad C:\Windows\System32\drivers\etc\hosts    the press Enter.  Find the lines HiJackThis reports and delete them.  Save the file as 'hosts'  (without quotation marks)  then reboot.
 
During (3)  I am not able to perform any of the   notepad C:\Windows\System32\drivers\etc\hosts    the press Enter.  Find the lines HiJackThis reports and delete them.  Save the file as 'hosts'  (without quotation marks)  then reboot  .
 
(4)  Perhaps as a separate issue , do the  HiJackThis lines mentioning "missing files" need to be deleted, repaired, or replaced ?  Or is no maintenance action required ?
 
Thanks ,
Bas1000
 
 
dds.txt   
 
 DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16521  BrowserJavaVersion: 10.25.2
Run by Bass301 at 11:03:07 on 2014-03-08
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5864.3174 [GMT -8:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
C:\Windows\SysWOW64\NLSSRV32.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\Windows\SysWOW64\Rundll32.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\USB Camera\VM331STI.EXE
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Hotspot Shield\bin\hsscp.exe
C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
C:\Program Files (x86)\Hotspot Shield\bin\af_proxy_cmd.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Bass301\Downloads\HijackThis.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com/?ctid=CT1561552&octid=CT1561552&SearchSource=61&CUI=UN18237905682019756&UM=2&UP=SPC0B8361A-73E0-4520-B7AA-A2664DB7A0D4&SSPV=TB_TS7
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
uProxyServer = hxxp=127.0.0.1:8555;https=127.0.0.1:8555
uProxyOverride = <local>127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896
uURLSearchHooks: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\prxtbHots.dll
mURLSearchHooks: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\prxtbHots.dll
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll
BHO: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\prxtbHots.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll
TB: Hotspot Shield Toolbar: {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - C:\Program Files (x86)\Hotspot_Shield\prxtbHots.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\prxtbHots.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [BackgroundContainer] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Bass301\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun: [331BigDog] C:\Program Files (x86)\USB Camera\VM331STI.EXE
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart
mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe
mRun: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
mRun: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRun: [SearchProtect] \SearchProtect\bin\cltmng.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{219B43E9-FC01-4691-9FA3-F8292E24F778} : NameServer = 8.8.8.8
TCP: Interfaces\{BFAD3AAF-569B-4CF0-8828-38692EC713CF} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{BFAD3AAF-569B-4CF0-8828-38692EC713CF}\2456C6B696E6F5E413F575962756C6563737F5342413835473 : DHCPNameServer = 192.168.2.1 192.168.2.1 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{BFAD3AAF-569B-4CF0-8828-38692EC713CF}\C496262716279775962756C656373723 : DHCPNameServer = 216.12.78.10 216.12.78.20
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages =  scecli C:\Program Files\Lenovo\Bluetooth Software\BtwProximityCP.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll
x64-BHO: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - <orphaned>
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TpShocks] TpShocks.exe
x64-Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-7-25 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-7-25 189936]
R0 Fastboot;Fastboot;C:\Windows\System32\drivers\Fastboot.sys [2012-9-9 70416]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-9-9 19264]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\System32\drivers\ApsHM64.sys [2011-12-28 25416]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-7-25 1030952]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-7-25 378944]
R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\drivers\hssdrv6.sys [2014-1-4 44744]
R1 PHCORE;PHCORE;C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys [2012-3-26 33344]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-7-25 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-7-25 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-2-18 46808]
R2 FastbootService;FastbootService;C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [2012-9-9 169776]
R2 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [2013-12-18 920872]
R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [2013-12-18 555304]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-9-9 2445968]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-9-9 128280]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-9-9 161560]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2012-9-9 58224]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2012-5-8 101736]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2012-9-9 61296]
R2 LENOVO.TVTVCAM;ThinkVantage Virtual Camera Controller;C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [2012-9-9 179568]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2012-5-8 133992]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe [2013-7-14 138272]
R2 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2;C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [2012-5-23 216072]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2012-5-23 69640]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2012-5-8 145256]
R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2012-5-8 144960]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-9-9 363800]
R2 VIPAppService;VIPAppService;C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2012-4-18 84080]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\System32\drivers\bcbtums.sys [2012-9-9 138280]
R3 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [2013-7-16 1393240]
R3 btwampfl;btwampfl Bluetooth filter driver;C:\Windows\System32\drivers\btwampfl.sys [2012-9-9 615464]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-9-9 39976]
R3 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1309010.00E\ccsetx64.sys [2013-7-14 167072]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-7-12 138912]
R3 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130808.001\IDSviA64.sys [2013-8-9 513184]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-9-9 331264]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-9-9 357184]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-9-9 789824]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-9-9 339600]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-9-9 648808]
R3 SmbDrvIntel;SmbDrvIntel;C:\Windows\System32\drivers\Smb_driver_Intel.sys [2012-9-9 27408]
R3 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1309010.00E\symds64.sys [2013-7-14 451192]
R3 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1309010.00E\symefa64.sys [2013-7-14 1129120]
R3 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1309010.00E\ironx64.sys [2013-7-14 190072]
R3 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1309010.00E\symnets.sys [2013-7-14 405624]
R3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-6-20 42184]
R3 TVTI2C;Lenovo SM bus driver;C:\Windows\System32\drivers\tvti2c.sys [2012-2-6 40248]
R3 tvtvcamd;ThinkVantage Virtual Camera;C:\Windows\System32\drivers\tvtvcamd.sys [2012-9-9 27432]
R3 vm331avs;Digital Camera 1;C:\Windows\System32\drivers\vm331avs.sys [2012-9-9 952832]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 HyperW7Svc;HyperW7 Service;C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe [2012-5-29 144992]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-7-27 57840]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2013-2-5 1512448]
S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2012-9-9 1662560]
S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2012-9-9 1665120]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-7-18 1255736]
.
=============== Created Last 30 ================
.
2014-03-06 14:30:38 -------- d-sh--w- C:\found.000
2014-03-06 05:53:51 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8428DDB7-2787-40AB-B290-6C3B1A9840B4}\offreg.dll
2014-02-19 04:01:34 8199504 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-02-19 04:01:14 10536864 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8428DDB7-2787-40AB-B290-6C3B1A9840B4}\mpengine.dll
2014-02-19 00:05:59 -------- d-----w- C:\ProgramData\3B1AD
2014-02-18 20:02:33 -------- d-----w- C:\Program Files\CPUID
2014-02-18 19:59:01 -------- d-----w- C:\Users\Bass301\AppData\Roaming\MusicNet
2014-02-18 19:57:55 -------- d-----w- C:\Program Files (x86)\BearShare Applications
2014-02-13 00:08:40 -------- d-----w- C:\Users\Bass301\AppData\Roaming\AVAST Software
2014-02-08 20:03:07 -------- d-----w- C:\Program Files\CCleaner
.
==================== Find3M  ====================
.
2014-01-22 14:52:21 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-01-22 14:52:21 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-01-22 14:52:21 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-01-22 14:52:21 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2014-01-22 14:52:19 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-01-22 14:51:40 41664 ----a-w- C:\Windows\avastSS.scr
2014-01-03 21:16:30 20312 ----a-w- C:\Windows\System32\roboot64.exe
2013-12-18 14:13:56 270496 ------w- C:\Windows\System32\MpSigStub.exe
2013-12-17 21:11:50 44744 ----a-w- C:\Windows\System32\drivers\hssdrv6.sys
.
============= FINISH: 11:04:00.87 ===============
 
 
 
 
 
HiJackThis
 
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:31:43 AM, on 3/8/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16521)
Boot mode: Normal
 
Running processes:
C:\Windows\SysWOW64\Rundll32.exe
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Program Files (x86)\USB Camera\VM331STI.EXE
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Hotspot Shield\bin\hsscp.exe
C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Bass301\Downloads\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?ctid=CT1561552&octid=CT1561552&SearchSource=61&CUI=UN18237905682019756&UM=2&UP=SPC0B8361A-73E0-4520-B7AA-A2664DB7A0D4&SSPV=TB_TS7
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8555;https=127.0.0.1:8555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\prxtbHots.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\IPS\IPSBHO.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: IEPlugin - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll
O2 - BHO: Hotspot Shield - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\prxtbHots.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\prxtbHots.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [331BigDog] C:\Program Files (x86)\USB Camera\VM331STI.EXE
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe
O4 - HKLM\..\Run: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
O4 - HKLM\..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [BackgroundContainer] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Bass301\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-18\..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [SearchProtect] \SearchProtect\bin\cltmng.exe (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{219B43E9-FC01-4691-9FA3-F8292E24F778}: NameServer = 8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{219B43E9-FC01-4691-9FA3-F8292E24F778}: NameServer = 8.8.8.8
O17 - HKLM\System\CS2\Services\Tcpip\..\{219B43E9-FC01-4691-9FA3-F8292E24F778}: NameServer = 8.8.8.8
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: FastbootService - Lenovo - C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (hshld) - AnchorFree Inc. - C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
O23 - Service: HyperW7 Service (HyperW7Svc) - Lenovo Group Limited - C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\Windows\system32\ibmpmsvc.exe (file missing)
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® ME Service - Unknown owner - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo Camera Mute (LENOVO.CAMMUTE) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Lenovo Keyboard Noise Reduction (LENOVO.TPKNRSVC) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
O23 - Service: ThinkVantage Virtual Camera Controller (LENOVO.TVTVCAM) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
O23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
O23 - Service: NitroPDFDriverCreatorReadSpool2 (NitroDriverReadSpool2) - Nitro PDF Software - C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\NLSSRV32.EXE
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cisco EnergyWise Enabler (PwmEWSvc) - Lenovo Group Limited - C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: System Update (SUService) - Unknown owner - C:\Program Files (x86)\Lenovo\System Update\SUService.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Unknown owner - C:\Windows\System32\TPHDEXLG64.exe (file missing)
O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VIPAppService - Symantec Corporation - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 15372 bytes

Attached Files


Edited by Budapest, 10 March 2014 - 08:25 PM.
Moved from Win7 ~Budapest


BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:56 AM

Posted 11 March 2014 - 07:14 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 Bass1000

Bass1000
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 11 March 2014 - 10:50 AM

Hello Marius ,

 

I very  much appreciate your help ! 

 

Here are the results of the Gmer.exe scan  :

 

 GMER 2.1.19357 - http://www.gmer.net

Rootkit scan 2014-03-11 08:42:26
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST320LT0 rev.0004 298.09GB
Running: rombi9f2.exe; Driver: C:\Users\Bass301\AppData\Local\Temp\pxtdqpob.sys
 
 
---- Registry - GMER 2.1 ----
 
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type                                               2
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start                                              2
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl                                       1
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName                                        aswFsBlk
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group                                              FSFilter Activity Monitor
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService                                    FltMgr?
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description                                        avast! mini-filter driver (aswFsBlk)
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag                                                2
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances                                          
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance                          aswFsBlk Instance
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance                        
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude               388400
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags                  0
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk                                                    
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type                                              2
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start                                             2
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl                                      1
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath                                         \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName                                       aswMonFlt
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group                                             FSFilter Anti-Virus
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService                                   FltMgr?
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description                                       avast! mini-filter driver (aswMonFlt)
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances                                         
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance                         aswMonFlt Instance
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance                      
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude             320700
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags                0
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt                                                   
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath                                            \SystemRoot\System32\Drivers\aswrdr2.sys
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type                                                 1
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start                                                1
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl                                         1
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName                                          aswRdr
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group                                                PNP_TDI
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService                                      tcpip?
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description                                          avast! WFP Redirect driver
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters                                           
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault                        
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault                        nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswRdr                                                      
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type                                                1
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start                                               0
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl                                        1
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName                                         aswRvrt
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description                                         avast! Revert
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters                                          
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter                              56
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter                              1036015
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot                               \Device\Harddisk0\Partition2\Windows
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown                         1
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswRvrt                                                     
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type                                                 2
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start                                                1
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl                                         1
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName                                          aswSnx
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group                                                FSFilter Virtualization
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService                                      FltMgr?
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description                                          avast! virtualization driver (aswSnx)
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag                                                  2
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances                                            
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance                            aswSnx Instance
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance                            
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude                   137600
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags                      0
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters                                           
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder                             \DosDevices\C:\Program Files\AVAST Software\Avast
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder                                \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswSnx                                                      
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type                                                  1
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start                                                 1
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl                                          1
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName                                           aswSP
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description                                           avast! Self Protection
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters                                            
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield                                1
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder                              \DosDevices\C:\Program Files\AVAST Software\Avast
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder                                 \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder                         \DosDevices\C:\Program Files
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder                               \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswSP                                                       
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type                                                 1
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start                                                1
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl                                         1
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName                                          avast! Network Shield Support
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group                                                PNP_TDI
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService                                      tcpip?
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description                                          avast! Network Shield TDI driver
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag                                                  10
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswTdi                                                      
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type                                                 1
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start                                                0
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl                                         1
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName                                          aswVmm
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description                                          avast! VM Monitor
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters                                           
Reg   HKLM\SYSTEM\CurrentControlSet\services\aswVmm                                                      
Reg   HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type                                       32
Reg   HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start                                      2
Reg   HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl                               1
Reg   HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath                                  "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg   HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName                                avast! Antivirus
Reg   HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group                                      ShellSvcGroup
Reg   HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService                            aswMonFlt?RpcSS?
Reg   HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64                                      1
Reg   HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName                                 LocalSystem
Reg   HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType                             1
Reg   HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description                                Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler.
Reg   HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus                                            
Reg   HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74e543219d36                        
Reg   HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74e543219d36@60a10ac75ff3           0xD2 0x06 0x7E 0xB1 ...
Reg   HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\889ffaf444d9                        
Reg   HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type                                                   2
Reg   HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start                                                  2
Reg   HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl                                           1
Reg   HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName                                            aswFsBlk
Reg   HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group                                                  FSFilter Activity Monitor
Reg   HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService                                        FltMgr?
Reg   HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description                                            avast! mini-filter driver (aswFsBlk)
Reg   HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag                                                    2
Reg   HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet)                      
Reg   HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance                              aswFsBlk Instance
Reg   HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet)    
Reg   HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude                   388400
Reg   HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags                      0
Reg   HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type                                                  2
Reg   HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start                                                 2
Reg   HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl                                          1
Reg   HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath                                             \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg   HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName                                           aswMonFlt
Reg   HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group                                                 FSFilter Anti-Virus
Reg   HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService                                       FltMgr?
Reg   HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description                                           avast! mini-filter driver (aswMonFlt)
Reg   HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet)                     
Reg   HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance                             aswMonFlt Instance
Reg   HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet)  
Reg   HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude                 320700
Reg   HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags                    0
Reg   HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath                                                \SystemRoot\System32\Drivers\aswrdr2.sys
Reg   HKLM\SYSTEM\ControlSet002\services\aswRdr@Type                                                     1
Reg   HKLM\SYSTEM\ControlSet002\services\aswRdr@Start                                                    1
Reg   HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl                                             1
Reg   HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName                                              aswRdr
Reg   HKLM\SYSTEM\ControlSet002\services\aswRdr@Group                                                    PNP_TDI
Reg   HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService                                          tcpip?
Reg   HKLM\SYSTEM\ControlSet002\services\aswRdr@Description                                              avast! WFP Redirect driver
Reg   HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet)                       
Reg   HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault                            
Reg   HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault                            nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg   HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type                                                    1
Reg   HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start                                                   0
Reg   HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl                                            1
Reg   HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName                                             aswRvrt
Reg   HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description                                             avast! Revert
Reg   HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet)                      
Reg   HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter                                  56
Reg   HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter                                  1036015
Reg   HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot                                   \Device\Harddisk0\Partition2\Windows
Reg   HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown                             1
Reg   HKLM\SYSTEM\ControlSet002\services\aswSnx@Type                                                     2
Reg   HKLM\SYSTEM\ControlSet002\services\aswSnx@Start                                                    1
Reg   HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl                                             1
Reg   HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName                                              aswSnx
Reg   HKLM\SYSTEM\ControlSet002\services\aswSnx@Group                                                    FSFilter Virtualization
Reg   HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService                                          FltMgr?
Reg   HKLM\SYSTEM\ControlSet002\services\aswSnx@Description                                              avast! virtualization driver (aswSnx)
Reg   HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag                                                      2
Reg   HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet)                        
Reg   HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance                                aswSnx Instance
Reg   HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet)        
Reg   HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude                       137600
Reg   HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags                          0
Reg   HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet)                       
Reg   HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder                                 \DosDevices\C:\Program Files\AVAST Software\Avast
Reg   HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder                                    \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg   HKLM\SYSTEM\ControlSet002\services\aswSP@Type                                                      1
Reg   HKLM\SYSTEM\ControlSet002\services\aswSP@Start                                                     1
Reg   HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl                                              1
Reg   HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName                                               aswSP
Reg   HKLM\SYSTEM\ControlSet002\services\aswSP@Description                                               avast! Self Protection
Reg   HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet)                        
Reg   HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield                                    1
Reg   HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder                                  \DosDevices\C:\Program Files\AVAST Software\Avast
Reg   HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder                                     \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg   HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder                             \DosDevices\C:\Program Files
Reg   HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder                                   \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg   HKLM\SYSTEM\ControlSet002\services\aswTdi@Type                                                     1
Reg   HKLM\SYSTEM\ControlSet002\services\aswTdi@Start                                                    1
Reg   HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl                                             1
Reg   HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName                                              avast! Network Shield Support
Reg   HKLM\SYSTEM\ControlSet002\services\aswTdi@Group                                                    PNP_TDI
Reg   HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService                                          tcpip?
Reg   HKLM\SYSTEM\ControlSet002\services\aswTdi@Description                                              avast! Network Shield TDI driver
Reg   HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag                                                      10
Reg   HKLM\SYSTEM\ControlSet002\services\aswVmm@Type                                                     1
Reg   HKLM\SYSTEM\ControlSet002\services\aswVmm@Start                                                    0
Reg   HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl                                             1
Reg   HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName                                              aswVmm
Reg   HKLM\SYSTEM\ControlSet002\services\aswVmm@Description                                              avast! VM Monitor
Reg   HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet)                       
Reg   HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type                                           32
Reg   HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start                                          2
Reg   HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl                                   1
Reg   HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath                                      "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg   HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName                                    avast! Antivirus
Reg   HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group                                          ShellSvcGroup
Reg   HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService                                aswMonFlt?RpcSS?
Reg   HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64                                          1
Reg   HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName                                     LocalSystem
Reg   HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType                                 1
Reg   HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description                                    Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler.
Reg   HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74e543219d36 (not active ControlSet)    
Reg   HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74e543219d36@60a10ac75ff3               0xD2 0x06 0x7E 0xB1 ...
Reg   HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\889ffaf444d9 (not active ControlSet)    
 
---- Disk sectors - GMER 2.1 ----
 
Disk  \Device\Harddisk0\DR0                                                                              unknown MBR code
 
---- EOF - GMER 2.1 ----


#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:56 AM

Posted 11 March 2014 - 10:53 AM

Add-/remove programms

Click on start-->control panel.

Vista/7: Open Programs and Features
XP: Open add/remove programs

Search for and remove the following programs

Hotspot Shield Toolbar
RegClean Pro
Search Protect by conduit



Close the window.

 

 

 

 

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 Bass1000

Bass1000
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 11 March 2014 - 02:53 PM

Here is the content of the combofix.txt  file :

 

  ComboFix 14-03-10.01 - Bass301 03/11/2014  11:10:10.3.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5864.3559 [GMT -7:00]
Running from: c:\users\Bass301\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Q:\Autorun.inf
.
.
(((((((((((((((((((((((((   Files Created from 2014-02-11 to 2014-03-11  )))))))))))))))))))))))))))))))
.
.
2014-03-11 19:34 . 2014-03-11 19:34 -------- d-----w- c:\users\fbwuser\AppData\Local\temp
2014-03-11 19:34 . 2014-03-11 19:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-11 18:07 . 2014-03-11 18:07 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8428DDB7-2787-40AB-B290-6C3B1A9840B4}\offreg.dll
2014-03-06 14:30 . 2014-03-06 14:30 -------- d-----w- C:\found.000
2014-02-19 04:01 . 2014-02-17 09:32 10536864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8428DDB7-2787-40AB-B290-6C3B1A9840B4}\mpengine.dll
2014-02-19 00:05 . 2014-02-19 00:05 -------- d-----w- c:\programdata\3B1AD
2014-02-18 20:02 . 2014-02-18 20:02 -------- d-----w- c:\program files\CPUID
2014-02-18 19:59 . 2014-02-18 19:59 -------- d-----w- c:\users\Bass301\AppData\Roaming\MusicNet
2014-02-18 19:57 . 2014-02-18 19:57 -------- d-----w- c:\program files (x86)\BearShare Applications
2014-02-13 00:08 . 2014-02-13 00:08 -------- d-----w- c:\users\Bass301\AppData\Roaming\AVAST Software
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-22 14:52 . 2013-07-25 18:46 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-01-22 14:52 . 2013-07-25 18:46 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-01-22 14:52 . 2013-07-25 18:46 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-01-22 14:52 . 2013-07-25 18:46 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-01-22 14:52 . 2013-07-25 18:46 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-01-22 14:52 . 2013-07-25 18:46 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-01-22 14:52 . 2013-07-25 18:46 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2014-01-22 14:52 . 2013-07-25 18:45 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-01-22 14:51 . 2013-07-25 18:44 41664 ----a-w- c:\windows\avastSS.scr
2014-01-22 14:51 . 2013-07-25 18:45 295544 ----a-w- c:\windows\system32\aswBoot.exe
2014-01-03 21:16 . 2014-01-27 21:58 20312 ----a-w- c:\windows\system32\roboot64.exe
2013-12-18 14:13 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2013-12-17 21:11 . 2014-01-05 00:24 44744 ----a-w- c:\windows\system32\drivers\hssdrv6.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-07-27 20:41 220632 ----a-w- c:\users\Bass301\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-07-27 20:41 220632 ----a-w- c:\users\Bass301\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-07-27 20:41 220632 ----a-w- c:\users\Bass301\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-09-10 39408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2012-02-07 133400]
"331BigDog"="c:\program files (x86)\USB Camera\VM331STI.EXE" [2012-05-02 548864]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-05-21 291648]
"Dolby Advanced Audio v2"="c:\program files (x86)\Dolby Advanced Audio v2\pcee4.exe" [2012-04-23 508256]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2012-05-15 5941344]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Fastboot"="c:\program files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe" [2012-01-17 1091376]
"Intel AppUp(SM) center"="c:\program files (x86)\Intel\IntelAppStore\bin\ismagent.exe" [2012-07-12 155488]
"Lenovo Registration"="c:\program files (x86)\Lenovo Registration\LenovoReg.exe" [2011-07-14 4351712]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2014-01-22 4858968]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2012-3-5 1389856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0aswBoot.exe /M:260c7719 /wow /dir:C:\Program
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ   scecli c:\program files\Lenovo\Bluetooth Software\BtwProximityCP.dll
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [x]
R2 LENOVO.TVTVCAM;ThinkVantage Virtual Camera Controller;c:\program files\Lenovo\Communications Utility\vcamsvc.exe;c:\program files\Lenovo\Communications Utility\vcamsvc.exe [x]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 Fastboot;Fastboot;c:\windows\System32\DRIVERS\Fastboot.sys;c:\windows\SYSNATIVE\DRIVERS\Fastboot.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys;c:\windows\SYSNATIVE\DRIVERS\ApsHM64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 FastbootService;FastbootService;c:\program files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe;c:\program files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [x]
S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\cmw_srv.exe;c:\program files (x86)\Hotspot Shield\bin\cmw_srv.exe [x]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [x]
S2 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe;c:\program files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [x]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 VIPAppService;VIPAppService;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe;c:\program files (x86)\Symantec\VIP Access Client\VIPAppService.exe [x]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
S3 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130715.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [x]
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1309010.00E\ccSetx64.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130808.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130808.001\IDSvia64.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SmbDrvIntel;SmbDrvIntel;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1309010.00E\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1309010.00E\SYMDS64.SYS [x]
S3 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1309010.00E\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1309010.00E\SYMEFA64.SYS [x]
S3 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1309010.00E\Ironx64.SYS [x]
S3 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1309010.00E\SYMNETS.SYS [x]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys;c:\windows\SYSNATIVE\DRIVERS\Tvti2c.sys [x]
S3 tvtvcamd;ThinkVantage Virtual Camera;c:\windows\system32\DRIVERS\tvtvcamd.sys;c:\windows\SYSNATIVE\DRIVERS\tvtvcamd.sys [x]
S3 vm331avs;Digital Camera 1;c:\windows\system32\Drivers\vm331avs.sys;c:\windows\SYSNATIVE\Drivers\vm331avs.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-04 06:39 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-10 06:52]
.
2014-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-10 06:52]
.
2014-03-11 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
2014-03-11 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-07-27 20:41 244696 ----a-w- c:\users\Bass301\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-07-27 20:41 244696 ----a-w- c:\users\Bass301\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-07-27 20:41 244696 ----a-w- c:\users\Bass301\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-01-22 14:51 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-05-14 17:39 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-05-28 12497552]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-05-30 1180304]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-05-15 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-05-15 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-05-15 440088]
"TpShocks"="TpShocks.exe" [2012-02-25 382528]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2012-06-02 290160]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com/?ctid=CT1561552&octid=CT1561552&SearchSource=61&CUI=UN18237905682019756&UM=2&UP=SPC0B8361A-73E0-4520-B7AA-A2664DB7A0D4&SSPV=TB_TS7
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:8555;https=127.0.0.1:8555
uInternet Settings,ProxyOverride = 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896;<local>
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{219B43E9-FC01-4691-9FA3-F8292E24F778}: NameServer = 8.8.8.8
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKU-Default-Run-SearchProtect - \SearchProtect\bin\cltmng.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Fastboot]
"ImagePath"=multi:"System32\DRIVERS\Fastboot.sys\00"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Fastboot]
"ImagePath"=multi:"System32\DRIVERS\Fastboot.sys\00"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-734912183-1049493429-2107617447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-734912183-1049493429-2107617447-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-03-11  12:39:55
ComboFix-quarantined-files.txt  2014-03-11 19:39
.
Pre-Run: 239,927,398,400 bytes free
Post-Run: 239,291,076,608 bytes free
.
- - End Of File - - 83328158E79655F1B33F946E20B69FBC


#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:56 AM

Posted 12 March 2014 - 04:19 AM

Multiple Antivirus Programs installed!

I do not recommend that you have more than one anti-virus product installed and running on your computer at a time.

The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti-virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Therefore please go to add/remove in the control panel and remove either Norton or avast!.

 

 

 

 

P2P software installed

Going over your logs I noticed that you have BearShare installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall BearShare, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.

 

 

 

 

 

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 Bass1000

Bass1000
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 12 March 2014 - 04:45 AM

Hello ,

 

I have now uninstalled one of the security programs (Norton)  and thought I  had uninstalled BearShare a few weeks ago when it was unintentionally downloaded from the cpuid.com website when intentionally  trying to download  the CPU ID  software to figure out what ram memory is in my computer in order to properly match with a new ram memory upgrade.

 

How to remove BearShare when it no longer is listed in my programs available to uninstall / remove , but apparently is still operating on the machine ?

 

The name disappeared from the list during my attempt to uninstall a few weeks ago .   

I  want BearShare completely removed from the machine.

 

 

 

 



#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:56 AM

Posted 12 March 2014 - 05:39 AM

 

2014-02-18 19:59 . 2014-02-18 19:59 -------- d-----w- c:\users\Bass301\AppData\Roaming\MusicNet
2014-02-18 19:57 . 2014-02-18 19:57 -------- d-----w- c:\program files (x86)\BearShare Applications

Do you have an idea what the folder marked in red contains or where it came from?


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 Bass1000

Bass1000
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 12 March 2014 - 06:01 AM

 

No ,  I have  no idea what the folder marked in red contains or where it came from.

BearShare is a music sharing website, and  the folder downloaded itself  at 19:59  two minutes after BearShare  of 19:57 , so  I assume MusicNet is part of the Bearshare download.



#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:56 AM

Posted 12 March 2014 - 06:03 AM

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 Bass1000

Bass1000
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 12 March 2014 - 06:16 AM

Should I delete these two folders first before  downloading the CFScript.txt file :

 

 c:\users\Bass301\AppData\Roaming\MusicNet
c:\program files (x86)\BearShare Applications
 
 
Is the CFScript.txt file available as an attachment on your posting without downloading it from the internet ?
 
Does "close all browsers"    mean disconnect  from  the internet   ?   I assume Google Chrome is a browser to turn off.


#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:56 AM

Posted 12 March 2014 - 06:31 AM

no, don´t delete anything.

The file is attached to my reply above so you have to save it to your machine first.

 

Close all browsers means that you have to close the browser programs - not to disconnect from the internet.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 Bass1000

Bass1000
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 12 March 2014 - 06:48 AM

I am confused.

 

After dropping CFScript.txt into ComboFix.exe   do I run a ComboFix scan ,  or do I run the Malwarebyte  Anti-Malware scan ? 

 

Clicking and dragging CFScript.txt into ComboFix has not  created a log to post as a reply.



#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:56 AM

Posted 12 March 2014 - 06:55 AM

You have to drag the text file into the combofix icon (the icon turns blue, then).

Combofix will run and produe a log.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#15 Bass1000

Bass1000
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:01:56 AM

Posted 12 March 2014 - 07:05 AM

How to Click and Drag the CFScript.txt icon to ComboFix.exe  cat icon  ?

 

When clicking and dragging the CFScript.txt icon ,  the entire box of both icons moves together and the file does not drop into the cat icon.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users