Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Ponmocup.AA trojan


  • This topic is locked This topic is locked
21 replies to this topic

#1 lizzardoni

lizzardoni

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:18 AM

Posted 10 April 2014 - 01:07 AM

Hello,

I am having problems with my pc.
My ESET NOD32 Antyvirus shows that in RAM memory rundll32.exe is infected with Win32/Ponmocup.AA trojan

 

I tried to remove the trojan with nod32, SpyHunter4 and Malwarebytes Anti-Malware but nothing seems to happened.

Spyhunter4 says that it has succefully removed around 160 infection from registry( sorry i don't have the list of the infections removed).

Please give me some help, thank you.

 

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16476  BrowserJavaVersion: 10.45.2
Run by Nikos at 7:59:34 on 2014-04-10
Microsoft Windows 7 Home Premium   6.1.7600.0.1253.30.1032.18.3950.1860 [GMT 3:00]
.
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Windows\system32\lxebcoms.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe
C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe
C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe
C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Apoint\Apvfb.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Program Files\Sony\VAIO Update\VUAgent.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Nikos\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files (x86)\Cobian Backup 11\Cobian.exe
C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.mycosmos.gr/mycosmos/login.aspx
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEE&bmod=SVEE
uProxyOverride = <local>;*.local
mWinlogon: Userinit = userinit.exe,
BHO: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Βοηθός εισόδου στο λογαριασμό Microsoft: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Lexmark Printable Web: {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
uRun: [AdobeBridge] <no file>
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [Lexmark Pro200-S500 Series] "C:\Program Files (x86)\Lexmark Pro200-S500 Series\fm3032.exe" /s
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Driver Genius] <no file>
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{94B113B0-D2D7-49FD-A797-97AFE4406C3F} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{94B113B0-D2D7-49FD-A797-97AFE4406C3F}\059647379647379616 : NameServer = 192.168.2.1
TCP: Interfaces\{94B113B0-D2D7-49FD-A797-97AFE4406C3F}\059647379647379616 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{94B113B0-D2D7-49FD-A797-97AFE4406C3F}\4586F6D637F6E6544414131343 : NameServer = 192.168.2.1
TCP: Interfaces\{94B113B0-D2D7-49FD-A797-97AFE4406C3F}\4586F6D637F6E6544414131343 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{94B113B0-D2D7-49FD-A797-97AFE4406C3F}\7596E64602759664960234C435733657 : NameServer = 192.168.2.1
TCP: Interfaces\{94B113B0-D2D7-49FD-A797-97AFE4406C3F}\7596E64602759664960234C435733657 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{94B113B0-D2D7-49FD-A797-97AFE4406C3F}\84F4C40214C4550275C414E4 : NameServer = 192.168.2.1
TCP: Interfaces\{94B113B0-D2D7-49FD-A797-97AFE4406C3F}\84F4C40214C4550275C414E4 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{94B113B0-D2D7-49FD-A797-97AFE4406C3F}\84F4D454359435B4 : NameServer = 192.168.2.1
TCP: Interfaces\{94B113B0-D2D7-49FD-A797-97AFE4406C3F}\84F4D454359435B4 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{94B113B0-D2D7-49FD-A797-97AFE4406C3F}\E45647641637475625029414440282053545E492 : NameServer = 192.168.2.1
TCP: Interfaces\{94B113B0-D2D7-49FD-A797-97AFE4406C3F}\E45647641637475625029414440282053545E492 : DHCPNameServer = 192.168.2.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
x64-Run: [Apoint] C:\Program Files (x86)\Apoint\Apoint.exe
x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [lxebmon.exe] "C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe"
x64-Run: [EzPrint] "C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe"
x64-Run: [RtHDVBg_Dolby] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE3
x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
x64-DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\u41gigb5.default\
FF - prefs.js: browser.startup.homepage - hxxp://spreadthelink.com/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Nikos\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\u41gigb5.default\extensions\2020Player_IKEA@2020Technologies.com\plugins\NP_2020Player_IKEA.dll
FF - plugin: C:\Users\Nikos\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Nikos\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 60f7eff70000000000000026c7f8e239
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15807
FF - user.js: extensions.delta.vrsn - 1.8.16.16
FF - user.js: extensions.delta.vrsni - 1.8.16.16
FF - user.js: extensions.delta.vrsnTs - 1.8.16.1616:09:32
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2013-3-22 678384]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2013-3-22 28656]
R2 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2010-12-21 170640]
R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2010-12-21 125296]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2010-12-6 19968]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-6-4 56344]
S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\System32\drivers\btwampfl.sys [2010-12-6 342056]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-12-6 39464]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-4-1 57856]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-10-14 158976]
S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-10-14 271872]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-5-31 7689216]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1"
FileExt: .ini: Applications\Dreamweaver.exe="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\dreamweaver.exe", "%1" [UserChoice]
FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2014-04-10 04:42:36    --------    d-----w-    C:\Program Files (x86)\Cobian Backup 11
2014-04-09 07:28:06    110080    ----a-r-    C:\Users\Nikos\AppData\Roaming\Microsoft\Installer\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}\IconF7A21AF7.exe
2014-04-09 07:28:06    110080    ----a-r-    C:\Users\Nikos\AppData\Roaming\Microsoft\Installer\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}\IconD7F16134.exe
2014-04-09 07:28:05    --------    d-----w-    C:\sh4ldr
2014-04-09 07:28:05    --------    d-----w-    C:\Program Files (x86)\Enigma Software Group
2014-04-09 07:26:53    --------    d-----w-    C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2014-04-08 18:03:07    --------    d-----w-    C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-04-08 18:02:59    --------    d-----w-    C:\Program Files (x86)\Common Files\Wise Installation Wizard
2014-04-06 19:56:50    119512    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-04-06 19:56:32    88280    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-04-06 19:56:32    63192    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-04-06 19:56:32    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-04-06 19:56:32    --------    d-----w-    C:\ProgramData\Malwarebytes
2014-04-06 19:56:32    --------    d-----w-    C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-06 18:02:02    374664    ----a-w-    C:\Windows\System32\drivers\netio.sys
2014-04-06 17:20:12    --------    d-----w-    C:\Users\Nikos\AppData\Local\ElevatedDiagnostics
2014-04-06 09:01:14    267264    --sha-r-    C:\Windows\SysWow64\RASMMJ.dll
2014-04-04 07:56:17    10521840    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{12400BCE-318D-4649-AA15-E03E33348AAC}\mpengine.dll
.
==================== Find3M  ====================
.
2014-03-12 12:58:18    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 12:58:18    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-06 14:12:01    164112    ----a-w-    C:\Windows\System32\olepro32.dll
2014-03-06 13:56:58    94208    ----a-w-    C:\Windows\System32\msstkprp.dll
2014-03-06 13:56:58    1388544    ----a-w-    C:\Windows\System32\msvbvm60.dll
2014-03-06 13:56:56    608448    ----a-w-    C:\Windows\System32\comctl32.ocx
2014-03-06 13:56:56    140488    ----a-w-    C:\Windows\System32\comdlg32.ocx
2014-02-21 09:41:17    108968    ----a-w-    C:\Windows\System32\WindowsAccessBridge-64.dll
2014-01-19 07:33:29    270496    ------w-    C:\Windows\System32\MpSigStub.exe
.
============= FINISH:  8:07:35,47 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:18 AM

Posted 10 April 2014 - 07:08 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

 

 

 

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please attach this file to your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 lizzardoni

lizzardoni
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:18 AM

Posted 10 April 2014 - 08:29 AM

hello Marius,

thank you for your quick response. My first language is not English too, so i try to explain as good as possible.

 

First of all i don't believe that me computer is clean. Nod32 keep telling me that my computer is infected.

 

I did the steps and the results are

1. from gmer i will upload the ark.txt (how to upload the file?

2. the tdsskiller came clean no virus found. (file 1.txt)



#4 lizzardoni

lizzardoni
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:18 AM

Posted 10 April 2014 - 08:30 AM

i attach the files now

Attached Files

  • Attached File  1.txt   103.95KB   3 downloads
  • Attached File  ark.txt   5.04KB   4 downloads


#5 lizzardoni

lizzardoni
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:18 AM

Posted 10 April 2014 - 08:38 AM

oops, i think i did something bad, i tried to run gmer again and my computer gave me a blue screen and then reboot. is it really bad? what did i do?

sorry....



#6 lizzardoni

lizzardoni
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:18 AM

Posted 10 April 2014 - 09:32 AM

something that i forgot to mention is that when the trojan appear the windows security center of my pc was disabled  and i cannot restore it.

 

Moreover when i tried to install microsoft security essentials or run the microsoft malicious software i couldn't run any of them.


Edited by lizzardoni, 10 April 2014 - 09:47 AM.


#7 lizzardoni

lizzardoni
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:18 AM

Posted 10 April 2014 - 11:10 AM

hi again,

 

just appeared this new virus.C:\Windows\SysWOW64\RASMMJ.dll  a variant of Win32/Ponmocup.IW trojan   

 

what should i do now?


Edited by lizzardoni, 10 April 2014 - 11:18 AM.


#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:18 AM

Posted 11 April 2014 - 08:08 AM

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 lizzardoni

lizzardoni
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:18 AM

Posted 11 April 2014 - 10:53 AM

hello thanks again for your help.

 

could you please tell how can i fully deactivate nod32? I disable antivirus and antispyware protection but combofix shows a message that nod32 still running. what should I do?

 

thank you!



#10 lizzardoni

lizzardoni
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:18 AM

Posted 13 April 2014 - 02:36 PM

hello again, i still haven't manage to run the combofix because i cannot fully disable the nod32. however, i noticed that my pc looks to be running normally now, but i cannot be sure.

 

please let me know what to do now.

 

thank you again for your help.



#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:18 AM

Posted 14 April 2014 - 08:11 AM

Disable the real time protection of NOD32 and run combofix.

If it is disbaled, ignore the message and proceed.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#12 lizzardoni

lizzardoni
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:18 AM

Posted 14 April 2014 - 08:54 AM

hello Marius,

 

thank you for your response. the results from combofix are the following:

 

please let me know what to do now.

 

Thank you!!

 

 

ComboFix 14-04-12.01 - Nikos 14/04/2014  16:37:48.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1253.30.1032.18.3950.2074 [GMT 3:00]
Running from: c:\users\Nikos\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\1719A569A8.sys
c:\programdata\SPL33AD.tmp
c:\windows\security\Database\tmp.edb
.
.
(((((((((((((((((((((((((   Files Created from 2014-03-14 to 2014-04-14  )))))))))))))))))))))))))))))))
.
.
2014-04-14 13:47 . 2014-04-14 13:47    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-04-13 06:14 . 2014-04-14 12:24    75888    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{AF8074DC-0A3C-4BC2-B56E-9179F388D214}\offreg.dll
2014-04-12 05:37 . 2014-03-07 04:43    10521840    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{AF8074DC-0A3C-4BC2-B56E-9179F388D214}\mpengine.dll
2014-04-10 04:42 . 2014-04-10 04:42    --------    d-----w-    c:\program files (x86)\Cobian Backup 11
2014-04-09 07:28 . 2014-04-09 07:28    110080    ----a-r-    c:\users\Nikos\AppData\Roaming\Microsoft\Installer\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}\IconF7A21AF7.exe
2014-04-09 07:28 . 2014-04-09 07:28    110080    ----a-r-    c:\users\Nikos\AppData\Roaming\Microsoft\Installer\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}\IconD7F16134.exe
2014-04-09 07:28 . 2014-04-09 07:28    --------    d-----w-    C:\sh4ldr
2014-04-09 07:28 . 2014-04-09 07:28    --------    d-----w-    c:\program files (x86)\Enigma Software Group
2014-04-09 07:26 . 2014-04-09 07:28    --------    d-----w-    c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2014-04-08 18:03 . 2014-04-09 06:25    --------    d-----w-    c:\windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-04-08 18:02 . 2014-04-09 07:26    --------    d-----w-    c:\program files (x86)\Common Files\Wise Installation Wizard
2014-04-06 19:56 . 2014-04-09 19:03    119512    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-06 19:56 . 2014-04-06 19:56    --------    d-----w-    c:\program files (x86)\Malwarebytes Anti-Malware
2014-04-06 19:56 . 2014-04-06 19:56    --------    d-----w-    c:\programdata\Malwarebytes
2014-04-06 19:56 . 2014-04-03 06:51    63192    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-04-06 19:56 . 2014-04-03 06:51    88280    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-04-06 19:56 . 2014-04-03 06:50    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-04-06 18:02 . 2010-04-09 11:06    374664    ----a-w-    c:\windows\system32\drivers\netio.sys
2014-04-06 17:20 . 2014-04-06 17:53    --------    d-----w-    c:\users\Nikos\AppData\Local\ElevatedDiagnostics
2014-04-06 09:01 . 2014-04-06 09:01    267264    --sha-r-    c:\windows\SysWow64\RASMMJ.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-14 07:27 . 2011-05-07 12:41    90655440    ----a-w-    c:\windows\system32\MRT.exe
2014-04-13 19:28 . 2012-04-12 15:49    692400    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-13 19:28 . 2011-09-11 12:30    70832    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-06 14:12 . 2014-03-06 14:12    164112    ----a-w-    c:\windows\system32\olepro32.dll
2014-03-06 13:56 . 2014-03-06 13:56    94208    ----a-w-    c:\windows\system32\msstkprp.dll
2014-03-06 13:56 . 2014-03-06 13:56    1388544    ----a-w-    c:\windows\system32\msvbvm60.dll
2014-03-06 13:56 . 2014-03-06 13:56    608448    ----a-w-    c:\windows\system32\comctl32.ocx
2014-03-06 13:56 . 2014-03-06 13:56    140488    ----a-w-    c:\windows\system32\comdlg32.ocx
2014-02-21 09:41 . 2014-02-21 09:41    108968    ----a-w-    c:\windows\system32\WindowsAccessBridge-64.dll
2014-02-21 09:41 . 2014-02-21 09:41    312744    ----a-w-    c:\windows\system32\javaws.exe
2014-02-21 09:41 . 2013-09-19 10:13    189352    ----a-w-    c:\windows\system32\javaw.exe
2014-02-21 09:41 . 2013-09-19 10:13    189352    ----a-w-    c:\windows\system32\java.exe
2014-01-19 07:33 . 2011-05-08 01:45    270496    ------w-    c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-04-01 09:18    220632    ----a-w-    c:\users\Nikos\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-04-01 09:18    220632    ----a-w-    c:\users\Nikos\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-04-01 09:18    220632    ----a-w-    c:\users\Nikos\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-05-31 673136]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-06-01 600928]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-20 102400]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Lexmark Pro200-S500 Series"="c:\program files (x86)\Lexmark Pro200-S500 Series\fm3032.exe" [2011-01-23 316072]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-9 1128224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 5 (0x5)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 ADExchange;ArcSoft Exchange Service;c:\program files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe;c:\program files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 lxebCATSCustConnectService;lxebCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxebserv.exe;c:\windows\SYSNATIVE\spool\DRIVERS\x64\3\\lxebserv.exe [x]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE;c:\progra~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtpt64.sys;c:\windows\SYSNATIVE\DRIVERS\lgbtpt64.sys [x]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbs64.sys;c:\windows\SYSNATIVE\DRIVERS\lgbtbs64.sys [x]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmdm64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvmdm64.sys [x]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [x]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [x]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x]
R3 WatAdminSvc;Υπηρεσία Τεχνολογιών ενεργοποίησης των Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe;c:\program files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 lxeb_device;lxeb_device;c:\windows\system32\lxebcoms.exe;c:\windows\SYSNATIVE\lxebcoms.exe [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [x]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys;c:\windows\SYSNATIVE\DRIVERS\rimspe64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys;c:\windows\SYSNATIVE\drivers\risdsne64.sys [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe;c:\program files\Sony\VAIO Smart Network\VSNService.exe [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys;c:\windows\SYSNATIVE\drivers\HECIx64.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys;c:\windows\SYSNATIVE\drivers\SFEP.sys [x]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe;c:\program files\Sony\VAIO Update\VUAgent.exe [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-11 20:31    1077576    ----a-w-    c:\program files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 19:28]
.
2014-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-06 09:00]
.
2014-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-06 09:00]
.
2014-04-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2730824447-2197223683-4253413979-1000Core.job
- c:\users\Nikos\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-16 07:10]
.
2014-04-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2730824447-2197223683-4253413979-1000UA.job
- c:\users\Nikos\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-16 07:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-04-01 09:18    244696    ----a-w-    c:\users\Nikos\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-04-01 09:18    244696    ----a-w-    c:\users\Nikos\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-04-01 09:18    244696    ----a-w-    c:\users\Nikos\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-07-04 13631704]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2013-07-04 1321176]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2918656]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"lxebmon.exe"="c:\program files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe" [2011-01-23 770728]
"EzPrint"="c:\program files (x86)\Lexmark Pro200-S500 Series\ezprint.exe" [2011-01-23 148280]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2013-07-04 1321176]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2013-03-22 36352]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.mycosmos.gr/mycosmos/login.aspx
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{94B113B0-D2D7-49FD-A797-97AFE4406C3F}\059647379647379616: NameServer = 192.168.2.1
TCP: Interfaces\{94B113B0-D2D7-49FD-A797-97AFE4406C3F}\4586F6D637F6E6544414131343: NameServer = 192.168.2.1
TCP: Interfaces\{94B113B0-D2D7-49FD-A797-97AFE4406C3F}\7596E64602759664960234C435733657: NameServer = 192.168.2.1
TCP: Interfaces\{94B113B0-D2D7-49FD-A797-97AFE4406C3F}\84F4C40214C4550275C414E4: NameServer = 192.168.2.1
TCP: Interfaces\{94B113B0-D2D7-49FD-A797-97AFE4406C3F}\84F4D454359435B4: NameServer = 192.168.2.1
TCP: Interfaces\{94B113B0-D2D7-49FD-A797-97AFE4406C3F}\E45647641637475625029414440282053545E492: NameServer = 192.168.2.1
FF - ProfilePath - c:\users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\u41gigb5.default\
FF - prefs.js: browser.startup.homepage - hxxp://spreadthelink.com/
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 60f7eff70000000000000026c7f8e239
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15807
FF - user.js: extensions.delta.vrsn - 1.8.16.16
FF - user.js: extensions.delta.vrsni - 1.8.16.16
FF - user.js: extensions.delta.vrsnTs - 1.8.16.1616:09
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-GoogleDriveSync - c:\program files (x86)\Google\Drive\googledrivesync.exe
Wow6432Node-HKCU-Run-Boxoft Tools - c:\programdata\Boxtools\Boxofttoolbox.exe
Wow6432Node-HKLM-Run-B2C_AGENT - c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
Wow6432Node-HKLM-Run-Driver Genius - (no file)
HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe
AddRemove-InstallShield_{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3} - c:\program files (x86)\InstallShield Installation Information\{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2730824447-2197223683-4253413979-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2730824447-2197223683-4253413979-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (S-1-5-21-2730824447-2197223683-4253413979-1000)
@Denied: (2) (LocalSystem)
"Progid"="Outlook.File.vcf"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
@SACL=
"AppDataDir"="c:\\ProgramData\\ESET\\ESET NOD32 Antivirus\\"
"DataDir"="ESET\\ESET NOD32 Antivirus\\"
"EditionName"=" "
"InstallDir"="c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\"
"LanguageId"=dword:00000409
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000000
"ProductCode"="{50E9E32F-063A-412A-9627-553D5DA57C17}"
"ProductName"="ESET NOD32 Antivirus"
"ProductType"="eav"
"ProductVersion"="4.2.71.2"
"UniqueId"="000378D74DC5EE67"
"ScannerBuild"=dword:00002401
"ScannerVersionId"=dword:000017d7
"ScannerVersion"="Locked/open ESET for status."
"FixId"=dword:00000007
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-04-14  16:52:03
ComboFix-quarantined-files.txt  2014-04-14 13:52
.
Pre-Run: 20 Κατάλογοι 115.114.471.424 διαθέσιμα byte
Post-Run: 25 Κατάλογοι 115.007.725.568 διαθέσιμα byte
.
- - End Of File - - 1B26D135DD2B2F719E6EDDDC4EC90DF6
A36C5E4F47E84449FF07ED3517B43A31
 



#13 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:18 AM

Posted 14 April 2014 - 08:57 AM

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:

    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

  • Click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#14 lizzardoni

lizzardoni
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:18 AM

Posted 14 April 2014 - 09:21 AM

hello again

 

the results from the Malwarebytes Anti-Malware are the following.

 

the scan from ESET online scanner came clean. no virus detected.

 

So what should I do now? is my laptop clean?

 

Thanks in advance for your response.

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 14/4/2014
Scan Time: 5:18:54 μμ
Logfile: 1.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.14.05
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 7
CPU: x64
File System: NTFS
User: Nikos

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 277937
Time Elapsed: 18 min, 5 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 20
PUP.Optional.Delta.A, C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\u41gigb5.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.admin", false);), Replaced,[43faca60fe7dc76ff2bd3517e024f20e]
PUP.Optional.Delta.A, C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\u41gigb5.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.aflt", "babsst");), Replaced,[4eef8aa0007b7bbb664981cb9e665fa1]
PUP.Optional.Delta.A, C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\u41gigb5.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");), Replaced,[bf7e2a000b703006cce303498d77df21]
PUP.Optional.Delta.A, C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\u41gigb5.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.autoRvrt", "false");), Replaced,[fa43101a15662d091798371510f43bc5]
PUP.Optional.Delta.A, C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\u41gigb5.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.dfltLng", "en");), Replaced,[4cf1d25880fb0630753a1e2ecb39758b]
PUP.Optional.Delta.A, C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\u41gigb5.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.excTlbr", false);), Replaced,[a19c072383f838fe307f28241ee6966a]
PUP.Optional.Delta.A, C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\u41gigb5.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.ffxUnstlRst", true);), Replaced,[89b41515265585b12c831a32b54f728e]
PUP.Optional.Delta.A, C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\u41gigb5.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.id", "60f7eff70000000000000026c7f8e239");), Replaced,[9da0a288c2b9191dd3dc61eb3bc9768a]
PUP.Optional.Delta.A, C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\u41gigb5.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.instlDay", "15807");), Replaced,[48f53af096e5d95da10e76d6ad5703fd]
PUP.Optional.Delta.A, C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\u41gigb5.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.instlRef", "sst");), Replaced,[74c967c31962bf77a40b0844cd37a060]
PUP.Optional.Delta.A, C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\u41gigb5.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.newTab", false);), Replaced,[7cc1b179cdae1e182689cd7f6c9857a9]
PUP.Optional.Delta.A, C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\u41gigb5.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.prdct", "delta");), Replaced,[4eef7ab08cefe551e9c687c5e024af51]
PUP.Optional.Delta.A, C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\u41gigb5.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.prtnrId", "delta");), Replaced,[ab921f0bde9d3105bff056f6dd27d62a]
PUP.Optional.Delta.A, C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\u41gigb5.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.rvrt", "false");), Replaced,[44f98d9d6714ac8a36795cf00afa43bd]
PUP.Optional.Delta.A, C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\u41gigb5.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.smplGrp", "none");), Replaced,[9aa35dcd15661a1c8b2405478480fc04]
PUP.Optional.Delta.A, C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\u41gigb5.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.tlbrId", "base");), Replaced,[72cb4fdbbcbfb581d7d8d676ed1733cd]
PUP.Optional.Delta.A, C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\u41gigb5.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.tlbrSrchUrl", "");), Replaced,[a89586a4f289f93d9b14bb91bb49d927]
PUP.Optional.Delta.A, C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\u41gigb5.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.vrsn", "1.8.16.16");), Replaced,[27166bbfd0abcf6700af4606ba4a31cf]
PUP.Optional.Delta.A, C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\u41gigb5.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.vrsnTs", "1.8.16.1616:09:32");), Replaced,[102da6844e2dbb7b2f80f05c887cc040]
PUP.Optional.Delta.A, C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\u41gigb5.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.vrsni", "1.8.16.16");), Replaced,[d964af7bcab1a78f3d7256f657ad9769]

Physical Sectors: 0
(No malicious items detected)


(end)


Edited by lizzardoni, 14 April 2014 - 11:13 AM.


#15 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:18 AM

Posted 15 April 2014 - 06:12 AM

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also




Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.




SecurityCheck

Reboot your system before starting!

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users