Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TrojanHunter found trojans Anock.552, Bancos.1285 and AgentZ.2056


  • This topic is locked This topic is locked
14 replies to this topic

#1 ShorterSixthEdition

ShorterSixthEdition

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 05 May 2014 - 07:19 AM

I ran TrojanHunter on my Acer Aspire mini-laptop/notebook(unsure what it is in English) and it found three trojans Anock.552, Bancos.1285 and AgentZ.2056 in the following locations:

 

C:\OEM\Preload\Autorun\DRV\Realtek Audio Codec ALC271X_VB3\Vista\FMAPP.exe (Anock.552)

C:\Program Files\Evernote\Evernote\icudt.dll (Bancos.1285)

C:\Program FIles\Realtek\Audio\HDA\FMAPP.exe (Anock.552)

C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\acrobatupdater.exe (AgentZ.2056)

C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\readerupdater.exe (AgentZ.2056)

C:\Windows\System32\DriverStore\FileRepository\hdart.inf_x86_neutral_3d2a5e7e35144e9f\FMAPP.exe (Anock.552)

 

As TrojanHunter's trial version doesn't actually remove these trojans, I need a little help with the removal. Any assistance is greatly appreciated, since this is my only working computer now that my desktop computer is in it's death-throes.

 

I regularly scan my computer with Malwarebytes Anti-Malware and use F-Secure Anti-Virus for general protection, neither of which have reported anything out of the ordinary. The only weird thing I've noticed is that the Action Center occasionally says that virus protection programs are turned off. In these situations F-Secure still seems to be working, but Windows Defender reports that it's operation was interrupted. Usually rebooting fixes this. From what I've googled of the issue, it seems to be an Action Center-specific problem, but I included it in here just in case.

 

Here is the DDS log:

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17041
Run by Ananas-Aino at 21:48:18 on 2014-05-04
Microsoft Windows 7 Starter   6.1.7601.1.1252.358.1033.18.1012.89 [GMT 3:00]
.
AV: F-Secure Client Security 9.32 *Enabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
SP: F-Secure Client Security 9.32 *Enabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: F-Secure Client Security 9.32 *Enabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files\Launch Manager\LMworker.exe
C:\Program Files\Launch Manager\LMutilps32.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Device Control\fsdevcon32.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\Acer\Registration\GREGsvc.exe
C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files\F-Secure\Common\FSHDLL32.EXE
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\F-Secure\common\FSM32.EXE
C:\Program Files\TrojanHunter 5.5\THGuard.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\F-Secure\ORSP Client\fsorsp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\EgisTec IPS\PMMUpdate.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\EgisTec IPS\EgisUpdate.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://acer.msn.com
uDefault_Page_URL = hxxp://acer.msn.com
BHO: Browsing Protection Class: {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - c:\program files\f-secure\nrs\iescript\baselitmus.dll
TB: Browsing Protection Toolbar: {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - c:\program files\f-secure\nrs\iescript\baselitmus.dll
mRun: [SuiteTray] "c:\program files\egistec mywinlockersuite\x86\SuiteTray.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [GfxServiceInstall] c:\windows\system32\GfxCUIServiceInstall.vbs
mRun: [LManager] c:\program files\launch manager\LManager.exe
mRun: [ETDCtrl] c:\program files\elantech\ETDCtrl.exe
mRun: [RTHDVCPL] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [Power Management] c:\program files\acer\acer epower management\ePowerTray.exe
mRun: [F-Secure Manager] "c:\program files\f-secure\common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "c:\program files\f-secure\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW
mRun: [THGuard] "c:\program files\trojanhunter 5.5\THGuard.exe"
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: V&ie Microsoft Exceliin - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\program files\evernote\evernote\EvernoteIE.dll/204
TCP: NameServer = 62.241.198.245 62.241.198.246
TCP: Interfaces\{4038ED60-DB01-444C-B187-E8CAF267A0D5} : DHCPNameServer = 62.241.198.245 62.241.198.246
TCP: Interfaces\{859BEB59-E46F-4016-857F-05CCCD7A3DD0} : DHCPNameServer = 62.241.198.245 62.241.198.246
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\acer\acer vcm\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ananas-aino\appdata\roaming\mozilla\firefox\profiles\tb2p204u.default\
FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.50401.0\npctrlui.dll
FF - plugin: c:\program files\wildtangent games\app\browserintegration\registered\0\NP_wtapp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_13_0_0_206.dll
.
============= SERVICES / DRIVERS ===============
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2014-1-15 44240]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\f-secure\hips\drivers\fshs.sys [2014-1-15 71664]
R1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2014-1-15 36976]
R1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2014-1-15 72688]
R1 fsvista;F-Secure Vista Support Driver;c:\program files\f-secure\anti-virus\minifilter\fsvista.sys [2014-1-15 13552]
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [2012-3-19 21600]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [2012-3-19 16936]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [2012-3-19 62240]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [2012-3-19 116008]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\f-secure\anti-virus\minifilter\fsgk.sys [2014-1-15 145856]
R3 igddim32;igddim32;c:\windows\system32\drivers\igddim32.sys [2012-3-19 1344512]
R3 igdkmd32;igdkmd32;c:\windows\system32\drivers\igdkmd32.sys [2012-3-19 419328]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2012-3-19 278528]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf_x86.sys [2013-12-6 16024]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\drivers\RtsPStor.sys [2014-1-15 254056]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2012-3-19 490088]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2009-12-2 550760]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2009-12-2 195944]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2009-12-2 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2009-12-2 19304]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 cleanhlp;cleanhlp;c:\eek\run\cleanhlp32.sys [2014-4-24 50200]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2014-1-18 14848]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2014-4-26 49152]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2014-1-18 27136]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\f-secure\anti-virus\win2k\fsfilter.sys [2014-1-15 41072]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\f-secure\anti-virus\win2k\fsrec.sys [2014-1-15 26352]
.
=============== Created Last 30 ================
.
2014-05-04 17:37:26    62576    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{a9782750-4dee-4fba-88da-a14c86969802}\offreg.dll
2014-05-04 17:21:01    8050496    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{a9782750-4dee-4fba-88da-a14c86969802}\mpengine.dll
2014-05-04 17:20:04    46704    ----a-w-    c:\program files\mozilla firefox\browser\components\browsercomps.dll
2014-05-04 17:19:58    965232    ----a-w-    c:\program files\mozilla firefox\icuuc52.dll
2014-05-04 17:19:58    1266800    ----a-w-    c:\program files\mozilla firefox\icuin52.dll
2014-05-04 17:19:58    10594416    ----a-w-    c:\program files\mozilla firefox\icudt52.dll
2014-04-29 20:05:57    --------    d-----w-    c:\users\ananas-aino\appdata\roaming\TrojanHunter
2014-04-28 20:48:24    --------    d-----w-    c:\programdata\TrojanHunter
2014-04-28 20:47:54    --------    d-----w-    c:\program files\TrojanHunter 5.5
2014-04-27 19:28:39    --------    d-----w-    c:\programdata\BlueStacks
2014-04-27 19:27:18    --------    d-----w-    c:\users\ananas-aino\appdata\roaming\WildTangent
2014-04-26 15:46:57    5694464    ----a-w-    c:\windows\system32\mstscax.dll
2014-04-26 09:46:34    --------    d-s---w-    c:\windows\system32\CompatTel
2014-04-26 09:43:22    32256    ----a-w-    c:\windows\system32\TsUsbGDCoInstaller.dll
2014-04-26 09:43:14    12800    ----a-w-    c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-04-26 09:43:08    49152    ----a-w-    c:\windows\system32\drivers\TsUsbFlt.sys
2014-04-26 09:43:01    53248    ----a-w-    c:\windows\system32\tsgqec.dll
2014-04-26 09:43:01    50176    ----a-w-    c:\windows\system32\MsRdpWebAccess.dll
2014-04-26 09:43:01    17920    ----a-w-    c:\windows\system32\wksprtPS.dll
2014-04-26 09:43:01    14336    ----a-w-    c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-04-26 09:43:00    855552    ----a-w-    c:\windows\system32\rdvidcrl.dll
2014-04-26 09:43:00    76288    ----a-w-    c:\windows\system32\TSWbPrxy.exe
2014-04-26 09:43:00    350208    ----a-w-    c:\windows\system32\wksprt.exe
2014-04-26 09:42:59    1068544    ----a-w-    c:\windows\system32\mstsc.exe
2014-04-26 09:41:35    792576    ----a-w-    c:\windows\system32\TSWorkspace.dll
2014-04-26 09:40:09    361984    ----a-w-    c:\windows\system32\aepdu.dll
2014-04-26 09:39:56    302592    ----a-w-    c:\windows\system32\aeinv.dll
2014-04-24 20:16:43    --------    d-----w-    C:\EEK
2014-04-24 20:04:51    --------    d-----w-    c:\users\ananas-aino\appdata\roaming\IrfanView
2014-04-24 20:04:47    --------    d-----w-    c:\program files\IrfanView
2014-04-24 20:02:32    --------    d-----w-    c:\users\ananas-aino\appdata\local\Secunia PSI
2014-04-24 20:02:18    --------    d-----w-    c:\program files\Secunia
2014-04-24 19:25:45    --------    d--h--w-    c:\programdata\Common Files
2014-04-24 19:25:45    --------    d-----w-    c:\users\ananas-aino\appdata\local\MFAData
2014-04-24 19:25:45    --------    d-----w-    c:\programdata\MFAData
2014-04-24 19:22:09    70832    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-24 19:22:09    692400    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-04-14 05:08:06    455168    ----a-w-    c:\windows\system32\vbscript.dll
2014-04-14 05:08:05    257536    ----a-w-    c:\program files\internet explorer\IEShims.dll
2014-04-14 05:08:03    235216    ----a-w-    c:\program files\internet explorer\sqmapi.dll
2014-04-14 05:08:00    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2014-04-09 18:04:23    27072    ----a-w-    c:\windows\system32\drivers\Diskdump.sys
2014-04-09 18:04:23    234432    ----a-w-    c:\windows\system32\drivers\msiscsi.sys
2014-04-09 18:04:23    149440    ----a-w-    c:\windows\system32\drivers\storport.sys
2014-04-09 18:04:20    2048    ----a-w-    c:\windows\system32\iologmsg.dll
2014-04-09 18:03:41    1212352    ----a-w-    c:\windows\system32\drivers\ntfs.sys
2014-04-06 18:55:00    33104    ----a-w-    c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
2014-04-06 18:54:59    32592    ----a-w-    c:\windows\system32\msonpmon.dll
2014-04-06 18:42:39    --------    d-----w-    c:\program files\Microsoft Visual Studio 8
2014-04-06 18:40:34    --------    d-----w-    c:\windows\SHELLNEW
2014-04-06 18:39:54    --------    d-----w-    c:\users\ananas-aino\appdata\local\Microsoft Help
.
==================== Find3M  ====================
.
2014-03-31 06:35:10    231584    ------w-    c:\windows\system32\MpSigStub.exe
2014-03-06 08:31:27    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2014-03-06 08:02:34    61952    ----a-w-    c:\windows\system32\iesetup.dll
2014-03-06 08:01:01    51200    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2014-03-06 07:46:36    4254720    ----a-w-    c:\windows\system32\jscript9.dll
2014-03-06 07:38:13    112128    ----a-w-    c:\windows\system32\ieUnatt.exe
2014-03-06 07:38:10    108032    ----a-w-    c:\windows\system32\ieetwcollector.exe
2014-03-06 07:36:40    592896    ----a-w-    c:\windows\system32\jscript9diag.dll
2014-03-06 07:28:01    646144    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-06 07:13:43    32256    ----a-w-    c:\windows\system32\JavaScriptCollectionAgent.dll
2014-03-06 06:40:39    1967104    ----a-w-    c:\windows\system32\inetcpl.cpl
2014-03-06 05:41:49    1789440    ----a-w-    c:\windows\system32\wininet.dll
2014-02-07 01:07:56    2349056    ----a-w-    c:\windows\system32\win32k.sys
2014-02-04 02:04:22    1230336    ----a-w-    c:\windows\system32\WindowsCodecs.dll
2014-02-04 02:04:11    509440    ----a-w-    c:\windows\system32\qedit.dll
.
============= FINISH: 21:51:14,15 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:26 AM

Posted 08 May 2014 - 06:07 PM

Hello and welcome to BleepingComputer! 
 
 
 
I am Elle and I will be helping you out with your problem. Firstly, you should know that we are working with specific tools which are used to identify the possible threats present on your system so I will analyze the results they produce. 
 
 
As a start we need to have some more up-to-date logs than the ones you have already provided. The current state of the files on your system might have changed so we need to get a clear look on that aspect. DO NOT bring any changes to the system except the ones I tell you to as that may produce more damage than helping us. 
 
If you will encounter a delay of over 2 days from me, please don't hesitate and private message me (link in the signature). 
Do not forget to check your topic periodically and subscribe to it so that you can receive notifications regarding my replies.
 
 
 
Please generate other DDS logs (download it from here if you haven't already) and post them in your next reply along with other changes that may have occured since you last posted.
Also download and run GMER from this link: GMER download link.
 
 
 
Thank you very much for your patience. 
 
 
 
 
Regards,
 
Elle

Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#3 ShorterSixthEdition

ShorterSixthEdition
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 09 May 2014 - 03:49 PM

Hi and thanks for replying.

 

I ran the programs as you instructed, but I had problems with running the GMER scan. First time I tried it just suddenly stopped working. I tried to run it again and this time it crashed the whole computer, blue screen and all. I didn't get a good look at the error message (it went by so fast), but it reported that pwloqpoc.sys caused the crash, which I gather is GMER. I managed to run GMER in safe mode, but I don't know how useful that log would be.

 

However, here are the DDS logs and the GMER log I managed to get:

 

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-05-09 22:47:28
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.GN00 298,09GB
Running: gmer.exe; Driver: C:\Users\ANANAS~1\AppData\Local\Temp\pwloqpoc.sys


---- Kernel code sections - GMER 2.1 ----

.text  ntkrnlpa.exe!ZwRollbackEnlistment + 142D                                  81C5AA15 1 Byte  [06]
.text  ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                    81C94212 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\WmiApRpl\Performance@Last Counter  9092
Reg    HKLM\SYSTEM\CurrentControlSet\services\WmiApRpl\Performance@Last Help     9093
Reg    HKLM\SYSTEM\CurrentControlSet\services\WmiApRpl\Performance@Object List   8914 8920 8932 8942 8952 8972 9016 9026 9064 9070 9086

---- EOF - GMER 2.1 ----

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17041
Run by Ananas-Aino at 21:43:43 on 2014-05-09
Microsoft Windows 7 Starter   6.1.7601.1.1252.358.1033.18.1012.121 [GMT 3:00]
.
AV: F-Secure Client Security 9.32 *Enabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
SP: F-Secure Client Security 9.32 *Enabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: F-Secure Client Security 9.32 *Enabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files\Launch Manager\LMworker.exe
C:\Program Files\Launch Manager\LMutilps32.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Device Control\fsdevcon32.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\Acer\Registration\GREGsvc.exe
C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files\F-Secure\Common\FSHDLL32.EXE
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\F-Secure\common\FSM32.EXE
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\TrojanHunter 5.5\THGuard.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\ORSP Client\fsorsp.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\Secunia\PSI\sua.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\EgisTec IPS\PMMUpdate.exe
C:\Program Files\EgisTec IPS\EgisUpdate.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://acer.msn.com
uDefault_Page_URL = hxxp://acer.msn.com
BHO: Browsing Protection Class: {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - c:\program files\f-secure\nrs\iescript\baselitmus.dll
TB: Browsing Protection Toolbar: {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - c:\program files\f-secure\nrs\iescript\baselitmus.dll
mRun: [SuiteTray] "c:\program files\egistec mywinlockersuite\x86\SuiteTray.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [GfxServiceInstall] c:\windows\system32\GfxCUIServiceInstall.vbs
mRun: [LManager] c:\program files\launch manager\LManager.exe
mRun: [ETDCtrl] c:\program files\elantech\ETDCtrl.exe
mRun: [RTHDVCPL] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [Power Management] c:\program files\acer\acer epower management\ePowerTray.exe
mRun: [F-Secure Manager] "c:\program files\f-secure\common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "c:\program files\f-secure\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW
mRun: [THGuard] "c:\program files\trojanhunter 5.5\THGuard.exe"
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: V&ie Microsoft Exceliin - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\program files\evernote\evernote\EvernoteIE.dll/204
TCP: NameServer = 62.241.198.245 62.241.198.246
TCP: Interfaces\{4038ED60-DB01-444C-B187-E8CAF267A0D5} : DHCPNameServer = 62.241.198.245 62.241.198.246
TCP: Interfaces\{859BEB59-E46F-4016-857F-05CCCD7A3DD0} : DHCPNameServer = 62.241.198.245 62.241.198.246
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\acer\acer vcm\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ananas-aino\appdata\roaming\mozilla\firefox\profiles\tb2p204u.default\
FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.50401.0\npctrlui.dll
FF - plugin: c:\program files\wildtangent games\app\browserintegration\registered\0\NP_wtapp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_13_0_0_206.dll
.
============= SERVICES / DRIVERS ===============
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2014-1-15 44240]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\f-secure\hips\drivers\fshs.sys [2014-1-15 71664]
R1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2014-1-15 36976]
R1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2014-1-15 72688]
R1 fsvista;F-Secure Vista Support Driver;c:\program files\f-secure\anti-virus\minifilter\fsvista.sys [2014-1-15 13552]
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [2012-3-19 21600]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [2012-3-19 16936]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [2012-3-19 62240]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-2-28 821664]
R2 DsiWMIService;Dritek WMI Service;c:\program files\launch manager\dsiwmis.exe [2012-3-19 353360]
R2 ePowerSvc;ePower Service;c:\program files\acer\acer epower management\ePowerSvc.exe [2014-1-16 738688]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program files\f-secure\anti-virus\fsgk32st.exe [2014-1-15 220912]
R2 fsdevcon;F-Secure Device Control Daemon;c:\program files\f-secure\device control\fsdevcon32.exe [2014-1-15 403184]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [2012-3-19 116008]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\f-secure\anti-virus\minifilter\fsgk.sys [2014-1-15 145856]
R3 F-Secure Network Request Broker;F-Secure Network Request Broker;c:\program files\f-secure\common\FNRB32.exe [2014-1-15 188144]
R3 igddim32;igddim32;c:\windows\system32\drivers\igddim32.sys [2012-3-19 1344512]
R3 igdkmd32;igdkmd32;c:\windows\system32\drivers\igdkmd32.sys [2012-3-19 419328]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2012-3-19 278528]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf_x86.sys [2013-12-6 16024]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\drivers\RtsPStor.sys [2014-1-15 254056]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2012-3-19 490088]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2009-12-2 550760]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2009-12-2 195944]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2009-12-2 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2009-12-2 19304]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 cleanhlp;cleanhlp;c:\eek\run\cleanhlp32.sys [2014-4-24 50200]
S3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files\common files\egistec\services\EgisTicketService.exe [2011-6-21 173424]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2014-1-18 14848]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2014-4-26 49152]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2014-1-18 27136]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\f-secure\anti-virus\win2k\fsfilter.sys [2014-1-15 41072]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\f-secure\anti-virus\win2k\fsrec.sys [2014-1-15 26352]
.
=============== Created Last 30 ================
.
2014-05-09 10:39:23    8050496    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{d4d85104-aa51-4245-bf60-2ec0b7b1dba4}\mpengine.dll
2014-05-04 17:29:30    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2014-05-04 17:20:04    46704    ----a-w-    c:\program files\mozilla firefox\browser\components\browsercomps.dll
2014-05-04 17:19:58    965232    ----a-w-    c:\program files\mozilla firefox\icuuc52.dll
2014-05-04 17:19:58    1266800    ----a-w-    c:\program files\mozilla firefox\icuin52.dll
2014-05-04 17:19:58    10594416    ----a-w-    c:\program files\mozilla firefox\icudt52.dll
2014-04-29 20:05:57    --------    d-----w-    c:\users\ananas-aino\appdata\roaming\TrojanHunter
2014-04-28 20:48:24    --------    d-----w-    c:\programdata\TrojanHunter
2014-04-28 20:47:54    --------    d-----w-    c:\program files\TrojanHunter 5.5
2014-04-27 19:28:39    --------    d-----w-    c:\programdata\BlueStacks
2014-04-27 19:27:18    --------    d-----w-    c:\users\ananas-aino\appdata\roaming\WildTangent
2014-04-26 15:46:57    5694464    ----a-w-    c:\windows\system32\mstscax.dll
2014-04-26 09:46:34    --------    d-s---w-    c:\windows\system32\CompatTel
2014-04-26 09:43:22    32256    ----a-w-    c:\windows\system32\TsUsbGDCoInstaller.dll
2014-04-26 09:43:14    12800    ----a-w-    c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-04-26 09:43:08    49152    ----a-w-    c:\windows\system32\drivers\TsUsbFlt.sys
2014-04-26 09:43:01    53248    ----a-w-    c:\windows\system32\tsgqec.dll
2014-04-26 09:43:01    50176    ----a-w-    c:\windows\system32\MsRdpWebAccess.dll
2014-04-26 09:43:01    17920    ----a-w-    c:\windows\system32\wksprtPS.dll
2014-04-26 09:43:01    14336    ----a-w-    c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-04-26 09:43:00    855552    ----a-w-    c:\windows\system32\rdvidcrl.dll
2014-04-26 09:43:00    76288    ----a-w-    c:\windows\system32\TSWbPrxy.exe
2014-04-26 09:43:00    350208    ----a-w-    c:\windows\system32\wksprt.exe
2014-04-26 09:42:59    1068544    ----a-w-    c:\windows\system32\mstsc.exe
2014-04-26 09:41:35    792576    ----a-w-    c:\windows\system32\TSWorkspace.dll
2014-04-26 09:40:09    361984    ----a-w-    c:\windows\system32\aepdu.dll
2014-04-26 09:39:56    302592    ----a-w-    c:\windows\system32\aeinv.dll
2014-04-24 20:16:43    --------    d-----w-    C:\EEK
2014-04-24 20:04:51    --------    d-----w-    c:\users\ananas-aino\appdata\roaming\IrfanView
2014-04-24 20:04:47    --------    d-----w-    c:\program files\IrfanView
2014-04-24 20:02:32    --------    d-----w-    c:\users\ananas-aino\appdata\local\Secunia PSI
2014-04-24 20:02:18    --------    d-----w-    c:\program files\Secunia
2014-04-24 19:25:45    --------    d--h--w-    c:\programdata\Common Files
2014-04-24 19:25:45    --------    d-----w-    c:\users\ananas-aino\appdata\local\MFAData
2014-04-24 19:25:45    --------    d-----w-    c:\programdata\MFAData
2014-04-24 19:22:09    70832    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-24 19:22:09    692400    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-04-14 05:08:06    455168    ----a-w-    c:\windows\system32\vbscript.dll
2014-04-14 05:08:05    257536    ----a-w-    c:\program files\internet explorer\IEShims.dll
2014-04-14 05:08:03    235216    ----a-w-    c:\program files\internet explorer\sqmapi.dll
.
==================== Find3M  ====================
.
2014-03-31 06:35:10    231584    ------w-    c:\windows\system32\MpSigStub.exe
2014-03-06 08:31:27    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2014-03-06 08:02:34    61952    ----a-w-    c:\windows\system32\iesetup.dll
2014-03-06 08:01:01    51200    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2014-03-06 07:46:36    4254720    ----a-w-    c:\windows\system32\jscript9.dll
2014-03-06 07:38:13    112128    ----a-w-    c:\windows\system32\ieUnatt.exe
2014-03-06 07:38:10    108032    ----a-w-    c:\windows\system32\ieetwcollector.exe
2014-03-06 07:36:40    592896    ----a-w-    c:\windows\system32\jscript9diag.dll
2014-03-06 07:28:01    646144    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-06 07:13:43    32256    ----a-w-    c:\windows\system32\JavaScriptCollectionAgent.dll
2014-03-06 06:40:39    1967104    ----a-w-    c:\windows\system32\inetcpl.cpl
2014-03-06 05:41:49    1789440    ----a-w-    c:\windows\system32\wininet.dll
.
============= FINISH: 21:46:27,11 ===============
 

 

DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Starter
Boot Device: \Device\HarddiskVolume2
Install Date: 15.1.2014 13:53:07
System Uptime: 9.5.2014 21:18:57 (0 hours ago)
.
Motherboard: Acer |  | JE01_CT
Processor: Intel® Atom™ CPU N2600   @ 1.60GHz | CPU | 1600/400mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 285 GiB total, 247,381 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP36: 2.4.2014 20:42:23 - Windows Update
RP38: 6.4.2014 21:35:46 - Installed Microsoft Office Enterprise 2007
RP39: 8.4.2014 23:39:37 - Windows Update
RP40: 10.4.2014 3:00:34 - Windows Update
RP41: 14.4.2014 8:06:34 - Windows Update
RP42: 21.4.2014 19:45:49 - Windows Update
RP43: 25.4.2014 20:45:19 - Windows Update
RP44: 26.4.2014 12:42:08 - Windows Update
RP45: 26.4.2014 14:07:43 - Installed Microsoft Fix it 50123
RP46: 27.4.2014 3:00:31 - Windows Update
RP47: 4.5.2014 20:19:46 - Windows Update
RP48: 4.5.2014 20:28:49 - Windows Update
RP49: 9.5.2014 13:37:47 - Windows Update
.
==== Installed Programs ======================
.
???? ??? Windows Live
???? Windows Live
????? Windows Live
?????? ??????? ?? Windows Live
???????? ?????????? Windows Live
?????????? Windows Live
??????????? ?? Windows Live
Acer Crystal Eye Webcam
Acer ePower Management
Acer eRecovery Management
Acer Games
Acer Registration
Acer ScreenSaver
Acer Updater
Acer VCM
Adobe AIR
Adobe Flash Player 13 Plugin
Adobe Reader X (10.1.9) MUI
Akhra: The Treasures
Alice's Magical Mahjong
Bejeweled 3
Chuzzle Deluxe
D3DX10
Diego's Ultimate Rescue
ETDWare PS/2-X86 8.0.6.0_WHQL
Evernote v. 4.5.2
F-Secure Client Security - DeepGuard
F-Secure Client Security - Internet-suojaus
F-Secure Client Security - Selaussuojaus
F-Secure Client Security - Sähköpostin tarkistus
F-Secure Client Security - Web-liikenteen tarkistus
F-Secure Client Security - Virus- ja vakoilusuojaus
F-Secure Laitehallinta
Final Drive: Nitro
Fotogalerija Windows Live
Galeria de Fotografias do Windows Live
Galeria fotografii uslugi Windows Live
Galeria fotogràfica del Windows Live
Galerie de photos Windows Live
Galerie foto Windows Live
Galería fotográfica de Windows Live
Game Channels
Identity Card
InfraRecorder
Insaniquarium Deluxe
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Rapid Storage Technology
IrfanView (remove only)
Junk Mail filter update
Launch Manager
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Access MUI (Finnish) 2007
Microsoft Office Click-to-Run 2010
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Finnish) 2007
Microsoft Office Groove MUI (Finnish) 2007
Microsoft Office InfoPath MUI (Finnish) 2007
Microsoft Office OneNote MUI (Finnish) 2007
Microsoft Office Outlook MUI (Finnish) 2007
Microsoft Office PowerPoint MUI (Finnish) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (Finnish) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Swedish) 2007
Microsoft Office Proofing (Finnish) 2007
Microsoft Office Publisher MUI (Finnish) 2007
Microsoft Office Shared MUI (Finnish) 2007
Microsoft Office Starter 2010 - English
Microsoft Office Word MUI (Finnish) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 29.0 (x86 en-GB)
Mozilla Maintenance Service
MSVCRT
My Farm Life
My Kingdom for the Princess 3
MyWinLocker 4
MyWinLocker Suite
Poczta uslugi Windows Live
Podstawowe programy Windows Live
Pošta Windows Live
Raccolta foto di Windows Live
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
Running Sheep
S?????? f?t???af??? t?? Windows Live
Secunia PSI (3.0.0.9016)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Shredder
Skip-Bo - Castaway Caper
Skype™ 5.5
Slingo Deluxe
Super Granny 6
TrojanHunter 5.5
Ubuntu
Update Installer for WildTangent Games App
Wedding Dash
Welcome Center
WildTangent Games App
Windows Live
Windows Live ???
Windows Live ????
Windows Live Argazki Galeria
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotótár
Windows Live Fotogalerie
Windows Live Fotogalleri
Windows Live Fotogaléria
Windows Live Fotograf Galerisi
Windows Live Galeria de Fotos
Windows Live Galerija fotografija
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Temel Parçalar
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Liven asennustyökalu
Windows Liven sähköposti
Windows Liven valokuvavalikoima
.
==== Event Viewer Messages From Past Week ========
.
9.5.2014 21:19:43, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  cdrom
9.5.2014 13:28:01, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
9.5.2014 13:26:54, Error: Service Control Manager [7022]  - The Windows Defender service hung on starting.
9.5.2014 13:25:58, Error: F-Secure Gatekeeper [1]  -
4.5.2014 20:15:16, Error: Service Control Manager [7034]  - The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).
4.5.2014 20:06:51, Error: Service Control Manager [7022]  - The Windows Update service hung on starting.
.
==== End Of File ===========================



#4 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:26 AM

Posted 11 May 2014 - 06:13 AM

Hello there,

 

Thank you for providing the logs. 

 

Please download ComboFix from one of these locations:
 
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • **Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.
     

    Query_RC.gif

     
     
    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
     

    RC_successful.gif

     
     
    Click on Yes, to continue scanning for malware.
     
    When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.
     
     
     
     
     
     
     
    Elle 

    Can you hear it?It's all around!

    Tomar ki manè acchè?
    Yadi thakè, tahalè
    Ki kshama kartè paro
    ?



    If I haven't replied in 48 hours, please feel free to send me a PM.



    Posted Image

    #5 ShorterSixthEdition

    ShorterSixthEdition
    • Topic Starter

    • Members
    • 7 posts
    • OFFLINE
    •  
    • Local time:04:26 AM

    Posted 11 May 2014 - 05:42 PM

    Hi again,

     

    I disabled my AntiVirus programs to the best of my ability and ran Combofix. Despite it saying the scan should only take about 10 minutes, it took about an hour to complete. But then again, this computer has always been really slow, so it could be that.

     

    Also, I will be out of town for the next couple of days (max 3, could be less), so I won't be able to reply to this thread. Will get back to this as soon as I can.

     

    Anyway, here is the log (some of the texts are in Finnish, hope that's not too much trouble):

     

    ComboFix 14-05-10.01 - Ananas-Aino 12.05.2014   0:21.1.4 - x86
    Microsoft Windows 7 Starter   6.1.7601.1.1252.358.1033.18.1012.364 [GMT 3:00]
    Sijainti: c:\users\Ananas-Aino\Downloads\ComboFix.exe
    AV: F-Secure Client Security 9.32 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
    FW: F-Secure Client Security 9.32 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
    SP: F-Secure Client Security 9.32 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((   Tiedostot, jotka on luotu seuraavalla aikavälillä: 2014-04-11 to 2014-05-11  )))))))))))))))))
    .
    .
    2014-05-11 22:13 . 2014-05-11 22:13    --------    d-----w-    c:\users\Default\AppData\Local\temp
    2014-05-09 10:39 . 2014-04-17 02:32    8050496    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{D4D85104-AA51-4245-BF60-2EC0B7B1DBA4}\mpengine.dll
    2014-05-04 17:29 . 2014-04-29 12:34    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
    2014-04-29 20:05 . 2014-04-29 20:05    --------    d-----w-    c:\users\Ananas-Aino\AppData\Roaming\TrojanHunter
    2014-04-28 20:48 . 2014-04-28 20:49    --------    d-----w-    c:\programdata\TrojanHunter
    2014-04-28 20:47 . 2014-04-29 14:20    --------    d-----w-    c:\program files\TrojanHunter 5.5
    2014-04-27 19:28 . 2014-04-27 19:28    --------    d-----w-    c:\programdata\BlueStacks
    2014-04-27 19:27 . 2014-04-27 19:27    --------    d-----w-    c:\users\Ananas-Aino\AppData\Roaming\WildTangent
    2014-04-26 15:46 . 2014-01-09 02:22    5694464    ----a-w-    c:\windows\system32\mstscax.dll
    2014-04-26 09:46 . 2014-04-26 09:46    --------    d-s---w-    c:\windows\system32\CompatTel
    2014-04-26 09:43 . 2013-10-01 23:45    32256    ----a-w-    c:\windows\system32\TsUsbGDCoInstaller.dll
    2014-04-26 09:43 . 2013-10-02 00:32    12800    ----a-w-    c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
    2014-04-26 09:43 . 2013-10-02 00:42    49152    ----a-w-    c:\windows\system32\drivers\TsUsbFlt.sys
    2014-04-26 09:43 . 2013-10-02 00:30    14336    ----a-w-    c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
    2014-04-26 09:43 . 2013-10-02 00:14    50176    ----a-w-    c:\windows\system32\MsRdpWebAccess.dll
    2014-04-26 09:43 . 2013-10-02 00:14    17920    ----a-w-    c:\windows\system32\wksprtPS.dll
    2014-04-26 09:43 . 2013-10-01 23:58    53248    ----a-w-    c:\windows\system32\tsgqec.dll
    2014-04-26 09:43 . 2013-10-01 23:08    855552    ----a-w-    c:\windows\system32\rdvidcrl.dll
    2014-04-26 09:43 . 2013-10-01 23:00    76288    ----a-w-    c:\windows\system32\TSWbPrxy.exe
    2014-04-26 09:43 . 2013-10-01 22:53    350208    ----a-w-    c:\windows\system32\wksprt.exe
    2014-04-26 09:42 . 2013-10-01 22:34    1068544    ----a-w-    c:\windows\system32\mstsc.exe
    2014-04-26 09:41 . 2013-09-25 01:57    792576    ----a-w-    c:\windows\system32\TSWorkspace.dll
    2014-04-26 09:40 . 2014-04-14 02:11    361984    ----a-w-    c:\windows\system32\aepdu.dll
    2014-04-26 09:39 . 2014-04-14 02:07    302592    ----a-w-    c:\windows\system32\aeinv.dll
    2014-04-24 20:16 . 2014-04-24 20:17    --------    d-----w-    C:\EEK
    2014-04-24 20:04 . 2014-04-24 20:04    --------    d-----w-    c:\users\Ananas-Aino\AppData\Roaming\IrfanView
    2014-04-24 20:04 . 2014-04-24 20:04    --------    d-----w-    c:\program files\IrfanView
    2014-04-24 20:02 . 2014-04-24 20:02    --------    d-----w-    c:\users\Ananas-Aino\AppData\Local\Secunia PSI
    2014-04-24 20:02 . 2014-04-24 20:02    --------    d-----w-    c:\program files\Secunia
    2014-04-24 19:25 . 2014-04-24 19:30    --------    d-----w-    c:\programdata\MFAData
    2014-04-24 19:25 . 2014-04-24 19:25    --------    d--h--w-    c:\programdata\Common Files
    2014-04-24 19:25 . 2014-04-24 19:25    --------    d-----w-    c:\users\Ananas-Aino\AppData\Local\MFAData
    2014-04-24 19:22 . 2014-05-04 17:18    70832    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
    2014-04-24 19:22 . 2014-05-04 17:18    692400    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
    2014-04-14 05:08 . 2014-03-06 08:02    455168    ----a-w-    c:\windows\system32\vbscript.dll
    2014-04-14 05:08 . 2014-03-06 05:50    257536    ----a-w-    c:\program files\Internet Explorer\IEShims.dll
    2014-04-14 05:08 . 2014-03-08 01:59    235216    ----a-w-    c:\program files\Internet Explorer\sqmapi.dll
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((   Find3M-raportti   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-03-31 06:35 . 2014-01-16 06:27    231584    ------w-    c:\windows\system32\MpSigStub.exe
    .
    .
    ((((((((((((((((((((((((((((((   Rekisterin käynnistyskohteet   )))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SuiteTray"="c:\program files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-09-20 341360]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-03 142104]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-03 175896]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-03 168216]
    "GfxServiceInstall"="c:\windows\system32\GfxCUIServiceInstall.vbs" [2012-02-26 131]
    "LManager"="c:\program files\Launch Manager\LManager.exe" [2011-07-01 1103440]
    "ETDCtrl"="c:\program files\Elantech\ETDCtrl.exe" [2010-11-12 1812264]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2012-01-10 10959464]
    "Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2012-02-08 714120]
    "F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2012-06-26 306928]
    "F-Secure TNB"="c:\program files\F-Secure\FSGUI\TNBUtil.exe" [2012-06-26 1654512]
    "THGuard"="c:\program files\TrojanHunter 5.5\THGuard.exe" [2012-08-26 1088280]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "IsMyWinLockerReboot"="msiexec.exe" [2010-11-20 73216]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2013-12-6 565464]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk]
    backup=c:\windows\pss\Acer VCM.lnk.CommonStartup
    backupExtension=.CommonStartup
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2013-11-21 16:57    959904    ----a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    R3 cleanhlp;cleanhlp;c:\eek\Run\cleanhlp32.sys [2014-04-14 50200]
    R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files\Common Files\EgisTec\Services\EgisTicketService.exe [2011-06-21 173424]
    R3 FSORSPClient;F-Secure ORSP Client;c:\program files\F-Secure\ORSP Client\fsorsp.exe [2014-01-15 60352]
    R3 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files\WildTangent Games\App\GamesAppIntegrationService.exe [2014-04-18 227904]
    R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [2014-04-18 197632]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-06 108032]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 27136]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
    R4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2012-06-26 41072]
    R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2012-06-26 26352]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
    S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2014-01-16 44240]
    S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\F-Secure\HIPS\drivers\fshs.sys [2012-06-26 71664]
    S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [2012-06-26 36976]
    S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2012-06-26 72688]
    S1 fsvista;F-Secure Vista Support Driver;c:\program files\F-Secure\Anti-Virus\minifilter\fsvista.sys [2012-06-26 13552]
    S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2012-03-19 21600]
    S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2012-03-19 16936]
    S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2012-03-19 62240]
    S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
    S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2011-07-01 353360]
    S2 ePowerSvc;ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2012-02-08 738688]
    S2 fsdevcon;F-Secure Device Control Daemon;c:\program files\F-Secure\Device Control\\fsdevcon32.exe [2012-06-26 403184]
    S2 GREGService;GREGService;c:\program files\Acer\Registration\GREGsvc.exe [2012-02-29 28264]
    S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
    S2 IconMan_R;IconMan_R;c:\program files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-07 1755136]
    S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2012-02-07 255376]
    S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2010-01-29 260640]
    S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2013-12-06 1229528]
    S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2013-12-06 662232]
    S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2009-12-02 483688]
    S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-11-12 116008]
    S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys [2014-01-15 145856]
    S3 igddim32;igddim32;c:\windows\system32\DRIVERS\igddim32.sys [2012-02-26 1344512]
    S3 igdkmd32;igdkmd32;c:\windows\system32\DRIVERS\igdkmd32.sys [2012-02-26 419328]
    S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-06-08 278528]
    S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_x86.sys [2013-12-06 16024]
    S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-05-30 254056]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-09-29 490088]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2009-12-02 550760]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2009-12-02 195944]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2009-12-02 21864]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2009-12-02 19304]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-02 209768]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation    REG_MULTI_SZ       SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc
    .
    'Ajoitetut tehtävät'-kansion sisältö
    .
    2014-05-11 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-24 17:18]
    .
    .
    ------- Täydentävä tarkistus -------
    .
    uStart Page = hxxp://acer.msn.com
    IE: V&ie Microsoft Exceliin - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 62.241.198.245 62.241.198.246
    FF - ProfilePath - c:\users\Ananas-Aino\AppData\Roaming\Mozilla\Firefox\Profiles\tb2p204u.default\
    .
    - - - - POISTETUT JÄMÄRIVIT - - - -
    .
    Toolbar-Locked - (no file)
    SafeBoot-CleanHlp
    SafeBoot-CleanHlp.sys
    .
    .
    .
    --------------------- LUKITUT REKISTERIAVAIMET ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- Prosesseihin ladatut DLLt ---------------------
    .
    - - - - - - - > 'Explorer.exe'(5044)
    c:\program files\Acer\Acer ePower Management\SysHook.dll
    .
    Valmistumisajankohta: 2014-05-12  01:17:21
    ComboFix-quarantined-files.txt  2014-05-11 22:17
    .
    Ennen ajoa: 265 746 206 720 bytes free
    Ajon jälkeen: 265 887 195 136 bytes free
    .
    - - End Of File - - F31D8E159AB378201E08A98BDA990762
    A36C5E4F47E84449FF07ED3517B43A31
     



    #6 Blind Faith

    Blind Faith

    • Malware Response Team
    • 4,101 posts
    • OFFLINE
    •  
    • Gender:Female
    • Local time:04:26 AM

    Posted 14 May 2014 - 02:19 PM

    Hello there,

     

    Thank you for letting me know.

     

     

    Please visit the online Jotti Virus Scanner virus.gif<--link
  • Browse to the following filepath:
  • C:\OEM\Preload\Autorun\DRV\Realtek Audio Codec ALC271X_VB3\Vista\FMAPP.exe
  • Click on the Clipboard021.jpg button.
  • The scanner will check the file with various AV companies.
  • Copy and paste the results box into a reply to this thread.
  •  
     
    Elle 

    Can you hear it?It's all around!

    Tomar ki manè acchè?
    Yadi thakè, tahalè
    Ki kshama kartè paro
    ?



    If I haven't replied in 48 hours, please feel free to send me a PM.



    Posted Image

    #7 ShorterSixthEdition

    ShorterSixthEdition
    • Topic Starter

    • Members
    • 7 posts
    • OFFLINE
    •  
    • Local time:04:26 AM

    Posted 14 May 2014 - 05:26 PM

    Hello, I'm back.

     

    Submitted the file to Jotti, here's the results:

    Jotti's malware scan Filename: FMAPP.exe Status:
    Scan finished. 0 out of 22 scanners reported malware.
    Scan taken on:   Thu 15 May 2014 00:15:16 (CET) Permalink        

     
    Additional info File size: 49568 bytes Filetype: PE32 executable (GUI) Intel 80386, for MS Windows MD5: 888f125b884d3ba10e3914fcd6ce8ddf SHA1: c2d5a3fe16f9ed84a37f9f76fb04f8c11349ec88

    None of the scanners found anything, but the Agnitum scanner timed out and apparently didn't finish the scan.



    #8 Blind Faith

    Blind Faith

    • Malware Response Team
    • 4,101 posts
    • OFFLINE
    •  
    • Gender:Female
    • Local time:04:26 AM

    Posted 15 May 2014 - 01:40 PM

    Hello,

     

    I see, I suspect they might all be just false positives. 

     

    Is your computer misbehaving in any way? Unusual symptoms?

     

     

     

    Elle 


    Can you hear it?It's all around!

    Tomar ki manè acchè?
    Yadi thakè, tahalè
    Ki kshama kartè paro
    ?



    If I haven't replied in 48 hours, please feel free to send me a PM.



    Posted Image

    #9 ShorterSixthEdition

    ShorterSixthEdition
    • Topic Starter

    • Members
    • 7 posts
    • OFFLINE
    •  
    • Local time:04:26 AM

    Posted 17 May 2014 - 02:18 PM

    Hi,

     

    the only thing a little weird right now is that something called "Propgram Compatibility Data Updater" wants to connect to the internet. This started happening just a little while ago. I haven't allowed it to make the connection, because I don't know what it is.

     

    Otherwise, the computer's running as usual.



    #10 Blind Faith

    Blind Faith

    • Malware Response Team
    • 4,101 posts
    • OFFLINE
    •  
    • Gender:Female
    • Local time:04:26 AM

    Posted 19 May 2014 - 10:43 AM

    Hello,

     

     

    • Download Malwarebytes Anti-Malware Free and save it to your desktop
    • Double click the desktop icon, click Run, then OK
    • Click Next
    • Select I accept the agreement then continue to click Next then finally click Install
    • Uncheck Enable free trial of Malwarebytes Anti-Malware Premium if you do not want the free trial of the paid version, then click Finish
    • If you are notified the Database is out of date click Update Now
    • Click Scan Now >>

    ----------

    • Note: If Malwarebytes will not launch please do the following to launch Malwarebytes Chameleon:
    • Click Start (Start, Search, All files and folders for Windows XP) then type mbam
    • Double click one of the four following files (if one does not work try the next one, and so on) - A black command window will open. Follow those instructions until the Malwarebytes program starts the scan

    mbam-chameleon.scr
    mbam-chameleon
    mbam-chameleon.exe
    mbam-chameleon.com

    ----------

    • When completed click the down arrow on Export Log and select Text file (*.txt)
    • Save the file to your desktop as MBAM
    • Click Apply Actions then restart your computer if requested
    • Copy and past the contents of MBAM.txt in your reply

     

     

     

     

    Elle 


    Can you hear it?It's all around!

    Tomar ki manè acchè?
    Yadi thakè, tahalè
    Ki kshama kartè paro
    ?



    If I haven't replied in 48 hours, please feel free to send me a PM.



    Posted Image

    #11 ShorterSixthEdition

    ShorterSixthEdition
    • Topic Starter

    • Members
    • 7 posts
    • OFFLINE
    •  
    • Local time:04:26 AM

    Posted 21 May 2014 - 03:03 AM

    Hi,

     

    I ran the scan and it didn't find anything and there were no actions to apply. I can't post the log here, because my screen is too goddamn small to reach the end of the log window where the export button is and and none of the usual ways to make the window smaller worked for some reason. Sorry about that.

     

    No changes in the behaviour of the computer.



    #12 Blind Faith

    Blind Faith

    • Malware Response Team
    • 4,101 posts
    • OFFLINE
    •  
    • Gender:Female
    • Local time:04:26 AM

    Posted 24 May 2014 - 05:42 PM

    Hi there,

     

     

    Your computer is clean. b]I will leave several pieces of advice upon computer safety and how to prevent infection. [/b]

     
    • Make sure you have a running Antivirus and Firewall program
    Both  represent the keys of a secure system, however keep in mind that no antivirus or firewall will ensure 100% protection. The most important component is the one sitting in front of the desktop. If you are connected through a router, you do not need a firewall anymore as you already have one. :)
    A comprehensive tutorial and a list of possible firewalls can be found here
     
  • Keep your Windows installation up to date
  • Visit the Microsoft Update Websiteas often as possible as the fundation of your system is your Windows Installation which needs to be updated regularily. Please take it into consideration. 
     
  • Keep your other software up to date as well
  • Any software may have security holes. Therefore producers release updates in order to fix those security holes. You can use Secunia Online Software in order to find the programs that need to be updated.
     
     
     
     
    Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.
     
     
     
     
    Elle 

    Can you hear it?It's all around!

    Tomar ki manè acchè?
    Yadi thakè, tahalè
    Ki kshama kartè paro
    ?



    If I haven't replied in 48 hours, please feel free to send me a PM.



    Posted Image

    #13 ShorterSixthEdition

    ShorterSixthEdition
    • Topic Starter

    • Members
    • 7 posts
    • OFFLINE
    •  
    • Local time:04:26 AM

    Posted 26 May 2014 - 02:44 PM

    Hi and sorry for the couple of days of radio silence.

     

    That's good to hear! Thank you for all the help and advice in untangling my problem. I'm glad the scan results turned out to be false positives, trojans are so troublesome when they manage to infect your computer.

     

    The computer continues to work as usual, in its own pace. Here's hoping that my computer continues to be malware free! So, thanks again, you've been tremendously helpful.



    #14 Blind Faith

    Blind Faith

    • Malware Response Team
    • 4,101 posts
    • OFFLINE
    •  
    • Gender:Female
    • Local time:04:26 AM

    Posted 27 May 2014 - 03:42 AM

    Hello,

     

     

    I'm glad I could be helpful! :) That is what I am here for.

     

     

     

    Elle


    Can you hear it?It's all around!

    Tomar ki manè acchè?
    Yadi thakè, tahalè
    Ki kshama kartè paro
    ?



    If I haven't replied in 48 hours, please feel free to send me a PM.



    Posted Image

    #15 Blind Faith

    Blind Faith

    • Malware Response Team
    • 4,101 posts
    • OFFLINE
    •  
    • Gender:Female
    • Local time:04:26 AM

    Posted 27 May 2014 - 03:42 AM

    It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
    Can you hear it?It's all around!

    Tomar ki manè acchè?
    Yadi thakè, tahalè
    Ki kshama kartè paro
    ?



    If I haven't replied in 48 hours, please feel free to send me a PM.



    Posted Image




    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users