Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Our home network router has been hacked


  • This topic is locked This topic is locked
11 replies to this topic

#1 xspeed

xspeed

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 11 May 2014 - 12:33 PM

Hi,

 

According to our home network administrator our router has been hacked, and someone has access to our computers.

 

He said that the attacker has installed on our systems more utilities, to be sure if one of them is discovered, he can use one of the other ways to access our computers.

 

He said to do our best to completely clean our systems.

Please help me,

 

Sorry, but the Attach.txt file has 511 KB, and I couldn't attach it. So I tried to paste it in here, but still didn't work, so I have deleted from it some lines from the hosts file (I use the hosts file from http://winhelp2002.mvps.org/hosts.htm ), and the attach.txt file has been pasted in here after the dds.txt file

 

Here are my DDS logs

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 11.0.9600.17041  BrowserJavaVersion: 10.55.2
Run by Bebita at 16:42:56 on 2014-05-11
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.2047.1106 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dll
BHO: {10921475-03CE-4E04-90CE-E2E7EF20C814} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRunOnce: [SPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
TCP: NameServer = 212.242.40.3 212.242.40.51
TCP: Interfaces\{6CA176A7-2C05-4465-80AC-E42B9B12CD1A} : DHCPNameServer = 212.242.40.3 212.242.40.51
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\34.0.1847.131\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
IFEO: ccleaner.exe - "c:\program files\tuneup utilities 2014\TUAutoReactivator32.exe"
IFEO: uninst.exe - "c:\program files\tuneup utilities 2014\TUAutoReactivator32.exe"
Hosts: 0.0.0.0 fr.a2dfp.net
Hosts: 0.0.0.0 m.fr.a2dfp.net
Hosts: 0.0.0.0 mfr.a2dfp.net
Hosts: 0.0.0.0 ad.a8.net
Hosts: 0.0.0.0 asy.a8ww.net
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-3-15 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-3-15 180632]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-3-15 776976]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-3-15 411552]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-5-4 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-3-15 67824]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-3-15 67776]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-5-4 50344]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2014\TuneUpUtilitiesService32.exe [2014-3-20 1773368]
R3 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2014-4-3 108000]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2014\TuneUpUtilitiesDriver32.sys [2014-2-10 12320]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 LiveUpdateSvc;LiveUpdate;c:\program files\iobit\liveupdate\LiveUpdate.exe [2014-4-5 2153792]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-4-9 108032]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2014-1-11 14848]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2014-2-16 49152]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2014-1-11 1343400]
S4 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2014-1-10 227896]
.
=============== Created Last 30 ================
.
2014-05-10 12:47:25 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-05-10 12:36:39 -------- d-----w- c:\programdata\Oracle
2014-05-10 09:56:22 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4b7934b5-c8d8-467f-93ce-6acbd17252a0}\offreg.dll
2014-05-10 08:09:02 8050496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4b7934b5-c8d8-467f-93ce-6acbd17252a0}\mpengine.dll
2014-05-05 19:13:08 -------- d-s---w- c:\windows\system32\CompatTel
2014-05-05 19:12:58 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-05 19:10:42 361984 ----a-w- c:\windows\system32\aepdu.dll
2014-05-05 19:10:42 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-05-04 11:42:36 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-05-04 11:42:32 43152 ----a-w- c:\windows\avastSS.scr
.
==================== Find3M  ====================
.
2014-05-10 10:56:05 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-10 10:56:05 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-05-04 11:42:33 81768 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-05-04 11:42:33 776976 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-05-04 11:42:33 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-05-04 11:42:33 67776 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-05-04 11:42:33 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-05-04 11:42:33 180632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-04-01 08:04:10 22304 ----a-w- c:\windows\system32\RegBootDefrag.exe
2014-04-01 08:03:56 101664 ----a-w- c:\windows\system32\BootDefrag.exe
2014-03-31 07:35:10 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-03-20 12:44:28 36664 ----a-w- c:\windows\system32\TURegOpt.exe
2014-03-20 12:44:20 25400 ----a-w- c:\windows\system32\authuitu.dll
2014-03-06 08:31:27 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-03-06 08:02:34 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-03-06 08:02:33 455168 ----a-w- c:\windows\system32\vbscript.dll
2014-03-06 08:01:01 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-03-06 07:46:36 4254720 ----a-w- c:\windows\system32\jscript9.dll
2014-03-06 07:38:13 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-06 07:38:10 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-03-06 07:36:40 592896 ----a-w- c:\windows\system32\jscript9diag.dll
2014-03-06 07:28:01 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-06 07:13:43 32256 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-03-06 06:40:39 1967104 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-06 05:41:49 1789440 ----a-w- c:\windows\system32\wininet.dll
.
============= FINISH: 16:43:34.07 ===============
 
 
 
 
 
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional 
Boot Device: \Device\HarddiskVolume1
Install Date: 1/10/2014 8:41:22 PM
System Uptime: 5/10/2014 2:53:29 PM (26 hours ago)
.
Motherboard: Hewlett-Packard |  | 30D7
Processor: Intel® Pentium® Dual  CPU  T2390  @ 1.86GHz | U10 | 1867/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 49 GiB total, 29.541 GiB free.
D: is FIXED (NTFS) - 98 GiB total, 8.634 GiB free.
E: is FIXED (NTFS) - 86 GiB total, 24.561 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Hosts File Hijack ======================
.
Hosts: 0.0.0.0 fr.a2dfp.net
Hosts: 0.0.0.0 m.fr.a2dfp.net
Hosts: 0.0.0.0 mfr.a2dfp.net
Hosts: 0.0.0.0 ad.a8.net
Hosts: 0.0.0.0 asy.a8ww.net
Hosts: 0.0.0.0 static.a-ads.com
Hosts: 0.0.0.0 abcstats.com
.
.
.
.
Hosts: 0.0.0.0 ad4.abradio.cz
Hosts: 0.0.0.0 a.abv.bg
Hosts: 0.0.0.0 motd.pinion.gg #[Game Adverts]
Hosts: 0.0.0.0 tix.pinion.gg
Hosts: 0.0.0.0 wiki.pinion.gg
Hosts: 0.0.0.0 www.pinion.gg
Hosts: 0.0.0.0 ads1.qadabra.com
Hosts: 0.0.0.0 js4.ringrevenue.com
Hosts: 0.0.0.0 json4.ringrevenue.com
Hosts: 0.0.0.0 rc.rlcdn.com
Hosts: 0.0.0.0 ads.saymedia.com
Hosts: 0.0.0.0 w.coin.scribol.com
Hosts: 0.0.0.0 d.shareaholic.com
Hosts: 0.0.0.0 s.shopify.com
Hosts: 0.0.0.0 ads.skinected.com
Hosts: 0.0.0.0 l.springmetrics.com
Hosts: 0.0.0.0 b.t.tailtarget.com
Hosts: 0.0.0.0 ws.tapjoyads.com
Hosts: 0.0.0.0 beacon.tracelytics.com
Hosts: 0.0.0.0 ads.tracking202.com
Hosts: 0.0.0.0 ats.tumri.net
Hosts: 0.0.0.0 geoservice.webengage.com
Hosts: 0.0.0.0 tracking.websitealive.com
Hosts: 0.0.0.0 download.ytdownloader.com
 
Hosts: 0.0.0.0 ss1.zedo.com
Hosts: 0.0.0.0 ss2.zedo.com
Hosts: 0.0.0.0 ss7.zedo.com
Hosts: 0.0.0.0 xads.zedo.com
Hosts: 0.0.0.0 yads.zedo.com
Hosts: 0.0.0.0 www.zedo.com #[Adware.RaxSearch]
Hosts: 0.0.0.0 c1.zxxds.net
Hosts: 0.0.0.0 c7.zxxds.net
Hosts: 0.0.0.0 ads.namiflow.com
Hosts: 0.0.0.0 adunit.namiflow.com
Hosts: 0.0.0.0 rt.udmserve.net
Hosts: 0.0.0.0 www.stickylogic.com
Hosts: 0.0.0.0 www.winadiscount.com #[Dr.Web.Adware.Xbarre]
Hosts: 0.0.0.0 www.winaproduct.com
.
==== Installed Programs ======================
.
7-Zip 9.22beta
Adobe Flash Player 13 ActiveX
Adobe Flash Player 13 Plugin
avast! Free Antivirus
CCleaner
Glary Utilities 4.9
Google Chrome
Google Update Helper
HP Quick Launch Buttons
Internet Download Manager
Java 7 Update 55
Java Auto Updater
Microsoft .NET Framework 4.5.1
Microsoft Visual C++ 2005 Redistributable
QLBCASL
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
SumatraPDF
Synaptics Pointing Device Driver
TuneUp Utilities 2014
TuneUp Utilities 2014 (en-US)
Yahoo! Messenger
.
==== End Of File ===========================
 

Edited by xspeed, 11 May 2014 - 12:35 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,733 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:51 AM

Posted 16 May 2014 - 12:35 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/533984 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 xspeed

xspeed
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 16 May 2014 - 02:15 PM

Hi again,

 

Here is the DDS log:

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 11.0.9600.17041  BrowserJavaVersion: 10.55.2
Run by Bebita at 21:05:00 on 2014-05-16
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.2047.1080 [GMT 2:00]
.
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\mmc.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\explorer.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
dRunOnce: [SPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
uPolicies-Explorer: NoPreviewPane = dword:1
uPolicies-Explorer: NoDriveTypeAutoRun = dword:181
uPolicies-Explorer: NoDriveAutoRun = dword:67108835
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001055-0002-0055-ABCDEFFEDCBC} - <orphaned>
TCP: NameServer = 212.242.40.3 212.242.40.51
TCP: Interfaces\{6CA176A7-2C05-4465-80AC-E42B9B12CD1A} : DHCPNameServer = 212.242.40.3 212.242.40.51
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\34.0.1847.137\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 0.0.0.0 fr.a2dfp.net
Hosts: 0.0.0.0 m.fr.a2dfp.net
Hosts: 0.0.0.0 mfr.a2dfp.net
Hosts: 0.0.0.0 ad.a8.net
Hosts: 0.0.0.0 asy.a8ww.net
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-3-15 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-3-15 180632]
R0 GUBootStartup;GUBootStartup;c:\windows\system32\drivers\GUBootStartup.sys [2014-5-13 17088]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [2014-3-15 777488]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2014-3-15 411680]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-5-4 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-3-15 67824]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-5-4 50344]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2014\TuneUpUtilitiesService32.exe [2014-3-20 1773368]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2014\TuneUpUtilitiesDriver32.sys [2014-2-10 12320]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswstm.sys [2014-3-15 68312]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 LiveUpdateSvc;LiveUpdate;c:\program files\iobit\liveupdate\LiveUpdate.exe [2014-4-5 2153792]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2014-4-3 108000]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-4-9 108032]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2014-1-11 14848]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2014-2-16 49152]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2014-1-11 1343400]
S4 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2014-1-10 227896]
.
=============== Created Last 30 ================
.
2014-05-16 18:40:08 -------- d-----w- c:\programdata\IDM
2014-05-16 17:33:44 -------- d-----w- c:\users\bebita\appdata\local\Avg2014
2014-05-16 17:17:59 -------- d-----w- c:\users\bebita\appdata\roaming\MPC-HC
2014-05-16 17:16:24 -------- d-----w- c:\program files\MPC-HC
2014-05-16 11:30:49 8050496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{46addb59-756c-4c1e-8af7-69547eccf44b}\mpengine.dll
2014-05-15 18:58:27 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-15 16:30:27 369664 ----a-w- c:\windows\system32\aepdu.dll
2014-05-15 16:30:25 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-05-15 16:30:15 3969984 ----a-w- c:\windows\system32\ntkrnlpa.exe
2014-05-15 16:30:14 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-05-15 16:30:14 3914176 ----a-w- c:\windows\system32\ntoskrnl.exe
2014-05-15 16:30:13 304128 ----a-w- c:\windows\system32\winlogon.exe
2014-05-15 16:30:13 259584 ----a-w- c:\windows\system32\msv1_0.dll
2014-05-15 16:30:13 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-05-15 16:30:11 538112 ----a-w- c:\windows\system32\objsel.dll
2014-05-13 17:52:12 17088 ----a-w- c:\windows\system32\drivers\GUBootStartup.sys
2014-05-13 17:52:02 -------- d-----w- c:\program files\Glary Utilities 5
2014-05-13 17:46:38 -------- d-----w- c:\users\bebita\appdata\roaming\IDM
2014-05-13 17:46:31 -------- d-----w- c:\program files\Internet Download Manager
2014-05-10 12:47:25 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-05-05 19:13:08 -------- d-s---w- c:\windows\system32\CompatTel
2014-05-04 11:42:36 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-05-04 11:42:32 43152 ----a-w- c:\windows\avastSS.scr
.
==================== Find3M  ====================
.
2014-05-15 18:15:49 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-15 18:15:49 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-05-12 15:48:17 777488 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-05-12 15:48:17 68312 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-05-04 11:42:33 81768 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-05-04 11:42:33 776976 ----a-w- c:\windows\system32\drivers\aswsnx.sys.1399909696642
2014-05-04 11:42:33 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-05-04 11:42:33 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-05-04 11:42:33 411552 ----a-w- c:\windows\system32\drivers\aswsp.sys.1399909696642
2014-05-04 11:42:33 180632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-04-12 02:15:13 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2014-04-12 02:15:13 136640 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-04-12 02:12:09 15872 ----a-w- c:\windows\system32\sspisrv.dll
2014-04-12 02:12:09 100352 ----a-w- c:\windows\system32\sspicli.dll
2014-04-12 02:12:06 22016 ----a-w- c:\windows\system32\secur32.dll
2014-04-12 02:11:22 22528 ----a-w- c:\windows\system32\lsass.exe
2014-04-01 08:04:10 22304 ----a-w- c:\windows\system32\RegBootDefrag.exe
2014-03-31 07:35:10 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-03-20 12:44:28 36664 ----a-w- c:\windows\system32\TURegOpt.exe
2014-03-20 12:44:20 25400 ----a-w- c:\windows\system32\authuitu.dll
2014-03-06 08:31:27 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-03-06 08:02:34 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-03-06 08:02:33 455168 ----a-w- c:\windows\system32\vbscript.dll
2014-03-06 08:01:01 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-03-06 07:46:36 4254720 ----a-w- c:\windows\system32\jscript9.dll
2014-03-06 07:38:13 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-06 07:38:10 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-03-06 07:36:40 592896 ----a-w- c:\windows\system32\jscript9diag.dll
2014-03-06 07:28:01 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-06 07:13:43 32256 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-03-06 06:40:39 1967104 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-06 05:41:49 1789440 ----a-w- c:\windows\system32\wininet.dll
2014-03-04 09:17:38 35328 ----a-w- c:\windows\system32\wincredprovider.dll
2014-03-04 09:17:27 172032 ----a-w- c:\windows\system32\wdigest.dll
2014-03-04 09:17:26 65536 ----a-w- c:\windows\system32\TSpkg.dll
2014-03-04 09:17:22 247808 ----a-w- c:\windows\system32\schannel.dll
2014-03-04 09:17:13 293376 ----a-w- c:\windows\system32\KernelBase.dll
2014-03-04 09:17:08 47616 ----a-w- c:\windows\system32\dpapiprovider.dll
2014-03-04 09:17:08 36864 ----a-w- c:\windows\system32\dimsroam.dll
2014-03-04 09:17:07 51200 ----a-w- c:\windows\system32\cngprovider.dll
2014-03-04 09:17:07 17408 ----a-w- c:\windows\system32\credssp.dll
2014-03-04 09:17:06 48128 ----a-w- c:\windows\system32\capiprovider.dll
2014-03-04 09:17:05 49664 ----a-w- c:\windows\system32\adprovider.dll
.
============= FINISH: 21:05:52.51 ===============
 
 
 
Because the original attach.txt file has 504 KB,
I've compressed it with 7-Zip the and tried to attach it but,
  • attach.7z

    You aren't permitted to upload this kind of file

that's why I changed the extension from attach.7z to attach.txt
If you want to see the file, please change the extension back to 7z.
 
Thank you very much !
 

Attached Files



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,511 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:51 AM

Posted 20 May 2014 - 08:02 PM

Greetings xspeed and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review our situation please run the below for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • Attached System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,511 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:51 AM

Posted 23 May 2014 - 08:46 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 xspeed

xspeed
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 23 May 2014 - 01:41 PM

HI Gary,

 

My apologies for the delay.

 

Here are the FRST logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-05-2014

Ran by Bebita (administrator) on BEBITA-PC on 23-05-2014 19:59:08
Running from C:\Users\Bebita\Desktop
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Krzysztof Kowalczyk) C:\Program Files\SumatraPDF\SumatraPDF.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1045800 2008-03-28] (Synaptics, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704 2014-05-04] (AVAST Software)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2014-01-11] (Microsoft Corporation)
HKU\S-1-5-21-3005134643-3185681801-4101171663-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-3005134643-3185681801-4101171663-1000\...\Policies\Explorer: [NoDrives] 0x00000000
HKU\S-1-5-21-3005134643-3185681801-4101171663-1000\...\Policies\Explorer: [NoPreviewPane] 1
HKU\S-1-5-21-3005134643-3185681801-4101171663-1000\...\Policies\Explorer: [CDRAutoRun] 0
IFEO\ccleaner.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
IFEO\uninst.exe: [Debugger] "C:\Program Files\TuneUp Utilities 2014\TUAutoReactivator32.exe"
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://dk.msn.com/?rd=1&ucc=DK&dcc=DK&opt=0
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA4648ADB9B50CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
BHO: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 212.242.40.3 212.242.40.51
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Bebita\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Bebita\AppData\Roaming\IDM\idmmzcc5 [2014-05-13]
 
Chrome: 
=======
CHR Extension: (WOT) - C:\Users\Bebita\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-05-20]
CHR Extension: (Adblock Plus) - C:\Users\Bebita\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-05-20]
CHR Extension: (Ghostery) - C:\Users\Bebita\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-05-20]
CHR Extension: (Google Wallet) - C:\Users\Bebita\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-20]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-05-04]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2014-04-03]
 
========================== Services (Whitelisted) =================
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-04] (AVAST Software)
S4 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2153792 2014-04-05] (IObit)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1773368 2014-03-20] (TuneUp Software)
 
==================== Drivers (Whitelisted) ====================
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-05-04] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-05-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-05-04] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-05-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [777488 2014-05-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411680 2014-05-12] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [68312 2014-05-12] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180632 2014-05-04] ()
R3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [219352 2009-06-05] (Intel Corporation)
R0 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [17088 2014-05-13] (Glarysoft Ltd)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [12320 2014-02-10] (TuneUp Software)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-05-23 19:59 - 2014-05-23 19:59 - 00007496 _____ () C:\Users\Bebita\Desktop\FRST.txt
2014-05-23 19:58 - 2014-05-23 19:59 - 00000000 ____D () C:\FRST
2014-05-23 19:57 - 2014-05-23 19:58 - 01056768 _____ (Farbar) C:\Users\Bebita\Desktop\FRST.exe
2014-05-20 19:00 - 2014-05-20 19:01 - 15971352 _____ () C:\Users\Bebita\Downloads\SAS_2666029.COM
2014-05-20 18:22 - 2014-05-20 18:22 - 02347384 _____ (ESET) C:\Users\Bebita\Downloads\esetsmartinstaller_enu.exe
2014-05-18 20:29 - 2014-05-18 20:29 - 00024333 _____ () C:\Users\Bebita\Downloads\Checkout  .htm
2014-05-18 20:29 - 2014-05-18 20:29 - 00000000 ____D () C:\Users\Bebita\Downloads\Checkout  _files
2014-05-17 17:36 - 2014-05-17 17:36 - 00000000 ____D () C:\Users\Bebita\AppData\Roaming\Macromedia
2014-05-16 22:59 - 2014-05-16 22:59 - 00000000 ____D () C:\SUPERDelete
2014-05-16 22:57 - 2014-05-16 22:57 - 00000000 ____D () C:\Users\Bebita\AppData\Roaming\SUPERAntiSpyware.com
2014-05-16 21:58 - 2014-05-16 21:58 - 00000000 ____D () C:\Program Files\ESET
2014-05-16 20:48 - 2014-05-16 20:48 - 00000000 ____D () C:\Users\Bebita\AppData\Roaming\Adobe
2014-05-16 20:40 - 2014-05-16 20:40 - 00000000 ____D () C:\ProgramData\IDM
2014-05-16 20:01 - 2014-05-23 19:40 - 00170109 _____ () C:\Windows\WindowsUpdate.log
2014-05-16 19:33 - 2014-05-16 19:33 - 00000000 ____D () C:\Users\Bebita\AppData\Local\Avg2014
2014-05-16 19:17 - 2014-05-16 19:17 - 00000000 ____D () C:\Users\Bebita\AppData\Roaming\MPC-HC
2014-05-16 19:16 - 2014-05-16 19:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC
2014-05-16 19:16 - 2014-05-16 19:16 - 00000000 ____D () C:\Program Files\MPC-HC
2014-05-15 20:58 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 20:58 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 20:58 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 18:30 - 2014-05-09 09:06 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-15 18:30 - 2014-05-09 09:04 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-15 18:30 - 2014-04-12 04:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 18:30 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-05-15 18:30 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 18:30 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 18:30 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 18:30 - 2014-03-04 11:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 18:30 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 17:56 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 17:56 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 17:56 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 17:56 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 17:56 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 17:56 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 17:56 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 17:56 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 17:56 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 17:56 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 17:56 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 17:56 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 17:56 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 17:56 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 17:56 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 17:56 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 17:56 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 17:56 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-13 19:52 - 2014-05-20 20:53 - 00000000 ____D () C:\Program Files\Glary Utilities 5
2014-05-13 19:52 - 2014-05-16 20:01 - 00000322 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
2014-05-13 19:52 - 2014-05-13 19:52 - 00017088 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys
2014-05-13 19:52 - 2014-05-13 19:52 - 00001014 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2014-05-13 19:52 - 2014-05-13 19:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2014-05-13 19:46 - 2014-05-20 22:01 - 00000000 ____D () C:\Users\Bebita\AppData\Roaming\IDM
2014-05-13 19:46 - 2014-05-13 19:48 - 00000000 ____D () C:\Program Files\Internet Download Manager
2014-05-13 19:46 - 2014-05-13 19:46 - 00000000 ____D () C:\Users\Bebita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2014-05-13 19:46 - 2014-05-13 19:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2014-05-10 14:47 - 2014-05-10 14:47 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-10 14:47 - 2014-05-10 14:47 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-10 14:47 - 2014-05-10 14:47 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-10 14:47 - 2014-05-10 14:47 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-05-10 14:47 - 2014-05-10 14:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-10 14:47 - 2014-05-10 14:47 - 00000000 ____D () C:\Program Files\Java
2014-05-10 14:47 - 2014-05-10 14:47 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-05-08 23:06 - 2014-05-08 23:06 - 00001238 _____ () C:\Users\Bebita\Desktop\GoogleChromePortable.exe - Shortcut.lnk
2014-05-05 21:13 - 2014-05-15 21:50 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-04 13:42 - 2014-05-04 13:42 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-05-04 13:42 - 2014-05-04 13:42 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
 
==================== One Month Modified Files and Folders =======
 
2014-05-23 19:59 - 2014-05-23 19:59 - 00007496 _____ () C:\Users\Bebita\Desktop\FRST.txt
2014-05-23 19:59 - 2014-05-23 19:58 - 00000000 ____D () C:\FRST
2014-05-23 19:58 - 2014-05-23 19:57 - 01056768 _____ (Farbar) C:\Users\Bebita\Desktop\FRST.exe
2014-05-23 19:40 - 2014-05-16 20:01 - 00170109 _____ () C:\Windows\WindowsUpdate.log
2014-05-21 20:27 - 2014-04-10 20:48 - 00000000 ____D () C:\Users\Bebita\Downloads\Video
2014-05-21 20:19 - 2014-04-10 20:48 - 00000000 ____D () C:\Users\Bebita\AppData\Roaming\DMCache
2014-05-21 20:09 - 2014-01-10 21:42 - 00707216 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-20 22:01 - 2014-05-13 19:46 - 00000000 ____D () C:\Users\Bebita\AppData\Roaming\IDM
2014-05-20 20:53 - 2014-05-13 19:52 - 00000000 ____D () C:\Program Files\Glary Utilities 5
2014-05-20 19:01 - 2014-05-20 19:00 - 15971352 _____ () C:\Users\Bebita\Downloads\SAS_2666029.COM
2014-05-20 18:22 - 2014-05-20 18:22 - 02347384 _____ (ESET) C:\Users\Bebita\Downloads\esetsmartinstaller_enu.exe
2014-05-20 17:35 - 2009-07-14 06:34 - 00020384 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-20 17:35 - 2009-07-14 06:34 - 00020384 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-20 17:20 - 2014-01-27 18:11 - 00000000 ____D () C:\ProgramData\Yahoo!
2014-05-19 21:57 - 2014-03-16 15:10 - 00015158 _____ () C:\Users\Bebita\Desktop\subtitles.txt
2014-05-18 20:29 - 2014-05-18 20:29 - 00024333 _____ () C:\Users\Bebita\Downloads\Checkout  .htm
2014-05-18 20:29 - 2014-05-18 20:29 - 00000000 ____D () C:\Users\Bebita\Downloads\Checkout  _files
2014-05-17 17:36 - 2014-05-17 17:36 - 00000000 ____D () C:\Users\Bebita\AppData\Roaming\Macromedia
2014-05-17 00:32 - 2014-03-09 18:57 - 00850603 _____ () C:\Users\Bebita\AppData\Local\census.cache
2014-05-17 00:31 - 2014-03-09 18:56 - 00088905 _____ () C:\Users\Bebita\AppData\Local\ars.cache
2014-05-16 23:58 - 2014-03-15 21:15 - 00000010 _____ () C:\Users\Bebita\AppData\Local\sponge.last.runtime.cache
2014-05-16 22:59 - 2014-05-16 22:59 - 00000000 ____D () C:\SUPERDelete
2014-05-16 22:59 - 2014-04-05 17:58 - 00000000 ____D () C:\Users\Bebita\AppData\Roaming\IObit
2014-05-16 22:59 - 2014-04-05 17:58 - 00000000 ____D () C:\Program Files\IObit
2014-05-16 22:57 - 2014-05-16 22:57 - 00000000 ____D () C:\Users\Bebita\AppData\Roaming\SUPERAntiSpyware.com
2014-05-16 21:58 - 2014-05-16 21:58 - 00000000 ____D () C:\Program Files\ESET
2014-05-16 20:48 - 2014-05-16 20:48 - 00000000 ____D () C:\Users\Bebita\AppData\Roaming\Adobe
2014-05-16 20:40 - 2014-05-16 20:40 - 00000000 ____D () C:\ProgramData\IDM
2014-05-16 20:19 - 2014-02-11 23:34 - 00000000 ____D () C:\Users\Bebita\AppData\Local\Google
2014-05-16 20:01 - 2014-05-13 19:52 - 00000322 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
2014-05-16 19:59 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-16 19:33 - 2014-05-16 19:33 - 00000000 ____D () C:\Users\Bebita\AppData\Local\Avg2014
2014-05-16 19:17 - 2014-05-16 19:17 - 00000000 ____D () C:\Users\Bebita\AppData\Roaming\MPC-HC
2014-05-16 19:16 - 2014-05-16 19:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC
2014-05-16 19:16 - 2014-05-16 19:16 - 00000000 ____D () C:\Program Files\MPC-HC
2014-05-15 22:48 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-15 22:34 - 2014-01-11 14:10 - 00001839 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SumatraPDF.lnk
2014-05-15 21:51 - 2014-01-11 17:14 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-15 21:50 - 2014-05-05 21:13 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 21:01 - 2014-01-10 22:42 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 20:59 - 2014-01-10 22:42 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-15 20:15 - 2014-01-11 17:14 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-15 20:15 - 2014-01-11 17:14 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-13 19:52 - 2014-05-13 19:52 - 00017088 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys
2014-05-13 19:52 - 2014-05-13 19:52 - 00001014 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2014-05-13 19:52 - 2014-05-13 19:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2014-05-13 19:52 - 2014-04-05 18:52 - 00000000 ____D () C:\ProgramData\GlarySoft
2014-05-13 19:52 - 2014-04-05 18:44 - 00000000 ____D () C:\Users\Bebita\AppData\Roaming\GlarySoft
2014-05-13 19:52 - 2014-03-09 16:54 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-13 19:50 - 2014-04-05 20:43 - 00006217 _____ () C:\Windows\system32\RegFile3.txt
2014-05-13 19:48 - 2014-05-13 19:46 - 00000000 ____D () C:\Program Files\Internet Download Manager
2014-05-13 19:46 - 2014-05-13 19:46 - 00000000 ____D () C:\Users\Bebita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2014-05-13 19:46 - 2014-05-13 19:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2014-05-13 19:46 - 2014-04-10 20:48 - 00000943 _____ () C:\Users\Bebita\Desktop\Internet Download Manager.lnk
2014-05-13 17:58 - 2014-04-05 17:58 - 00000000 ____D () C:\ProgramData\ProductData
2014-05-12 17:48 - 2014-03-15 22:23 - 00777488 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-05-12 17:48 - 2014-03-15 22:23 - 00411680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-05-12 17:48 - 2014-03-15 22:23 - 00068312 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-05-12 17:45 - 2014-01-12 20:29 - 00000000 ____D () C:\Program Files\7-Zip
2014-05-10 14:47 - 2014-05-10 14:47 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-10 14:47 - 2014-05-10 14:47 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-10 14:47 - 2014-05-10 14:47 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-10 14:47 - 2014-05-10 14:47 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-05-10 14:47 - 2014-05-10 14:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-10 14:47 - 2014-05-10 14:47 - 00000000 ____D () C:\Program Files\Java
2014-05-10 14:47 - 2014-05-10 14:47 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-05-09 09:06 - 2014-05-15 18:30 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 09:04 - 2014-05-15 18:30 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 23:06 - 2014-05-08 23:06 - 00001238 _____ () C:\Users\Bebita\Desktop\GoogleChromePortable.exe - Shortcut.lnk
2014-05-06 05:25 - 2014-05-15 20:58 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 05:07 - 2014-05-15 20:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 04:10 - 2014-05-15 20:58 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-04 13:42 - 2014-05-04 13:42 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-05-04 13:42 - 2014-05-04 13:42 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-05-04 13:42 - 2014-03-15 22:23 - 00776976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys.1399909696642
2014-05-04 13:42 - 2014-03-15 22:23 - 00411552 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys.1399909696642
2014-05-04 13:42 - 2014-03-15 22:23 - 00271264 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-05-04 13:42 - 2014-03-15 22:23 - 00180632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-05-04 13:42 - 2014-03-15 22:23 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-05-04 13:42 - 2014-03-15 22:23 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-05-04 13:42 - 2014-03-15 22:23 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe
[2014-05-15 18:30] - [2014-03-04 11:17] - 0304128 ____A (Microsoft Corporation) 998507B046BA314CE8245364C686FA67
 
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-05-20 20:15
 
==================== End Of Log ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version:21-05-2014
Ran by Bebita at 2014-05-23 19:59:46
Running from C:\Users\Bebita\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
7-Zip 9.22beta (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2018 - Avast Software)
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
Glary Utilities 5.0 (HKLM\...\Glary Utilities 5) (Version: 5.0.0.1 - Glarysoft Ltd)
Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.137 - Google Inc.)
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
HP Quick Launch Buttons (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.14.1 - Hewlett-Packard Company)
Internet Download Manager (HKLM\...\Internet Download Manager) (Version:  - Tonec Inc.)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
MPC-HC 1.7.5 (HKLM\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.5 - MPC-HC Team)
QLBCASL (Version: 6.40.17.2 - Hewlett-Packard) Hidden
SumatraPDF (HKLM\...\SumatraPDF) (Version: 2.5.2 - Krzysztof Kowalczyk)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.0.7.0 - Synaptics)
TuneUp Utilities 2014 (en-US) (Version: 14.0.1000.275 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM\...\TuneUp Utilities) (Version: 14.0.1000.275 - TuneUp Software)
TuneUp Utilities 2014 (Version: 14.0.1000.275 - TuneUp Software) Hidden
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
2009-07-14 04:04 - 2014-05-11 17:52 - 00511162 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
0.0.0.0 fr.a2dfp.net
0.0.0.0 m.fr.a2dfp.net
0.0.0.0 mfr.a2dfp.net
0.0.0.0 ad.a8.net
0.0.0.0 asy.a8ww.net
0.0.0.0 static.a-ads.com
0.0.0.0 abcstats.com
0.0.0.0 ad4.abradio.cz
0.0.0.0 a.abv.bg
0.0.0.0 adserver.abv.bg
0.0.0.0 adv.abv.bg
0.0.0.0 bimg.abv.bg
0.0.0.0 ca.abv.bg
0.0.0.0 www2.a-counter.kiev.ua
0.0.0.0 track.acclaimnetwork.com
0.0.0.0 accuserveadsystem.com
0.0.0.0 www.accuserveadsystem.com
0.0.0.0 achmedia.com
0.0.0.0 csh.actiondesk.com
0.0.0.0 ads.activepower.net
0.0.0.0 app.activetrail.com
0.0.0.0 stat.active24stats.nl #[Tracking.Cookie]
0.0.0.0 traffic.acwebconnecting.com
0.0.0.0 office.ad1.ru
0.0.0.0 cms.ad2click.nl
0.0.0.0 ad2games.com
0.0.0.0 ads.ad2games.com
0.0.0.0 content.ad20.net
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {13D3761A-414A-43B8-ADEE-B5B4731AB80E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {3A98CAD9-36EA-463B-862B-F2C1AA928502} - System32\Tasks\GU5SkipUAC => C:\Program Files\Glary Utilities 5\Integrator.exe [2014-05-13] (Glarysoft Ltd)
Task: {3B7FD11F-E76D-4ABF-9432-D144E8008F4E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-04] (AVAST Software)
Task: {BCFC2BD8-9A14-4C77-900B-FB80EE40FEEC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-15] (Adobe Systems Incorporated)
Task: {C080234B-5C83-454A-84F4-990771C7B733} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-03-09] (Google Inc.)
Task: {DDE8E26E-A807-4EE1-8A73-27A78B0A54C7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-03-09] (Google Inc.)
Task: {F0CA9A2A-FE98-4D0C-A828-0C1E648FEF98} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files\TuneUp Utilities 2014\OneClick.exe [2014-03-20] (TuneUp Software)
Task: {F2856397-75A0-4D37-BCF9-5290D892565B} - System32\Tasks\GlaryInitialize 5 => C:\Program Files\Glary Utilities 5\Initialize.exe [2014-05-13] (Glarysoft Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GlaryInitialize 5.job => C:\Program Files\Glary Utilities 5\Initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-05-16 19:10 - 2014-05-16 19:10 - 02253312 _____ () C:\Program Files\AVAST Software\Avast\defs\14051601\algo.dll
2014-05-22 20:25 - 2014-05-22 20:25 - 02254848 _____ () C:\Program Files\AVAST Software\Avast\defs\14052200\algo.dll
2014-03-20 14:44 - 2014-03-20 14:44 - 00568120 _____ () C:\Program Files\TuneUp Utilities 2014\avgreplibx.dll
2014-03-15 22:23 - 2014-03-15 22:23 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-05-13 21:17 - 2014-05-08 01:29 - 00065352 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.137\chrome_elf.dll
2014-05-13 21:17 - 2014-05-08 01:29 - 04081480 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.137\pdf.dll
2014-05-13 21:17 - 2014-05-08 01:29 - 00390472 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll
2014-05-13 21:17 - 2014-05-08 01:29 - 01647432 _____ () C:\Program Files\Google\Chrome\Application\34.0.1847.137\ffmpegsumo.dll
2014-04-09 19:43 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\Bebita\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-04-09 19:43 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\Bebita\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
 
==================== Disabled items from MSCONFIG ==============
 
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AEADIFilters => 2
MSCONFIG\Services: AgereModemAudio => 2
MSCONFIG\Services: Ati External Event Utility => 2
MSCONFIG\Services: Com4QLBEx => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: LiveUpdateSvc => 2
MSCONFIG\startupreg: GUDelayStartup => "C:\Program Files\Glary Utilities 5\StartupManager.exe" -delayrun
MSCONFIG\startupreg: QlbCtrl.exe => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
MSCONFIG\startupreg: SoundMAXPnP => C:\Program Files\Analog Devices\Core\smax4pnp.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/23/2014 07:59:47 PM) (Source: VSS) (EventID: 12292) (User: )
Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
].
 
 
Operation:
   Obtain a callable interface for this provider
   List interfaces for all providers supporting this context
   Query Shadow Copies
 
Context:
   Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshot Context: 13
   Snapshot Context: 13
   Execution Context: Coordinator
 
Error: (05/23/2014 07:59:47 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} and name SW_PROV cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]
 
 
Operation:
   Obtain a callable interface for this provider
   List interfaces for all providers supporting this context
   Query Shadow Copies
 
Context:
   Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshot Context: 13
   Snapshot Context: 13
   Execution Context: Coordinator
 
Error: (05/23/2014 07:39:14 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80042302).
 
Error: (05/23/2014 07:39:14 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine GetProviderMgmtInterface.  hr = 0x8004230f, The shadow copy provider had an unexpected error while trying to process the specified operation.
.
 
Error: (05/23/2014 07:39:14 PM) (Source: VSS) (EventID: 12292) (User: )
Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
].
 
 
Operation:
   Obtain a callable interface for this provider
   Obtaining provider management interface
 
Context:
   Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Class ID: {00000000-0000-0000-0000-000000000000}
   Snapshot Context: -1
   Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
 
Error: (05/23/2014 07:39:14 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} and name SW_PROV cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]
 
 
Operation:
   Obtain a callable interface for this provider
   Obtaining provider management interface
 
Context:
   Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Class ID: {00000000-0000-0000-0000-000000000000}
   Snapshot Context: -1
   Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
 
Error: (05/22/2014 04:34:22 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80042302).
 
Error: (05/22/2014 04:34:22 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine GetProviderMgmtInterface.  hr = 0x8004230f, The shadow copy provider had an unexpected error while trying to process the specified operation.
.
 
Error: (05/22/2014 04:34:22 PM) (Source: VSS) (EventID: 12292) (User: )
Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
].
 
 
Operation:
   Obtain a callable interface for this provider
   Obtaining provider management interface
 
Context:
   Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Class ID: {00000000-0000-0000-0000-000000000000}
   Snapshot Context: -1
   Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
 
Error: (05/22/2014 04:34:22 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} and name SW_PROV cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]
 
 
Operation:
   Obtain a callable interface for this provider
   Obtaining provider management interface
 
Context:
   Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Class ID: {00000000-0000-0000-0000-000000000000}
   Snapshot Context: -1
   Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
 
 
System errors:
=============
 
Microsoft Office Sessions:
=========================
Error: (05/23/2014 07:59:47 PM) (Source: VSS) (EventID: 12292) (User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
 
Operation:
   Obtain a callable interface for this provider
   List interfaces for all providers supporting this context
   Query Shadow Copies
 
Context:
   Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshot Context: 13
   Snapshot Context: 13
   Execution Context: Coordinator
 
Error: (05/23/2014 07:59:47 PM) (Source: VSS) (EventID: 13) (User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}SW_PROV0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
 
Operation:
   Obtain a callable interface for this provider
   List interfaces for all providers supporting this context
   Query Shadow Copies
 
Context:
   Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshot Context: 13
   Snapshot Context: 13
   Execution Context: Coordinator
 
Error: (05/23/2014 07:39:14 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x80042302
 
Error: (05/23/2014 07:39:14 PM) (Source: VSS) (EventID: 8193) (User: )
Description: GetProviderMgmtInterface0x8004230f, The shadow copy provider had an unexpected error while trying to process the specified operation.
 
Error: (05/23/2014 07:39:14 PM) (Source: VSS) (EventID: 12292) (User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
 
Operation:
   Obtain a callable interface for this provider
   Obtaining provider management interface
 
Context:
   Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Class ID: {00000000-0000-0000-0000-000000000000}
   Snapshot Context: -1
   Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
 
Error: (05/23/2014 07:39:14 PM) (Source: VSS) (EventID: 13) (User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}SW_PROV0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
 
Operation:
   Obtain a callable interface for this provider
   Obtaining provider management interface
 
Context:
   Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Class ID: {00000000-0000-0000-0000-000000000000}
   Snapshot Context: -1
   Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
 
Error: (05/22/2014 04:34:22 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x80042302
 
Error: (05/22/2014 04:34:22 PM) (Source: VSS) (EventID: 8193) (User: )
Description: GetProviderMgmtInterface0x8004230f, The shadow copy provider had an unexpected error while trying to process the specified operation.
 
Error: (05/22/2014 04:34:22 PM) (Source: VSS) (EventID: 12292) (User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
 
Operation:
   Obtain a callable interface for this provider
   Obtaining provider management interface
 
Context:
   Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Class ID: {00000000-0000-0000-0000-000000000000}
   Snapshot Context: -1
   Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
 
Error: (05/22/2014 04:34:22 PM) (Source: VSS) (EventID: 13) (User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}SW_PROV0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
 
Operation:
   Obtain a callable interface for this provider
   Obtaining provider management interface
 
Context:
   Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Class ID: {00000000-0000-0000-0000-000000000000}
   Snapshot Context: -1
   Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 52%
Total physical RAM: 2047.3 MB
Available physical RAM: 969.71 MB
Total Pagefile: 4094.61 MB
Available Pagefile: 2707.83 MB
Total Virtual: 2047.88 MB
Available Virtual: 1915.48 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:48.83 GB) (Free:29.52 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:97.65 GB) (Free:8.63 GB) NTFS
Drive e: () (Fixed) (Total:86.39 GB) (Free:24.61 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 35BAD3C9)
Partition 1: (Active) - (Size=49 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=184 GB) - (Type=OF Extended)
 
==================== End Of Log ============================
 
 
I divided the zipped Summary into 5 pieces of 7000 bytes each and rename them with txt, and still can't upload them here
 
  • Summary.7z.001.txt

    This file was too big to upload

 
I hope is not any problem for you to take the archived Summary file from here:
 
 
Thank you for your understanding.
 
 

 

Attached Files


Edited by xspeed, 23 May 2014 - 02:09 PM.


#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,511 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:51 AM

Posted 23 May 2014 - 03:11 PM

Greetings,

Are you currently experiencing any issues with your computer?
Did you network administrator give you any information regarding any infections on your computer or how they knew the router was compromised?
Does this look familiar to you?

C:\Users\Bebita\Downloads\SAS_2666029.COM
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 xspeed

xspeed
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 24 May 2014 - 05:11 AM

Hi,

 

Sorry Gary, I don't know any details about your questions,

 

I don't remember what is C:\Users\Bebita\Downloads\SAS_2666029.COM but I deleted the file.

 

If everything should be ok with my system, can you tell me how can I protect if the router will be compromised again?

Are there any Windows Firewall settings to protect me better ? I don't want to install any other firewall because the computer will be too slow.

 

Tell me please, if the router was hacked, all my information which has been sent online could be intercepted ?

Or what any harms could happened to my laptop, and my information because of the router?

 

Thank you very much !

 

 



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,511 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:51 AM

Posted 24 May 2014 - 02:12 PM

Greetings,

I do not know what kind of infection you had but I will address your concerns regarding the theft of your personal information. This may or may not have happened to you, I simply don't know. The type of infection that results in the theft of information is commonly referred to as a Backdoor Trojan. That is a pretty severe infection and we try to be quite careful before telling someone they have/had that type of infection because of the risks associated with Backdoor Trojans. Rather than trying to explain it I am going to simply post the information I already have. The first part briefly explains Backdoor Trojans and the second part is my response to someone who asks whether or not they should reformat their hard drive in response to the confirmed infection.

To be clear, I have no idea whether or not you had a Backdoor Trojan but because of your concern I offer the information for your review and consideration.

Following the Backdoor Trojan information I will provide you with several sources of information to address how to keep you computer safe in the future.

Please let me know if this satisfies your concerns and whether or not you need further assistance.

===================================================

BACKDOOR WARNING!

--------------------

One or more of the identified infections is a Backdoor Trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. Please let me know if you have already noticed evidences of financial institution irregularities. Those accounts should be monitored from this point forward.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

===================================================
 

Here are some thoughts I have put together for people who ask what they should do in light of the infection. Ultimately each user must decide for themselves what to do and the below are things you might want to consider.

It is necessary for us to at least make you aware of the worse case scenario. This is because of the potential Backdoor Trojans bring with them, but it is not a determination on our part that your situation currently falls within this worse case scenario.

Ultimately it is a personal decision whether to reformat or not. What decision should you make to let you sleep well at night? It is different for different people. I will say whether rightly or wrongly most people decide to clean and not reformat, at least initially.

The only insight I can offer is how I evaluate the issue personally even though I have never had a Backdoor Trojan on my computer. One of the primary purposes for malicious software is to somehow separate you from your money. It seems reasonable to assume that a thief trying to take your money via a Backdoor Trojan will hit you hard, and quickly. Once your computer starts to act up and you become suspicious you have the opportunity to eliminate access to your computer and change the information taken, namely account and password information. The key to this, in my opinion, is whether or not you have noticed any irregularities in your banking or other financial institutions, or things like email and social network accounts (i.e. Facebook). If you have not seen any evidence of that then you may question whether your information has truly been stolen. If it seems it hasn't, and your critical information has been changed, it is reasonable to be more confident you are safe but you must stop short of claiming an absolute guarantee.

If, after careful consideration you decide not to reformat your computer it would be wise to continue monitoring your sensitive data and don't wait to address future symptoms on your computer which seem to be malware related.

The bottom line, the only way to be absolutely sure to be rid of a Backdoor Trojan is to reformat. The decision is yours.


===================================================

Keeping Your Computer Safe

----------

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read: Simple and easy ways to keep your computer safe and secure on the Internet.

In addition, here are some more links you might find of interest:===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Does this address your concerns?
  • Are you in need of any other assistance?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 xspeed

xspeed
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:05:51 PM

Posted 24 May 2014 - 02:25 PM

Thank you very much for everything Gary !

 

I don't use so valorous information, but I've decided to format the hard disk.

 

I wish you good luck further !



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,511 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:51 AM

Posted 24 May 2014 - 03:24 PM

OK, thanks for letting me know. Reformatting is always the safest route.

Gary
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,511 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:51 AM

Posted 24 May 2014 - 03:24 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users