Jump to content

ssolvason

Members
  • Posts

    4
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hi Maniac, My concern is files on my externalbackup disk being infected. Will they cause a problem when I put them back on my freshly reformatted PC? If is up-to-date as a database and program version, probably - yes, but I doubt it. I am talking about the files from my PC on the external disk. You said "yes, but I doubt it" - does this mean you think there is a chance the trojan will be on the external disk and I will transfer it back to my PC? I found the following comment in the link you gave me: When Should I Format, How Should I Reinstall From this link, I found the following quote: Today's Nastiest Viruses The USB vaccine is only going to protect me from the virus embedding itself into Autorun, right? How can I ensure that I get rid of it with the reformat? Finally, my machine has a Recovery Partition for use in reinstalling Windows and I have two partitions on my PC. Am I OK wiping just the C:\ drive and reinstalling windows, or is it necessary to format the entire hard disk and re-create the two partitions? Thanks again for all you help
  2. Hi Maniac, Which infection is identified to use a backdoor? So what does it mean that my computer is compromised? Can I use it for another month or should I rather reformat it now? What can happen if I wait? Next, I am making backups of all my data on an external disk. How can I be sure that this external disk won't contain the infection? My university uses McAfee virusscan - is running such a scan enough to ensure the trojan is gone? Also, are other computers in my home network at risk on being infected from this trojan? Thanks so much for your help!
  3. Hi Maniac, Thank you very much for your reply and your help. How do you know what steps to take when disinfecting a computer? How did you know that I should run the tools you told me to run? Is there any way I can tell by myself in the future? I still cannot visit this website or others such as the Panda security site, thus I am still using a different computer to post this. Here are the files you requested: Rkill log: Rkill 2.4.3 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2012 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 09/28/2012 11:10:24 PM in x64 mode. Windows Version: Windows 7 Home Premium Service Pack 1 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * C:\Users\Simon\AppData\Roaming\Izyvo\ezyxi.exe (PID: 5808) [uP-HEUR] * C:\Windows\SysWOW64\ACEngSvr.exe (PID: 5544) [WD-HEUR] 2 proccesses terminated! Checking Registry for malware related settings: * Explorer Policy Removed: NoActiveDesktopChanges [HKLM] Backup Registry file created at: C:\Users\Simon\Desktop\rkill\rkill-09-28-2012-11-10-29.reg Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * ALERT: ZEROACCESS rootkit symptoms found! * HKEY_CLASSES_ROOT\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32 [ZA Reg Hijack] * HKEY_CLASSES_ROOT\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 [ZA Reg Hijack] * C:\$Recycle.Bin\S-1-5-18\$648c7366661d8c7ca2b5bfc01b210a94\ [ZA Dir] * C:\$Recycle.Bin\S-1-5-18\$648c7366661d8c7ca2b5bfc01b210a94\L\ [ZA Dir] * C:\$Recycle.Bin\S-1-5-18\$648c7366661d8c7ca2b5bfc01b210a94\U\ [ZA Dir] * C:\$Recycle.Bin\S-1-5-18\$648c7366661d8c7ca2b5bfc01b210a94\U\00000001.@ [ZA File] * C:\$Recycle.Bin\S-1-5-21-1459309865-1590611044-2395882671-1001\$648c7366661d8c7ca2b5bfc01b210a94\ [ZA Dir] * C:\$Recycle.Bin\S-1-5-21-1459309865-1590611044-2395882671-1001\$648c7366661d8c7ca2b5bfc01b210a94\L\ [ZA Dir] * C:\$Recycle.Bin\S-1-5-21-1459309865-1590611044-2395882671-1001\$648c7366661d8c7ca2b5bfc01b210a94\U\ [ZA Dir] Checking Windows Service Integrity: * Windows Firewall Authorization Driver (mpsdrv) is not Running. Startup Type set to: Manual * BFE [Missing Service] * BITS [Missing Service] * iphlpsvc [Missing Service] * MpsSvc [Missing Service] * WinDefend [Missing Service] * wscsvc [Missing Service] * wuauserv [Missing Service] * SharedAccess [Missing ImagePath] Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * No issues found. Program finished at: 09/28/2012 11:10:38 PM Execution time: 0 hours(s), 0 minute(s), and 14 seconds(s) MalwareBytes Log Malwarebytes Anti-Malware (Trial) 1.65.0.1400 www.malwarebytes.org Database version: v2012.09.28.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Simon :: SIMON-PC [administrator] Protection: Enabled 28/09/2012 23:13:30 mbam-log-2012-09-28 (23-13-30).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 240631 Time elapsed: 4 minute(s), 53 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|45253 (Trojan.Agent) -> Data: C:\PROGRA~3\LOCALS~1\Temp\mszfuxa.bat -> Delete on reboot. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) aswMBR Log: aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-09-28 23:19:30 ----------------------------- 23:19:30.440 OS Version: Windows x64 6.1.7601 Service Pack 1 23:19:30.441 Number of processors: 4 586 0x2A07 23:19:30.441 ComputerName: SIMON-PC UserName: Simon 23:19:31.384 Initialize success 23:21:05.907 AVAST engine defs: 12092800 23:27:44.194 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 23:27:44.196 Disk 0 Vendor: ST975042 0002 Size: 715404MB BusType: 3 23:27:44.216 Disk 0 MBR read successfully 23:27:44.218 Disk 0 MBR scan 23:27:44.262 Disk 0 Windows 7 default MBR code 23:27:44.265 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 25600 MB offset 2048 23:27:44.279 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 286161 MB offset 52430848 23:27:44.298 Disk 0 Partition - 00 0F Extended LBA 403641 MB offset 638488576 23:27:44.326 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 403640 MB offset 638490624 23:27:44.383 Disk 0 scanning C:\Windows\system32\drivers 23:27:56.038 Service scanning 23:28:21.374 Modules scanning 23:28:21.380 Disk 0 trace - called modules: 23:28:21.752 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 23:28:21.756 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800691c060] 23:28:21.759 3 CLASSPNP.SYS[fffff88001aa643f] -> nt!IofCallDriver -> [0xfffffa80062d48c0] 23:28:21.762 5 ACPI.sys[fffff88000f947a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa80062d5050] 23:28:32.851 AVAST engine scan C:\Windows 23:28:35.526 AVAST engine scan C:\Windows\system32 23:32:05.237 AVAST engine scan C:\Windows\system32\drivers 23:32:19.344 AVAST engine scan C:\Users\Simon 23:46:55.319 Disk 0 MBR has been saved successfully to "C:\Users\Simon\Desktop\simontemp\Results\MBR.dat" 23:46:55.367 The log file has been saved successfully to "C:\Users\Simon\Desktop\simontemp\Results\aswMBR.txt" aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-09-28 23:56:39 ----------------------------- 23:56:39.501 OS Version: Windows x64 6.1.7601 Service Pack 1 23:56:39.501 Number of processors: 4 586 0x2A07 23:56:39.502 ComputerName: SIMON-PC UserName: Simon 23:56:40.452 Initialize success 23:56:49.614 AVAST engine defs: 12092800 23:56:52.194 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 23:56:52.195 Disk 0 Vendor: ST975042 0002 Size: 715404MB BusType: 3 23:56:52.217 Disk 0 MBR read successfully 23:56:52.218 Disk 0 MBR scan 23:56:52.222 Disk 0 Windows 7 default MBR code 23:56:52.225 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 25600 MB offset 2048 23:56:52.238 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 286161 MB offset 52430848 23:56:52.258 Disk 0 Partition - 00 0F Extended LBA 403641 MB offset 638488576 23:56:52.285 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 403640 MB offset 638490624 23:56:52.363 Disk 0 scanning C:\Windows\system32\drivers 23:57:08.850 Service scanning 23:57:37.765 Modules scanning 23:57:37.771 Disk 0 trace - called modules: 23:57:38.110 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 23:57:38.114 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800691c060] 23:57:38.118 3 CLASSPNP.SYS[fffff88000c3543f] -> nt!IofCallDriver -> [0xfffffa80062d45c0] 23:57:38.122 5 ACPI.sys[fffff88000f6c7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa80062d5050] 23:57:38.941 AVAST engine scan C:\Windows 23:57:42.727 AVAST engine scan C:\Windows\system32 00:01:44.672 AVAST engine scan C:\Windows\system32\drivers 00:02:08.935 AVAST engine scan C:\Users\Simon 00:07:12.814 Disk 0 MBR has been saved successfully to "C:\Users\Simon\Desktop\simontemp\Results\MBR.dat" 00:07:12.878 The log file has been saved successfully to "C:\Users\Simon\Desktop\simontemp\Results\aswMBR.txt" I didn't finish the Avast scan as you didn't have this in your screenshots. Fresh DDS Log: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2 Run by Simon at 0:30:06 on 2012-09-29 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6049.3083 [GMT 2:00] . AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\FBAgent.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe C:\Program Files (x86)\Bluetooth Suite\adminservice.exe C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files (x86)\Secunia\PSI\PSIA.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Secunia\PSI\sua.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\P4G\BatteryLife.exe C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe C:\Program Files (x86)\ASUS\Splendid\ACMON.exe C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files (x86)\syncables\syncables desktop\syncables.exe C:\Program Files (x86)\PoivY.com\PoivY\poivy.exe C:\Users\Simon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files (x86)\Google\Drive\googledrivesync.exe C:\Users\Simon\AppData\Local\Akamai\netsession_win.exe C:\Users\Simon\AppData\Local\Akamai\netsession_win.exe C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Users\Simon\AppData\Roaming\Izyvo\ezyxi.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe C:\Program Files (x86)\ASUS\USBChargerPlus\UsbChargerPlus.exe C:\Windows\SysWOW64\ACEngSvr.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe C:\Program Files (x86)\Google\Drive\googledrivesync.exe C:\Program Files (x86)\Secunia\PSI\psi_tray.exe C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe C:\Program Files (x86)\syncables\syncables desktop\syncablesMAPI.exe C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe C:\Program Files (x86)\MagicDisc\MagicDisc.exe C:\Windows\AsScrPro.exe C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Intel\TurboBoost\TurboBoost.exe C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Users\Simon\Desktop\simontemp\aswMBR.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\splwow64.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://asus.msn.com uDefault_Page_URL = hxxp://asus.msn.com mStart Page = hxxp://asus.msn.com BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll uRun: [K-Net Utility] "C:\Program Files (x86)\KNet Utility\KNet Utility.exe" -winstart uRun: [Google Update] "C:\Users\Simon\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [syncables] C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe uRun: [PoivY] "C:\Program Files (x86)\PoivY.com\PoivY\poivy.exe" -nosplash -minimized uRun: [spotify Web Helper] "C:\Users\Simon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart uRun: [Akamai NetSession Interface] "C:\Users\Simon\AppData\Local\Akamai\netsession_win.exe" uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [Edamo] C:\Users\Simon\AppData\Roaming\Izyvo\ezyxi.exe uRun: [Obtemu] C:\Users\Simon\AppData\Roaming\Huiwys\ubmue.exe mRun: [sonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe mRun: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe mRun: [uSBChargerPlusTray] C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe mRun: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" mRun: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [<NO NAME>] mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" mExplorerRun: [45253] C:\PROGRA~3\LOCALS~1\Temp\mszfuxa.bat StartupFolder: C:\Users\Simon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\CODEME~1.LNK - C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe StartupFolder: C:\Users\Simon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\INTEL(~1.LNK - C:\Program Files (x86)\Intel\TurboBoost\SignalIslandUi.exe StartupFolder: C:\Users\Simon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{BDDE11BC-7DE0-408F-A4F2-377A950AE1A4} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{BDDE11BC-7DE0-408F-A4F2-377A950AE1A4}\3796D6F6E6 : DhcpNameServer = 192.168.43.1 TCP: Interfaces\{BDDE11BC-7DE0-408F-A4F2-377A950AE1A4}\4646D2772747 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{BDDE11BC-7DE0-408F-A4F2-377A950AE1A4}\E4544574541425 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{E4DA251A-3739-40A0-A433-7BA5118AFD22} : DhcpNameServer = 192.168.1.14 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll BHO-X64: IESpeakDoc - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll BHO-X64: Google Dictionary Compression sdch - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: SmartSelect - No File TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll mRun-x64: [sonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe mRun-x64: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe mRun-x64: [uSBChargerPlusTray] C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe mRun-x64: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" mRun-x64: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [(Default)] mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\7mtp51mz.default\ FF - prefs.js: browser.search.selectedEngine - Google Danmark FF - prefs.js: browser.startup.homepage - about:home FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Simon\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Users\Simon\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: C:\Users\Simon\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ---- FIREFOX POLICIES ---- FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . ============= SERVICES / DRIVERS =============== . R0 assd;assd;C:\Windows\system32\drivers\assd.sys --> C:\Windows\system32\drivers\assd.sys [?] R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?] R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?] R1 ATKWMIACPIIO_;ATKWMIACPI Driver_;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-7-26 17024] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?] R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-3-13 138400] R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-3-13 74912] R2 CodeMeter.exe;CodeMeter Runtime Server;C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [2010-6-30 2067344] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-27 399432] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-27 676936] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-6-13 1262400] R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2012-7-25 1326176] R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2012-7-25 681056] R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-7-21 2656280] R3 AiCharger;ASUS Charger Driver;C:\Windows\system32\DRIVERS\AiCharger.sys --> C:\Windows\system32\DRIVERS\AiCharger.sys [?] R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?] R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\system32\DRIVERS\FLxHCIc.sys --> C:\Windows\system32\DRIVERS\FLxHCIc.sys [?] R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\system32\DRIVERS\FLxHCIh.sys --> C:\Windows\system32\DRIVERS\FLxHCIh.sys [?] R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?] R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-30 149504] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-1 135664] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-9-27 250568] S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?] S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?] S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?] S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?] S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?] S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?] S3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?] S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-1 135664] S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\system32\DRIVERS\ManyCam_x64.sys --> C:\Windows\system32\DRIVERS\ManyCam_x64.sys [?] S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?] S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184] . =============== Created Last 30 ================ . 2012-09-28 21:08:36 -------- d-----w- C:\ProgramData\Panda Security 2012-09-28 21:08:33 -------- d-----w- C:\Program Files (x86)\Panda USB Vaccine 2012-09-27 16:48:14 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FFA772B9-7D2B-47C2-A12C-5D2DFC3BDF2D}\offreg.dll 2012-09-27 15:27:18 -------- d-----w- C:\Users\Simon\AppData\Roaming\Tuut 2012-09-27 15:27:18 -------- d-----w- C:\Users\Simon\AppData\Roaming\Piyx 2012-09-27 15:27:18 -------- d-----w- C:\Users\Simon\AppData\Roaming\Huiwys 2012-09-27 15:05:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-09-27 12:17:07 -------- d-----w- C:\Users\Simon\AppData\Local\Macromedia 2012-09-27 11:53:29 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-09-27 11:47:06 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll 2012-09-27 11:46:51 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll 2012-09-27 11:37:56 -------- d-----w- C:\Users\Simon\AppData\Local\{4A9AF856-6DB0-4A34-85D6-F087A0532A7B} 2012-09-27 11:22:19 -------- d-----w- C:\Users\Simon\AppData\Local\Secunia PSI 2012-09-27 11:19:39 -------- d-----w- C:\Program Files (x86)\Secunia 2012-09-27 08:53:35 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2012-09-26 18:32:18 824 ----a-w- C:\Windows\System32\drivers\etc\hosts.sys 2012-09-26 18:21:59 -------- d-----w- C:\Users\Simon\AppData\Roaming\Ypisez 2012-09-26 18:21:59 -------- d-----w- C:\Users\Simon\AppData\Roaming\Izyvo 2012-09-26 18:21:59 -------- d-----w- C:\Users\Simon\AppData\Roaming\Dyutfu 2012-09-25 16:08:30 -------- d-----w- C:\Users\Simon\AppData\Local\{130998F0-6B43-4B0B-9FEA-75134762FC3F} 2012-09-25 07:18:13 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FFA772B9-7D2B-47C2-A12C-5D2DFC3BDF2D}\mpengine.dll 2012-09-23 15:12:48 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-09-20 10:17:20 300032 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpcpp093.DLL 2012-09-19 19:56:38 -------- d-----w- C:\PC_on_off_time 2012-09-12 05:56:21 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys 2012-09-12 05:56:21 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys 2012-09-12 05:56:20 574464 ----a-w- C:\Windows\System32\d3d10level9.dll 2012-09-12 05:56:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll 2012-09-12 05:56:19 376688 ----a-w- C:\Windows\System32\drivers\netio.sys 2012-09-12 05:56:19 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2012-09-12 05:56:19 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-09-07 08:49:08 16192 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL 2012-08-30 20:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys . ==================== Find3M ==================== . 2012-09-27 16:48:10 45056 ----a-w- C:\Windows\System32\acovcnt.exe 2012-09-27 11:56:58 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-27 11:46:37 916456 ----a-w- C:\Windows\System32\deployJava1.dll 2012-09-27 08:53:29 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-09-27 08:53:29 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-09-07 15:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-08-30 20:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys 2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys 2012-07-06 20:07:42 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys 2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll 2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll 2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll . ============= FINISH: 0:32:58.14 ===============
  4. Dear Helpers, I hope you will be able to help sort me out quickly. I'm on different PC now as I can't access your site otherwise. Yesterday, random radio sounds were playing out of the speakers every 20 minutes or so. I normally use Microsoft Security Essentials. I checked it, and the service was not even started for some reason. I started it and did a scan. Items were found and removed. Then I did a MalwareBytes quick scan and removed about 20 items, some upon restart. Now after restart it is even worse. I can't even visit your website. It goes to a fake 'Google' site that says "404 That's an Error, that's all we know" with a picture of a robot. I've tried Chrome, Firefox, and IE. And I tried reinstalling FF and Chrome as well. Also, I went to Facebook and they tried to start a form where I had to enter my credit card info for "security purposes". I know this is fake. What can I do without losing the data on the computer? Thank you! Attach.txt DDS.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.