ssolvason
Members-
Posts
4 -
Joined
-
Last visited
Reputation
0 Neutral-
Hi Maniac, My concern is files on my externalbackup disk being infected. Will they cause a problem when I put them back on my freshly reformatted PC? If is up-to-date as a database and program version, probably - yes, but I doubt it. I am talking about the files from my PC on the external disk. You said "yes, but I doubt it" - does this mean you think there is a chance the trojan will be on the external disk and I will transfer it back to my PC? I found the following comment in the link you gave me: When Should I Format, How Should I Reinstall From this link, I found the following quote: Today's Nastiest Viruses The USB vaccine is only going to protect me from the virus embedding itself into Autorun, right? How can I ensure that I get rid of it with the reformat? Finally, my machine has a Recovery Partition for use in reinstalling Windows and I have two partitions on my PC. Am I OK wiping just the C:\ drive and reinstalling windows, or is it necessary to format the entire hard disk and re-create the two partitions? Thanks again for all you help
-
Hi Maniac, Which infection is identified to use a backdoor? So what does it mean that my computer is compromised? Can I use it for another month or should I rather reformat it now? What can happen if I wait? Next, I am making backups of all my data on an external disk. How can I be sure that this external disk won't contain the infection? My university uses McAfee virusscan - is running such a scan enough to ensure the trojan is gone? Also, are other computers in my home network at risk on being infected from this trojan? Thanks so much for your help!
-
Hi Maniac, Thank you very much for your reply and your help. How do you know what steps to take when disinfecting a computer? How did you know that I should run the tools you told me to run? Is there any way I can tell by myself in the future? I still cannot visit this website or others such as the Panda security site, thus I am still using a different computer to post this. Here are the files you requested: Rkill log: Rkill 2.4.3 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2012 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 09/28/2012 11:10:24 PM in x64 mode. Windows Version: Windows 7 Home Premium Service Pack 1 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * C:\Users\Simon\AppData\Roaming\Izyvo\ezyxi.exe (PID: 5808) [uP-HEUR] * C:\Windows\SysWOW64\ACEngSvr.exe (PID: 5544) [WD-HEUR] 2 proccesses terminated! Checking Registry for malware related settings: * Explorer Policy Removed: NoActiveDesktopChanges [HKLM] Backup Registry file created at: C:\Users\Simon\Desktop\rkill\rkill-09-28-2012-11-10-29.reg Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * ALERT: ZEROACCESS rootkit symptoms found! * HKEY_CLASSES_ROOT\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32 [ZA Reg Hijack] * HKEY_CLASSES_ROOT\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 [ZA Reg Hijack] * C:\$Recycle.Bin\S-1-5-18\$648c7366661d8c7ca2b5bfc01b210a94\ [ZA Dir] * C:\$Recycle.Bin\S-1-5-18\$648c7366661d8c7ca2b5bfc01b210a94\L\ [ZA Dir] * C:\$Recycle.Bin\S-1-5-18\$648c7366661d8c7ca2b5bfc01b210a94\U\ [ZA Dir] * C:\$Recycle.Bin\S-1-5-18\$648c7366661d8c7ca2b5bfc01b210a94\U\00000001.@ [ZA File] * C:\$Recycle.Bin\S-1-5-21-1459309865-1590611044-2395882671-1001\$648c7366661d8c7ca2b5bfc01b210a94\ [ZA Dir] * C:\$Recycle.Bin\S-1-5-21-1459309865-1590611044-2395882671-1001\$648c7366661d8c7ca2b5bfc01b210a94\L\ [ZA Dir] * C:\$Recycle.Bin\S-1-5-21-1459309865-1590611044-2395882671-1001\$648c7366661d8c7ca2b5bfc01b210a94\U\ [ZA Dir] Checking Windows Service Integrity: * Windows Firewall Authorization Driver (mpsdrv) is not Running. Startup Type set to: Manual * BFE [Missing Service] * BITS [Missing Service] * iphlpsvc [Missing Service] * MpsSvc [Missing Service] * WinDefend [Missing Service] * wscsvc [Missing Service] * wuauserv [Missing Service] * SharedAccess [Missing ImagePath] Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * No issues found. Program finished at: 09/28/2012 11:10:38 PM Execution time: 0 hours(s), 0 minute(s), and 14 seconds(s) MalwareBytes Log Malwarebytes Anti-Malware (Trial) 1.65.0.1400 www.malwarebytes.org Database version: v2012.09.28.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Simon :: SIMON-PC [administrator] Protection: Enabled 28/09/2012 23:13:30 mbam-log-2012-09-28 (23-13-30).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 240631 Time elapsed: 4 minute(s), 53 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|45253 (Trojan.Agent) -> Data: C:\PROGRA~3\LOCALS~1\Temp\mszfuxa.bat -> Delete on reboot. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) aswMBR Log: aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-09-28 23:19:30 ----------------------------- 23:19:30.440 OS Version: Windows x64 6.1.7601 Service Pack 1 23:19:30.441 Number of processors: 4 586 0x2A07 23:19:30.441 ComputerName: SIMON-PC UserName: Simon 23:19:31.384 Initialize success 23:21:05.907 AVAST engine defs: 12092800 23:27:44.194 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 23:27:44.196 Disk 0 Vendor: ST975042 0002 Size: 715404MB BusType: 3 23:27:44.216 Disk 0 MBR read successfully 23:27:44.218 Disk 0 MBR scan 23:27:44.262 Disk 0 Windows 7 default MBR code 23:27:44.265 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 25600 MB offset 2048 23:27:44.279 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 286161 MB offset 52430848 23:27:44.298 Disk 0 Partition - 00 0F Extended LBA 403641 MB offset 638488576 23:27:44.326 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 403640 MB offset 638490624 23:27:44.383 Disk 0 scanning C:\Windows\system32\drivers 23:27:56.038 Service scanning 23:28:21.374 Modules scanning 23:28:21.380 Disk 0 trace - called modules: 23:28:21.752 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 23:28:21.756 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800691c060] 23:28:21.759 3 CLASSPNP.SYS[fffff88001aa643f] -> nt!IofCallDriver -> [0xfffffa80062d48c0] 23:28:21.762 5 ACPI.sys[fffff88000f947a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa80062d5050] 23:28:32.851 AVAST engine scan C:\Windows 23:28:35.526 AVAST engine scan C:\Windows\system32 23:32:05.237 AVAST engine scan C:\Windows\system32\drivers 23:32:19.344 AVAST engine scan C:\Users\Simon 23:46:55.319 Disk 0 MBR has been saved successfully to "C:\Users\Simon\Desktop\simontemp\Results\MBR.dat" 23:46:55.367 The log file has been saved successfully to "C:\Users\Simon\Desktop\simontemp\Results\aswMBR.txt" aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-09-28 23:56:39 ----------------------------- 23:56:39.501 OS Version: Windows x64 6.1.7601 Service Pack 1 23:56:39.501 Number of processors: 4 586 0x2A07 23:56:39.502 ComputerName: SIMON-PC UserName: Simon 23:56:40.452 Initialize success 23:56:49.614 AVAST engine defs: 12092800 23:56:52.194 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 23:56:52.195 Disk 0 Vendor: ST975042 0002 Size: 715404MB BusType: 3 23:56:52.217 Disk 0 MBR read successfully 23:56:52.218 Disk 0 MBR scan 23:56:52.222 Disk 0 Windows 7 default MBR code 23:56:52.225 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 25600 MB offset 2048 23:56:52.238 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 286161 MB offset 52430848 23:56:52.258 Disk 0 Partition - 00 0F Extended LBA 403641 MB offset 638488576 23:56:52.285 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 403640 MB offset 638490624 23:56:52.363 Disk 0 scanning C:\Windows\system32\drivers 23:57:08.850 Service scanning 23:57:37.765 Modules scanning 23:57:37.771 Disk 0 trace - called modules: 23:57:38.110 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 23:57:38.114 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800691c060] 23:57:38.118 3 CLASSPNP.SYS[fffff88000c3543f] -> nt!IofCallDriver -> [0xfffffa80062d45c0] 23:57:38.122 5 ACPI.sys[fffff88000f6c7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa80062d5050] 23:57:38.941 AVAST engine scan C:\Windows 23:57:42.727 AVAST engine scan C:\Windows\system32 00:01:44.672 AVAST engine scan C:\Windows\system32\drivers 00:02:08.935 AVAST engine scan C:\Users\Simon 00:07:12.814 Disk 0 MBR has been saved successfully to "C:\Users\Simon\Desktop\simontemp\Results\MBR.dat" 00:07:12.878 The log file has been saved successfully to "C:\Users\Simon\Desktop\simontemp\Results\aswMBR.txt" I didn't finish the Avast scan as you didn't have this in your screenshots. Fresh DDS Log: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2 Run by Simon at 0:30:06 on 2012-09-29 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6049.3083 [GMT 2:00] . AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\FBAgent.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe C:\Program Files (x86)\Bluetooth Suite\adminservice.exe C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files (x86)\Secunia\PSI\PSIA.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Secunia\PSI\sua.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\P4G\BatteryLife.exe C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe C:\Program Files (x86)\ASUS\Splendid\ACMON.exe C:\Program Files\ASUS\ASUS Secure Delete\ADDEL.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files (x86)\syncables\syncables desktop\syncables.exe C:\Program Files (x86)\PoivY.com\PoivY\poivy.exe C:\Users\Simon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files (x86)\Google\Drive\googledrivesync.exe C:\Users\Simon\AppData\Local\Akamai\netsession_win.exe C:\Users\Simon\AppData\Local\Akamai\netsession_win.exe C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Users\Simon\AppData\Roaming\Izyvo\ezyxi.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe C:\Program Files (x86)\ASUS\USBChargerPlus\UsbChargerPlus.exe C:\Windows\SysWOW64\ACEngSvr.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe C:\Program Files (x86)\Google\Drive\googledrivesync.exe C:\Program Files (x86)\Secunia\PSI\psi_tray.exe C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe C:\Program Files (x86)\syncables\syncables desktop\syncablesMAPI.exe C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe C:\Program Files (x86)\MagicDisc\MagicDisc.exe C:\Windows\AsScrPro.exe C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Intel\TurboBoost\TurboBoost.exe C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Users\Simon\Desktop\simontemp\aswMBR.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\splwow64.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://asus.msn.com uDefault_Page_URL = hxxp://asus.msn.com mStart Page = hxxp://asus.msn.com BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll uRun: [K-Net Utility] "C:\Program Files (x86)\KNet Utility\KNet Utility.exe" -winstart uRun: [Google Update] "C:\Users\Simon\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [syncables] C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe uRun: [PoivY] "C:\Program Files (x86)\PoivY.com\PoivY\poivy.exe" -nosplash -minimized uRun: [spotify Web Helper] "C:\Users\Simon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart uRun: [Akamai NetSession Interface] "C:\Users\Simon\AppData\Local\Akamai\netsession_win.exe" uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [Edamo] C:\Users\Simon\AppData\Roaming\Izyvo\ezyxi.exe uRun: [Obtemu] C:\Users\Simon\AppData\Roaming\Huiwys\ubmue.exe mRun: [sonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe mRun: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe mRun: [uSBChargerPlusTray] C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe mRun: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" mRun: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [<NO NAME>] mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" mExplorerRun: [45253] C:\PROGRA~3\LOCALS~1\Temp\mszfuxa.bat StartupFolder: C:\Users\Simon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\CODEME~1.LNK - C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe StartupFolder: C:\Users\Simon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\INTEL(~1.LNK - C:\Program Files (x86)\Intel\TurboBoost\SignalIslandUi.exe StartupFolder: C:\Users\Simon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{BDDE11BC-7DE0-408F-A4F2-377A950AE1A4} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{BDDE11BC-7DE0-408F-A4F2-377A950AE1A4}\3796D6F6E6 : DhcpNameServer = 192.168.43.1 TCP: Interfaces\{BDDE11BC-7DE0-408F-A4F2-377A950AE1A4}\4646D2772747 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{BDDE11BC-7DE0-408F-A4F2-377A950AE1A4}\E4544574541425 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{E4DA251A-3739-40A0-A433-7BA5118AFD22} : DhcpNameServer = 192.168.1.14 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll BHO-X64: IESpeakDoc - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll BHO-X64: Google Dictionary Compression sdch - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: SmartSelect - No File TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll mRun-x64: [sonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe mRun-x64: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe mRun-x64: [uSBChargerPlusTray] C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe mRun-x64: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" mRun-x64: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [(Default)] mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\7mtp51mz.default\ FF - prefs.js: browser.search.selectedEngine - Google Danmark FF - prefs.js: browser.startup.homepage - about:home FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Simon\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Users\Simon\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: C:\Users\Simon\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ---- FIREFOX POLICIES ---- FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . ============= SERVICES / DRIVERS =============== . R0 assd;assd;C:\Windows\system32\drivers\assd.sys --> C:\Windows\system32\drivers\assd.sys [?] R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?] R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?] R1 ATKWMIACPIIO_;ATKWMIACPI Driver_;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-7-26 17024] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?] R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-3-13 138400] R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-3-13 74912] R2 CodeMeter.exe;CodeMeter Runtime Server;C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [2010-6-30 2067344] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-27 399432] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-27 676936] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-6-13 1262400] R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2012-7-25 1326176] R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2012-7-25 681056] R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-7-21 2656280] R3 AiCharger;ASUS Charger Driver;C:\Windows\system32\DRIVERS\AiCharger.sys --> C:\Windows\system32\DRIVERS\AiCharger.sys [?] R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?] R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\system32\DRIVERS\FLxHCIc.sys --> C:\Windows\system32\DRIVERS\FLxHCIc.sys [?] R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\system32\DRIVERS\FLxHCIh.sys --> C:\Windows\system32\DRIVERS\FLxHCIh.sys [?] R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?] R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-30 149504] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-1 135664] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-9-27 250568] S3 AmUStor;AM USB Stroage Driver;C:\Windows\system32\drivers\AmUStor.SYS --> C:\Windows\system32\drivers\AmUStor.SYS [?] S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?] S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?] S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?] S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?] S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?] S3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?] S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-4-1 135664] S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\system32\DRIVERS\ManyCam_x64.sys --> C:\Windows\system32\DRIVERS\ManyCam_x64.sys [?] S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?] S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184] . =============== Created Last 30 ================ . 2012-09-28 21:08:36 -------- d-----w- C:\ProgramData\Panda Security 2012-09-28 21:08:33 -------- d-----w- C:\Program Files (x86)\Panda USB Vaccine 2012-09-27 16:48:14 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FFA772B9-7D2B-47C2-A12C-5D2DFC3BDF2D}\offreg.dll 2012-09-27 15:27:18 -------- d-----w- C:\Users\Simon\AppData\Roaming\Tuut 2012-09-27 15:27:18 -------- d-----w- C:\Users\Simon\AppData\Roaming\Piyx 2012-09-27 15:27:18 -------- d-----w- C:\Users\Simon\AppData\Roaming\Huiwys 2012-09-27 15:05:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-09-27 12:17:07 -------- d-----w- C:\Users\Simon\AppData\Local\Macromedia 2012-09-27 11:53:29 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-09-27 11:47:06 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll 2012-09-27 11:46:51 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll 2012-09-27 11:37:56 -------- d-----w- C:\Users\Simon\AppData\Local\{4A9AF856-6DB0-4A34-85D6-F087A0532A7B} 2012-09-27 11:22:19 -------- d-----w- C:\Users\Simon\AppData\Local\Secunia PSI 2012-09-27 11:19:39 -------- d-----w- C:\Program Files (x86)\Secunia 2012-09-27 08:53:35 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2012-09-26 18:32:18 824 ----a-w- C:\Windows\System32\drivers\etc\hosts.sys 2012-09-26 18:21:59 -------- d-----w- C:\Users\Simon\AppData\Roaming\Ypisez 2012-09-26 18:21:59 -------- d-----w- C:\Users\Simon\AppData\Roaming\Izyvo 2012-09-26 18:21:59 -------- d-----w- C:\Users\Simon\AppData\Roaming\Dyutfu 2012-09-25 16:08:30 -------- d-----w- C:\Users\Simon\AppData\Local\{130998F0-6B43-4B0B-9FEA-75134762FC3F} 2012-09-25 07:18:13 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FFA772B9-7D2B-47C2-A12C-5D2DFC3BDF2D}\mpengine.dll 2012-09-23 15:12:48 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-09-20 10:17:20 300032 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpcpp093.DLL 2012-09-19 19:56:38 -------- d-----w- C:\PC_on_off_time 2012-09-12 05:56:21 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys 2012-09-12 05:56:21 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys 2012-09-12 05:56:20 574464 ----a-w- C:\Windows\System32\d3d10level9.dll 2012-09-12 05:56:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll 2012-09-12 05:56:19 376688 ----a-w- C:\Windows\System32\drivers\netio.sys 2012-09-12 05:56:19 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2012-09-12 05:56:19 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-09-07 08:49:08 16192 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL 2012-08-30 20:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys . ==================== Find3M ==================== . 2012-09-27 16:48:10 45056 ----a-w- C:\Windows\System32\acovcnt.exe 2012-09-27 11:56:58 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-27 11:46:37 916456 ----a-w- C:\Windows\System32\deployJava1.dll 2012-09-27 08:53:29 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-09-27 08:53:29 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-09-07 15:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-08-30 20:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys 2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys 2012-07-06 20:07:42 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys 2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll 2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll 2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll . ============= FINISH: 0:32:58.14 ===============
-
Dear Helpers, I hope you will be able to help sort me out quickly. I'm on different PC now as I can't access your site otherwise. Yesterday, random radio sounds were playing out of the speakers every 20 minutes or so. I normally use Microsoft Security Essentials. I checked it, and the service was not even started for some reason. I started it and did a scan. Items were found and removed. Then I did a MalwareBytes quick scan and removed about 20 items, some upon restart. Now after restart it is even worse. I can't even visit your website. It goes to a fake 'Google' site that says "404 That's an Error, that's all we know" with a picture of a robot. I've tried Chrome, Firefox, and IE. And I tried reinstalling FF and Chrome as well. Also, I went to Facebook and they tried to start a form where I had to enter my credit card info for "security purposes". I know this is fake. What can I do without losing the data on the computer? Thank you! Attach.txt DDS.txt