Nade
-
Posts
11 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Nade
-
-
I appologise for the rule, I did not know.
-
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 21.12.2012 12:34:02
System Uptime: 18.04.2013 16:47:52 (0 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. | | X55VD
Processor: Intel® Core i3-2328M CPU @ 2.20GHz | SOCKET 0 | 2200/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 231 GiB total, 191,914 GiB free.
D: is FIXED (NTFS) - 235 GiB total, 233,337 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP17: 04.03.2013 19:13:58 - Sony Ericsson PC Companion
RP18: 04.03.2013 19:18:56 - Sony PC Companion
RP19: 09.03.2013 19:20:01 - Sony PC Companion
RP20: 09.03.2013 19:34:50 - Installed Microsoft Visual C++ 2005 Redistributable
RP21: 09.03.2013 19:40:21 - Removed Media Go
RP22: 09.03.2013 19:41:29 - Removed Media Go Video Playback Engine 1.96.119.08260
RP23: 09.03.2013 19:43:25 - Removed Microsoft Visual C++ 2005 Redistributable
RP24: 09.03.2013 19:43:55 - Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
RP25: 09.03.2013 19:47:08 - Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
RP26: 09.03.2013 19:48:00 - Removed PlayStation®Store.
RP27: 22.03.2013 01:54:09 - Scheduled Checkpoint
RP28: 03.04.2013 12:49:02 - Scheduled Checkpoint
RP29: 10.04.2013 16:30:41 - Scheduled Checkpoint
RP30: 12.04.2013 19:10:09 - Installed Java 7 Update 17
RP31: 18.04.2013 16:44:10 - Removed Nero 8. Available with Windows Installer version 1.2 and later.
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.02)
Adobe Shockwave Player 11.6
ASUS Smart Gesture
Aurora 19.0a2 (x86 en-US)
Avira Free Antivirus
ESET Online Scanner v3
Intel® Management Engine Components
Intel® OpenCL CPU Runtime
Intel® Processor Graphics
Intel® Trusted Connect Service Client
Java 7 Update 17
Java Auto Updater
K-Lite Codec Pack 9.5.5 (Full)
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Maintenance Service
neroxml
NVIDIA Control Panel 296.97
NVIDIA Graphics Driver 296.97
NVIDIA HD Audio Driver 1.3.13.1
NVIDIA Install Application
NVIDIA Optimus 1.7.13
NVIDIA Update 1.7.13
NVIDIA Update Components
Platform
Skype™ 6.0
Sony Ericsson Update Engine
Sony PC Companion 2.10.136
swMSM
VCRedistSetup
VIA Platform Device Manager
VLC media player 2.0.4
Windows Driver Package - ASUS (ATP) Mouse (08/27/2012 1.0.0.125)
WinRAR archiver
.
==== End Of File ===========================
-
I`ve deleted and unistalled Nero, here are the lists now
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.17.2
Run by Nade at 16:50:13 on 2013-04-18
Microsoft Windows 7 Ultimate 6.1.7601.1.1251.389.1033.18.3980.2717 [GMT 2:00]
.
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\viakaraokesrv.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
C:\Program Files (x86)\Aurora\firefox.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: ASUS Browser Extension x86: {78234974-0C4B-4111-BDEB-D9A104418771} - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x86\BrowserExtension.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe"
uRun: [sony PC Companion] "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 78.157.16.30 78.157.16.51 78.157.16.8
TCP: Interfaces\{7BF084F8-9937-4922-A459-CEAF6E0C4FE6} : DHCPNameServer = 78.157.16.30 78.157.16.51 78.157.16.8
TCP: Interfaces\{7BF084F8-9937-4922-A459-CEAF6E0C4FE6}\830323E21313E4 : DHCPNameServer = 217.16.69.1 217.16.69.3
TCP: Interfaces\{7DE91B37-CB3C-4AB2-9581-A8130FB622A7} : DHCPNameServer = 92.55.71.27 89.205.127.21
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: ASUS Browser Extension x64: {78234974-0C4B-4111-BDEB-D9A104418772} - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x64\BrowserExtension64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [ASUSQuickGesture(x86)] C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
x64-Run: [ASUSTPLoader(x64)] C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
x64-Run: [ASUSQuickGesture(x64)] C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Nade\AppData\Roaming\Mozilla\Firefox\Profiles\9lmvvgj1.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2012-12-21 29032]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-3-28 28600]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-12-21 86752]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-12-21 110816]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-3-28 100712]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-12-21 166720]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\System32\ViakaraokeSrv.exe [2012-12-21 27760]
R3 ATP;ASUS PS/2 Port Input Device;C:\Windows\System32\drivers\AsusTP.sys [2012-9-11 56704]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-12-21 331264]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-12-21 356632]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-12-21 789272]
R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-12-21 104560]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-12-21 1838656]
R3 rtbth;RTBTH Bluetooth Device Driver;C:\Windows\System32\drivers\rtbth.sys [2012-12-21 675424]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2012-12-21 2193008]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-12-21 365376]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\System32\drivers\ggflt.sys [2013-3-4 14448]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-14 19456]
S3 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2013-3-4 155824]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2012-11-14 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-14 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-14 30208]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-11-14 1255736]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
.
=============== Created Last 30 ================
.
2013-04-18 11:55:55 -------- d-----w- C:\Program Files (x86)\ESET
2013-04-17 02:23:57 -------- d-----w- C:\TMP
2013-04-12 17:11:01 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-28 05:02:25 28600 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2013-03-28 05:02:25 100712 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2013-03-21 17:04:33 252712 ----a-w- C:\Windows\ETDUninst.dll
.
==================== Find3M ====================
.
2013-04-12 17:10:56 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-04-12 17:10:56 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-04-04 12:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-03-04 18:19:28 27760 ----a-w- C:\Windows\System32\drivers\ggsemc.sys
2013-03-04 18:19:28 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll
2013-03-04 18:19:28 14448 ----a-w- C:\Windows\System32\drivers\ggflt.sys
.
============= FINISH: 16:50:49,26 ===============
-
Oh yes, should I uninstall the program?
-
Hey Daniel...I just finished the scan, it came out with 4 threads, here is a copy
C:\Program Files (x86)\Avira\AntiVir Desktop\apnic.dll a variant of Win32/Bundled.Toolbar.Ask application
C:\Program Files (x86)\Avira\AntiVir Desktop\apntoolbarinstaller.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\Nade\AppData\Local\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask application
D:\Instal programs\avira_free_antivirus_en.exe a variant of Win32/Bundled.Toolbar.Ask application
D:\Instal programs\Nero 8.1.1.0 Ultra Edition + Keygen [h33t] [CaZoR]\nero8x.exe a variant of Win32/Keygen.DS application
-
For now no, I saw that I still have that file in Quarantine in Malware, should I delete it? And If you dont mind, a bit of help how to prevent these bugs and worm from coming? As I said for now I have Avira the free version and Malwarebutes as well.
-
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.17.2
Run by Nade at 13:02:23 on 2013-04-18
Microsoft Windows 7 Ultimate 6.1.7601.1.1251.389.1033.18.3980.2480 [GMT 2:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\viakaraokesrv.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Aurora\firefox.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: ASUS Browser Extension x86: {78234974-0C4B-4111-BDEB-D9A104418771} - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x86\BrowserExtension.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe"
uRun: [sony PC Companion] "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 78.157.16.8 78.157.16.51 78.157.16.30
TCP: Interfaces\{7BF084F8-9937-4922-A459-CEAF6E0C4FE6} : DHCPNameServer = 78.157.16.8 78.157.16.51 78.157.16.30
TCP: Interfaces\{7BF084F8-9937-4922-A459-CEAF6E0C4FE6}\830323E21313E4 : DHCPNameServer = 217.16.69.1 217.16.69.3
TCP: Interfaces\{7DE91B37-CB3C-4AB2-9581-A8130FB622A7} : DHCPNameServer = 92.55.71.27 89.205.127.21
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: ASUS Browser Extension x64: {78234974-0C4B-4111-BDEB-D9A104418772} - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x64\BrowserExtension64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [ASUSQuickGesture(x86)] C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
x64-Run: [ASUSTPLoader(x64)] C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
x64-Run: [ASUSQuickGesture(x64)] C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Nade\AppData\Roaming\Mozilla\Firefox\Profiles\9lmvvgj1.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2012-12-21 29032]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-3-28 28600]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-12-21 86752]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-12-21 110816]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-3-28 100712]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-12-21 166720]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-12-21 365376]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\System32\ViakaraokeSrv.exe [2012-12-21 27760]
R3 ATP;ASUS PS/2 Port Input Device;C:\Windows\System32\drivers\AsusTP.sys [2012-9-11 56704]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-12-21 331264]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-12-21 356632]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-12-21 789272]
R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-12-21 104560]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-12-21 1838656]
R3 rtbth;RTBTH Bluetooth Device Driver;C:\Windows\System32\drivers\rtbth.sys [2012-12-21 675424]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2012-12-21 2193008]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\System32\drivers\ggflt.sys [2013-3-4 14448]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-14 19456]
S3 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2013-3-4 155824]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2012-11-14 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-14 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-14 30208]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-11-14 1255736]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
.
=============== Created Last 30 ================
.
2013-04-17 02:23:57 -------- d-----w- C:\TMP
2013-04-12 17:11:01 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-28 05:02:25 28600 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2013-03-28 05:02:25 100712 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2013-03-21 17:04:33 252712 ----a-w- C:\Windows\ETDUninst.dll
.
==================== Find3M ====================
.
2013-04-12 17:10:56 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-04-12 17:10:56 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-04-04 12:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-03-04 18:19:28 27760 ----a-w- C:\Windows\System32\drivers\ggsemc.sys
2013-03-04 18:19:28 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll
2013-03-04 18:19:28 14448 ----a-w- C:\Windows\System32\drivers\ggflt.sys
.
============= FINISH: 13:02:48,50 ===============
-
Daniel, I`ve read everything, and I am sending you the logs. p.s. thank you for the help!
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 21.12.2012 12:34:02
System Uptime: 18.04.2013 12:55:18 (1 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. | | X55VD
Processor: Intel® Core i3-2328M CPU @ 2.20GHz | SOCKET 0 | 2200/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 231 GiB total, 191,981 GiB free.
D: is FIXED (NTFS) - 235 GiB total, 233,163 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP17: 04.03.2013 19:13:58 - Sony Ericsson PC Companion
RP18: 04.03.2013 19:18:56 - Sony PC Companion
RP19: 09.03.2013 19:20:01 - Sony PC Companion
RP20: 09.03.2013 19:34:50 - Installed Microsoft Visual C++ 2005 Redistributable
RP21: 09.03.2013 19:40:21 - Removed Media Go
RP22: 09.03.2013 19:41:29 - Removed Media Go Video Playback Engine 1.96.119.08260
RP23: 09.03.2013 19:43:25 - Removed Microsoft Visual C++ 2005 Redistributable
RP24: 09.03.2013 19:43:55 - Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
RP25: 09.03.2013 19:47:08 - Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
RP26: 09.03.2013 19:48:00 - Removed PlayStation®Store.
RP27: 22.03.2013 01:54:09 - Scheduled Checkpoint
RP28: 03.04.2013 12:49:02 - Scheduled Checkpoint
RP29: 10.04.2013 16:30:41 - Scheduled Checkpoint
RP30: 12.04.2013 19:10:09 - Installed Java 7 Update 17
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.02)
Adobe Shockwave Player 11.6
ASUS Smart Gesture
Aurora 19.0a2 (x86 en-US)
Avira Free Antivirus
Intel® Management Engine Components
Intel® OpenCL CPU Runtime
Intel® Processor Graphics
Intel® Trusted Connect Service Client
Java 7 Update 17
Java Auto Updater
K-Lite Codec Pack 9.5.5 (Full)
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Maintenance Service
Nero 8
neroxml
NVIDIA Control Panel 296.97
NVIDIA Graphics Driver 296.97
NVIDIA HD Audio Driver 1.3.13.1
NVIDIA Install Application
NVIDIA Optimus 1.7.13
NVIDIA Update 1.7.13
NVIDIA Update Components
Platform
Skype™ 6.0
Sony Ericsson Update Engine
Sony PC Companion 2.10.136
swMSM
VCRedistSetup
VIA Platform Device Manager
VLC media player 2.0.4
Windows Driver Package - ASUS (ATP) Mouse (08/27/2012 1.0.0.125)
WinRAR archiver
.
==== End Of File ===========================
-
Hi, here is today`s log of Malwarebytes
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.04.18.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Nade :: NADE-PC [administrator]
18.04.2013 08:08:27
mbam-log-2013-04-18 (08-08-27).txt
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 318466
Time elapsed: 33 minute(s), 14 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Data: C:\Users\Nade\LOCALS~1\Temp\ccwaaa.exe -> Delete on reboot.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\Nade\AppData\Local\Temp\00026bad.exe (Trojan.Agent.RVGen5) -> Quarantined and deleted successfully.
(end)
-
Hi people I just scanned my conputer with both Avira and Malware Antibutes and I found this pum.userwload trojan.agent
Now, I might have done a mistake since I chose Malware to delete it but it wanted to restart to I chose No, I still havent restarted my conputer. here is the scan result from Avira.
Any help would be great, and I thank you in advance!
Avira Free Antivirus
Report file date: четврток, 18 април 2013 08:18
The program is running as an unrestricted full version.
Online services are available.
Licensee : Avira Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7 Ultimate
Windows version : (Service Pack 1) [6.1.7601]
Boot mode : Normally booted
Username : Nade
Computer name : NADE-PC
Version information:
BUILD.DAT : 13.0.0.3499 Bytes 19.03.2013 16:37:00
AVSCAN.EXE : 13.6.0.986 639712 Bytes 28.03.2013 05:01:57
AVSCANRC.DLL : 13.4.0.360 54560 Bytes 29.11.2012 08:30:16
LUKE.DLL : 13.6.0.902 67808 Bytes 28.03.2013 05:02:06
AVSCPLR.DLL : 13.6.0.986 94944 Bytes 19.03.2013 18:24:42
AVREG.DLL : 13.6.0.940 250592 Bytes 19.03.2013 18:24:42
avlode.dll : 13.6.2.940 434912 Bytes 28.03.2013 05:01:56
avlode.rdf : 13.0.0.46 15591 Bytes 28.03.2013 14:15:47
VBASE000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 11:33:49
VBASE001.VDF : 7.11.70.1 2048 Bytes 04.04.2013 11:33:49
VBASE002.VDF : 7.11.70.2 2048 Bytes 04.04.2013 11:33:49
VBASE003.VDF : 7.11.70.3 2048 Bytes 04.04.2013 11:33:50
VBASE004.VDF : 7.11.70.4 2048 Bytes 04.04.2013 11:33:50
VBASE005.VDF : 7.11.70.5 2048 Bytes 04.04.2013 11:33:50
VBASE006.VDF : 7.11.70.6 2048 Bytes 04.04.2013 11:33:50
VBASE007.VDF : 7.11.70.7 2048 Bytes 04.04.2013 11:33:50
VBASE008.VDF : 7.11.70.8 2048 Bytes 04.04.2013 11:33:50
VBASE009.VDF : 7.11.70.9 2048 Bytes 04.04.2013 11:33:51
VBASE010.VDF : 7.11.70.10 2048 Bytes 04.04.2013 11:33:51
VBASE011.VDF : 7.11.70.11 2048 Bytes 04.04.2013 11:33:51
VBASE012.VDF : 7.11.70.12 2048 Bytes 04.04.2013 11:33:51
VBASE013.VDF : 7.11.70.13 2048 Bytes 04.04.2013 11:33:51
VBASE014.VDF : 7.11.70.103 136192 Bytes 05.04.2013 12:31:09
VBASE015.VDF : 7.11.70.183 183808 Bytes 06.04.2013 17:31:42
VBASE016.VDF : 7.11.71.9 145920 Bytes 08.04.2013 11:04:27
VBASE017.VDF : 7.11.71.115 169472 Bytes 10.04.2013 05:29:39
VBASE018.VDF : 7.11.71.197 172544 Bytes 11.04.2013 13:40:36
VBASE019.VDF : 7.11.72.17 135168 Bytes 12.04.2013 12:00:29
VBASE020.VDF : 7.11.72.103 158208 Bytes 15.04.2013 05:15:11
VBASE021.VDF : 7.11.72.137 152064 Bytes 15.04.2013 12:11:35
VBASE022.VDF : 7.11.72.223 159232 Bytes 16.04.2013 12:40:34
VBASE023.VDF : 7.11.72.224 2048 Bytes 16.04.2013 12:40:34
VBASE024.VDF : 7.11.72.225 2048 Bytes 16.04.2013 12:40:34
VBASE025.VDF : 7.11.72.226 2048 Bytes 16.04.2013 12:40:34
VBASE026.VDF : 7.11.72.227 2048 Bytes 16.04.2013 12:40:35
VBASE027.VDF : 7.11.72.228 2048 Bytes 16.04.2013 12:40:35
VBASE028.VDF : 7.11.72.229 2048 Bytes 16.04.2013 12:40:35
VBASE029.VDF : 7.11.72.230 2048 Bytes 16.04.2013 12:40:35
VBASE030.VDF : 7.11.72.231 2048 Bytes 16.04.2013 12:40:35
VBASE031.VDF : 7.11.73.34 110592 Bytes 17.04.2013 14:09:03
Engine version : 8.2.12.28
AEVDF.DLL : 8.1.2.10 102772 Bytes 19.09.2012 13:42:55
AESCRIPT.DLL : 8.1.4.106 483709 Bytes 11.04.2013 13:40:57
AESCN.DLL : 8.1.10.4 131446 Bytes 26.03.2013 20:32:47
AESBX.DLL : 8.2.5.12 606578 Bytes 28.08.2012 15:58:06
AERDL.DLL : 8.2.0.88 643444 Bytes 10.01.2013 18:21:42
AEPACK.DLL : 8.3.2.6 827767 Bytes 28.03.2013 14:15:46
AEOFFICE.DLL : 8.1.2.56 205180 Bytes 08.03.2013 12:42:00
AEHEUR.DLL : 8.1.4.286 5845369 Bytes 11.04.2013 13:40:56
AEHELP.DLL : 8.1.25.2 258423 Bytes 12.10.2012 14:52:32
AEGEN.DLL : 8.1.7.2 442741 Bytes 26.03.2013 20:32:44
AEEXP.DLL : 8.4.0.20 192886 Bytes 15.04.2013 12:11:36
AEEMU.DLL : 8.1.3.2 393587 Bytes 19.09.2012 13:42:55
AECORE.DLL : 8.1.31.2 201080 Bytes 19.02.2013 13:32:56
AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 14:00:38
AVWINLL.DLL : 13.6.0.480 26480 Bytes 12.02.2013 13:10:26
AVPREF.DLL : 13.6.0.480 51056 Bytes 12.02.2013 13:10:29
AVREP.DLL : 13.6.0.480 178544 Bytes 05.02.2013 15:01:33
AVARKT.DLL : 13.6.0.902 260832 Bytes 28.03.2013 05:01:54
AVEVTLOG.DLL : 13.6.0.902 167648 Bytes 28.03.2013 05:01:55
SQLITE3.DLL : 3.7.0.1 397088 Bytes 19.09.2012 17:17:40
AVSMTP.DLL : 13.6.0.480 62832 Bytes 12.02.2013 13:10:30
NETNT.DLL : 13.6.0.480 16240 Bytes 12.02.2013 13:10:40
RCIMAGE.DLL : 13.4.0.360 4782880 Bytes 28.11.2012 14:09:40
RCTEXT.DLL : 13.6.0.976 67296 Bytes 28.03.2013 05:01:52
Configuration settings for the scan:
Jobname.............................: ShlExt
Configuration file..................: C:\Users\Nade\AppData\Local\Temp\bd693856.avp
Reporting...........................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: off
Scan registry.......................: off
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Limit recursion depth...............: 20
Smart extensions....................: on
Macrovirus heuristic................: on
File heuristic......................: extended
Start of the scan: четврток, 18 април 2013 08:18
Starting the file scan:
Begin scan in 'C:\'
C:\Users\Nade\AppData\Local\Temp\ccwaaa.exe
[DETECTION] Is the TR/Gamarue.AP Trojan
Beginning disinfection:
C:\Users\Nade\AppData\Local\Temp\ccwaaa.exe
[DETECTION] Is the TR/Gamarue.AP Trojan
[NOTE] The file was moved to the quarantine directory under the name '567e3b13.qua'!
End of the scan: четврток, 18 април 2013 09:05
Used time: 46:34 Minute(s)
The scan has been done completely.
19072 Scanned directories
1087751 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
1087750 Files not concerned
5693 Archives were scanned
0 Warnings
1 Notes
pum.userwload trojan.agent
in Resolved Malware Removal Logs
Posted
Daniel, thank you for your time and patience, I have only one more question, regarding Spyware Blaster, If I install it, woul it work well with Avira and MAlwarebutes as well? After your answer you may close this thread. I thank you again for your help
Best regards
Nade