Jump to content

roy2020

Members
  • Posts

    3
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I might do the re-installing by next week still. So I hope nothing bad will happen before that. Anyway thank you for the advice! I appreciate it!
  2. Hi Maniac, Okay I read your links and it almost gave me a heart attack.. I think i'll just follow your recommendation to do a re install. Oh by the way, I use Last Pass as my Password manager and it's pretty tough. I think the only way they could steal my card information is through a key logger..( am I right with this?).. Can we just check on that if there's one present in my PC right now? Fortunately, up to now there's still no unauthorized transaction on my card. But I deleted the card information on my Last Pass account anyway. Is it true key loggers are easy to spot by top anti virus softwares? Thanks!
  3. Hi, I'm not sure what kind of virus or rootkit it's called, but some anti virus I tried to run were stopped or failed to launch. I used to have avast as real time protection and MBAM as scanner (both free). Avast got corrupted all of a sudden when I did system restore. It prompted for a license when I was registered as a free user. Also it won't do a boot scan which is supposed to be one of its features. I was infected a month ago with "quicksearch info virus but adw cleaner fixed it. Malwarebytes doesn't find anything after a scan, (but it found a rootkit immediately after quick search virus infection) neither TDSS killer. Norton power eraser failed to launch when I fix the settings for a rootkit scan. Kaspersky virus scanner not only failed to launch but my PC shutdown as well and went to blue screen. I just did start up repair then system restore and everything went back to normal. I also tried Dr Web cure it today and - well it's amazing at first since they function in enhanced mode. It found a DHP virus (a backdoor trojan, if I remember it correctly). However, when I tried to run it again for the third time it wouldn't launch all of a sudden. I tried it 4 times. I even tried to shut down my firewall but nothing worked. I'm using Eset Nod32 free trial as my real time protection by the way but it hasn't found anything yet. I would really appreciate your help with this. Thanks! Below are the DDS logs: . ==== Installed Programs ====================== . ActiveCheck component for HP Active Support Library Adobe Flash Player 11 Plugin Apple Mobile Device Support BIOS Configuration for HP ProtectTools Bonjour CCleaner Compatibility Pack for the 2007 Office system Credential Manager for HP ProtectTools DirectX 9 Runtime DivX Setup Drive Encryption for HP ProtectTools DriverMax 6 EaseUS Todo Backup Free 4.5 Embedded Security for HP ProtectTools ESET NOD32 Antivirus General Module Glary Utilities 2.54.0.1759 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP ProtectTools Security Manager HP Total Care Advisor HPAsset component for HP Active Support Library Intel® Graphics Media Accelerator Driver Intel® Management Engine Interface Intel® PRO Network Connections 12.1.14.1 Intel® Active Management Technology Java 7 Update 17 Java Auto Updater LastPass (uninstall only) LightScribe System Software Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Office XP Professional Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Mouse Suite Mozilla Firefox 20.0.1 (x86 en-US) Mozilla Maintenance Service MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB2758694) Norton Bootable Recovery Tool Wizard PDF Complete Privatefirewall 7.0 QuickTime Revo Uninstaller 1.94 Roxio Activation Module Roxio Creator Audio Roxio Creator Business Roxio Creator Business v10 Roxio Creator Copy Roxio Creator Data Roxio Creator Tools Roxio Express Labeler 3 Roxio MyDVD Secunia PSI (3.0.0.3001) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Skype Click to Call Skype™ 6.3 SlimDrivers Sonic CinePlayer Decoder Pack SoundMAX SUPERAntiSpyware Twins video to iPod-Zune-PSP-3GP 1.1 Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) USB2.0 PC Camera(0050.2010.0326.3015) VC80CRTRedist - 8.0.50727.6195 Veetle TV . ==== End Of File =========================== DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 9.0.8112.16476 BrowserJavaVersion: 10.17.2 Run by Gabriel at 19:39:43 on 2013-04-29 . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe C:\Windows\system32\SLsvc.exe C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe C:\Windows\System32\spoolsv.exe C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Windows\system32\AEADISRV.EXE C:\Program Files\Intel\AMT\atchksrv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe C:\Windows\system32\ifxspmgt.exe C:\Windows\system32\ifxtcs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Intel\AMT\LMS.exe C:\New Files\Mbites\mbamscheduler.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\PDF Complete\pdfsvc.exe C:\Windows\system32\IfxPsdSv.exe C:\Program Files\Secunia\PSI\sua.exe C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\Program Files\Intel\AMT\UNS.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\System32\vds.exe C:\Windows\system32\taskeng.exe c:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe C:\Windows\system32\Dwm.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Windows\system32\taskeng.exe C:\Users\Daniel\Downloads\ttep60cg.exe C:\Users\Gabriel\AppData\Local\Temp\51B7CF3C-3281F190-2D04CC1A-2CBB49C4\9rvjjbi0.exe C:\Users\Gabriel\AppData\Local\Temp\51B7CF3C-3281F190-2D04CC1A-2CBB49C4\uhwdbcqa.exe C:\Windows\system32\ctfmon.exe C:\Windows\Explorer.exe C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\System32\svchost.exe -k Cognizance C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation . ============== Pseudo HJT Report =============== . uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=smb&pf=desktop uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=smb&pf=desktop mStart Page = hxxp://www.google.com mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=smb&pf=desktop mURLSearchHooks: <No Name>: - LocalServer32 - <no file> BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPToolbar.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Credential Manager for HP ProtectTools: {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPToolbar.dll mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice mRun: [Privatefirewall] c:\program files\privacyware\privatefirewall 7.0\PFGUI.exe mPolicies-Explorer: NoDriveTypeAutoRun = dword:255 mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPToolbar.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - <orphaned> DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{6CD329FA-F9D5-4519-AC5A-36DBD16AF952} : NameServer = 208.67.222.222,208.67.220.220 TCP: Interfaces\{6CD329FA-F9D5-4519-AC5A-36DBD16AF952} : DHCPNameServer = 192.168.1.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Notify: igfxcui - igfxdev.dll Notify: SDWinLogon - SDWinLogon.dll SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL LSA: Notification Packages = SbHpNp scecli ASWLNPkg LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe" . ================= FIREFOX =================== . FF - ProfilePath - c:\users\gabriel\appdata\roaming\mozilla\firefox\profiles\zrqaokgz.default\ FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\veetle\player\npvlc.dll FF - plugin: c:\program files\veetle\plugins\npVeetle.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_169.dll FF - plugin: c:\windows\system32\npdeployJava1.dll FF - plugin: c:\windows\system32\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R? A2DDA;A2 Direct Disk Access Support Driver R? AVGIDSHX;AVGIDSHX R? AVGIDSShim;AVGIDSShim R? b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86 R? GUCI_AVS;Generic USB Controller Interface (AVS) R? MBAMService;MBAMService R? PSI;PSI R? RoxMediaDB10;RoxMediaDB10 R? Secunia PSI Agent;Secunia PSI Agent R? SkypeUpdate;Skype Updater R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0 S? !SASCORE;SAS Core Service S? ASBroker;Logon Session Broker S? ASChannel;Local Communication Channel S? eamonm;eamonm S? EaseUS Agent;EaseUS Agent Service S? ehdrv;ehdrv S? ekrn;ESET Service S? epfwwfpr;epfwwfpr S? EUBAKUP;EUBAKUP S? EUBKMON;EUBKMON S? EUDSKACS;EUDSKACS S? EUFDDISK;EUFDDISK S? FontCache;Windows Font Cache Service S? Guard Agent;Guard Agent Service S? HpFkCryptService;Drive Encryption Service S? MBAMProtector;MBAMProtector S? MBAMScheduler;MBAMScheduler S? pdfcDispatcher;PDF Document Manager S? PersonalSecureDrive;PersonalSecureDrive S? PFNet;Privacyware network service S? pwipf6;Privacyware Filter Driver S? RsvLock;RsvLock S? SafeBoot;SafeBoot S? SASDIFSV;SASDIFSV S? SASKUTIL;SASKUTIL S? SbAlg;SbAlg S? SbFsLock;SbFsLock S? Secunia Update Agent;Secunia Update Agent S? Skype C2C Service;Skype C2C Service S? SMR322;Symantec SMR Utility Service 3.2.2 S? UNS;Intel® Active Management Technology User Notification Service . =============== Created Last 30 ================ . 9999-10-13 12:15:26 808 ----a-w- c:\windows\system32\drivers\etc\hosts-lms.tmp 2013-04-29 08:58:10 -------- d-----w- C:\Stinger_Quarantine 2013-04-29 00:42:47 98392 ----a-w- c:\windows\system32\drivers\SMR322.SYS 2013-04-28 16:18:47 -------- d-----w- c:\users\gabriel\Doctor Web 2013-04-28 13:08:29 -------- d-----w- c:\programdata\SMR322 2013-04-28 13:07:29 -------- d-----w- c:\users\gabriel\appdata\local\NPE 2013-04-27 00:21:25 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2013-04-27 00:16:12 6906960 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{112685b7-e4b1-415b-89ce-4d12539b00b9}\mpengine.dll 2013-04-20 23:18:02 -------- d-----w- c:\users\gabriel\appdata\roaming\SUPERAntiSpyware.com 2013-04-16 10:30:47 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2013-04-16 10:27:15 106928 ----a-w- c:\windows\system32\GEARAspi.dll 2013-04-16 10:26:00 -------- d-----w- c:\windows\system32\drivers\nbrtwizard\0501000.01A 2013-04-16 10:26:00 -------- d-----w- c:\windows\system32\drivers\NBRTWizard 2013-04-16 10:25:55 -------- d-----w- c:\program files\Norton Bootable Recovery Tool Wizard 2013-04-16 10:24:23 -------- d-----w- c:\programdata\NortonInstaller 2013-04-16 10:24:23 -------- d-----w- c:\program files\NortonInstaller 2013-04-16 09:01:42 -------- d-----w- c:\programdata\Norton 2013-04-16 07:51:10 -------- d-----w- c:\users\gabriel\appdata\local\Google 2013-04-16 07:28:27 -------- d-----w- c:\users\gabriel\appdata\roaming\Malwarebytes 2013-04-16 07:28:17 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-04-16 07:24:47 -------- d-----w- C:\New Files 2013-04-16 07:15:57 -------- d-----w- c:\program files\Glary Utilities 2013-04-16 07:10:34 -------- d-----w- c:\users\gabriel\appdata\local\Macromedia 2013-04-15 10:45:33 -------- d-----w- c:\users\gabriel\pappa pics 2013-04-15 10:23:53 -------- d-----w- c:\users\gabriel\appdata\local\Mozilla 2013-04-15 10:21:41 -------- d-----w- c:\users\gabriel\appdata\local\Apple 2013-04-15 10:10:29 -------- d-----w- c:\users\gabriel\appdata\roaming\GlarySoft 2013-04-15 06:19:41 -------- d-----w- c:\users\gabriel\btr 2013-04-15 06:06:54 -------- d-----w- c:\users\gabriel\appdata\local\Privatefirewall 2013-04-15 06:04:15 -------- d-----w- c:\users\gabriel\appdata\local\Hewlett-Packard 2013-04-15 02:55:02 -------- d-----w- c:\program files\Glary Utilities2 2013-04-14 12:02:05 -------- d-----w- c:\program files\ESET 2013-04-13 07:21:35 128672 ----a-w- c:\windows\system32\drivers\pwipf6.sys 2013-04-13 07:21:16 -------- d-----w- c:\program files\Privacyware 2013-04-10 07:47:10 1082232 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-10 07:47:07 3603816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-04-10 07:47:07 3551080 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-04-10 07:47:06 64000 ----a-w- c:\windows\system32\smss.exe 2013-04-10 07:47:06 49152 ----a-w- c:\windows\system32\csrsrv.dll 2013-04-10 07:47:03 2067968 ----a-w- c:\windows\system32\mstscax.dll 2013-04-10 07:46:59 376320 ----a-w- c:\windows\system32\winsrv.dll 2013-04-10 07:46:55 2049024 ----a-w- c:\windows\system32\win32k.sys . ==================== Find3M ==================== . 2013-04-14 14:25:16 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-04-14 14:25:16 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-03-18 13:54:12 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-03-18 13:54:10 861088 ----a-w- c:\windows\system32\npdeployJava1.dll 2013-03-18 13:54:10 782240 ----a-w- c:\windows\system32\deployJava1.dll 2013-03-17 23:53:11 869376 ----a-w- c:\windows\is-V5090.exe 2013-03-11 17:10:56 237088 ------w- c:\windows\system32\MpSigStub.exe 2013-02-22 03:46:00 1800704 ----a-w- c:\windows\system32\jscript9.dll 2013-02-22 03:38:00 1129472 ----a-w- c:\windows\system32\wininet.dll 2013-02-22 03:37:50 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2013-02-22 03:34:17 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2013-02-22 03:34:03 420864 ----a-w- c:\windows\system32\vbscript.dll 2013-02-22 03:31:46 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2013-02-20 03:07:38 171680 ----a-w- c:\windows\system32\drivers\eamonm.sys 2013-02-12 01:57:27 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys 2012-09-29 15:21:56 10974280 ----a-w- c:\program files\common files\lpuninstall.exe . ============= FINISH: 19:40:07.55 ===============
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.