Jump to content

Recommended Posts

It started a few days ago with my laptop, which is what I use 90% of the time. When I did a Google search and clicked on a link I always got a 404 Not Found page. I happened to look at the address bar and it had some domain listed like puffbum or bumpuff or something weird. I immediately started a scan (Avast 6) which found nothing. I tried restoring to an earlier date but nothing happened. I restarted the laptop and that's when I discovered it had turned into a doorstop. F2 (BIOS) worked. The hidden recovery partition could not be accessed and all I got was the Windows Recovery Options, none of which solved anything, and I tried them all.

When I tried System Repair it did find (and repair) a couple of things. I cannot remember what the first one said, but the second referred to something in MBR. I also attempted the System Restore option with the result that it "successfully" restored to an earlier point in time (a few days before the "event"); however, Windows still booted only to the Windows Recovery Options window.

I tried booting from a Linux emergency disk made by the EaseUS backup program, and while the laptop booted correctly to the EaseUS program, it did not recognize either of the two cloned drives on one USB drive, nor did it recognize the backups on a different USB drive, although they were listed in the selection box in both cases.

The laptop is under warranty and Asus suggests returning it for a replacement hard drive. I haven't received an RMA yet and am more than willing to try anything suggested here.

I can't even give you all the specs for the laptop since I didn't record them anywhere other than that it is an Asus UL80VT with 4 GB memory and an NVidia discrete graphics chip as well as the onboard graphics. I can't even remember if it is Intel or AMD, but it is quad core if that helps.

Thanks!

Link to post
Share on other sites

Hello again, :)

Try this please. You will need a USB drive.

Download GETxPUD.exe to the desktop of your clean computer

  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Press Tool at the top
  • Choose Open Terminal
  • Type the following and press enter:
    dd if=/dev/sda of=mbr.bin bs=512 count=1
  • Press Enter
  • After it has finished a file will be located on your USB drive named mbr.bin
  • Remove the USB drive and insert it back in your working computer and navigate to mbr.bin, zip it up and attach it to your next reply.

This will allow me to have a look at the MasterBootRecord of your drive and see if it is infected.

Link to post
Share on other sites

No worries, that is a very small file, it also shows that the MBR is infected. Rewriting it should get the laptop booting again. :)

Please right click the following link and select "save link/target as": http://noahdfear.net/downloads/beta/xPUD_MBRfix

Save the file as xPUD_mbrfix to your flashdrive.

Boot in xPUD and navigate to the flashdrive, double click on xPUD_mbrfix to run it.

When asked "What boot code do you want to write?" type: 7 (assuming that your computer has windows 7 installed, if it is vista type i) and press enter.

Type sda and press enter.

Type Y and press enter.

This will create a file called mlog.txt on your flashdrive. Post its contents in your next reply and let me know if you can boot normally in Windows now.

Link to post
Share on other sites

Wow. Are you a miracle worker, or "just" a genius??! I couldn't believe it when I saw Windows come up with my user name. There were a couple of little glitches with having a black screen a couple of times after clicking my user name, but with using the power button after each time it finally booted to my desktop.

Here is the mlog.txt you asked for:

Mon Feb 20 21:48:47 UTC 2012

User has chosen Windows 7 boot code

User has chosen drive sda

Backing up mbr to backup_sda.bin

Boot code structure before fix

/dev/sda has an x86 boot sector,

it is an unknown boot record

Boot code structure after repairing

/dev/sda has an x86 boot sector,

it is a Microsoft 7 master boot record, like the one this

program creates with the switch -7 on a hard disk device.

After getting my desktop back up I updated Avast and did a full scan. It detected 4 threats which I tried to move to quarantine. Most were successful, but one was not. The error message was that there was not enough room (??? drive has 44 GB free); anyway, I decided to just delete that file since it ended in .tmp and I figured it was a temp file anyway. Avast also suggested, and I performed, a reboot so that it could scan something else (boot? PUP? don't remember). That was taking a long time so I left it and did something else and when I returned my desktop was back up so I don't know what the result of that scan might have been. I think I may recognize the name of the file it was supposed to go to, though.

Do you need any info from those scans? It is a mystery how I got the bad stuff when I try to keep things up to date, but maybe I picked something up from a hijacked website. I do have WOT enabled as an add-on.

Anything I should do next, O Wise One?

Link to post
Share on other sites

I'm glad to hear that worked! Shouldn't take a lot of genius though for anyone working with (or rather against) the latest malware. :) Just too bad that a hardware manufacturer rather blames it on the drive...

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Download DDS by sUBs from one of the following links. Save it to your desktop.

    [*]Double click on the DDS icon, allow it to run.

    [*]A small box will open, with an explaination about the tool. No input is needed, the scan is running.

    [*]Notepad will open with the results.

    [*]Follow the instructions that pop up for posting the results.

    [*]Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Link to post
Share on other sites

The info in DDS.txt:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385

Run by Mimi at 19:17:30 on 2012-02-23

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4061.2607 [GMT -5:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe

C:\Windows\system32\FBAgent.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe

C:\Program Files\ATKGFNEX\GFNEXSrv.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe

C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe

C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe

C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe

C:\Program Files\P4G\BatteryLife.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe

C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

C:\Program Files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe

C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Elantech\ETDCtrl.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe

C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe

C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\EASEUS\Todo Backup\bin\EuWatch.exe

C:\Program Files (x86)\EASEUS\Todo Backup\bin\TrayNotify.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe

C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe

C:\Windows\AsScrPro.exe

C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\explorer.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\calc.exe

C:\Program Files\Windows NT\Accessories\wordpad.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = https://login.secure...il.tomarkit.com

uDefault_Page_URL = hxxp://asus.msn.com

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

mRun: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

mRun: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe

mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe

mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe

mRun: [setwallpaper] c:\programdata\SetWallpaper.cmd

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun: [EaseUs Watch] "C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe"

mRun: [EaseUs Tray] "C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{8C34E6FC-3BDC-4C92-817E-E328ABE2E74B} : DhcpNameServer = 192.168.1.254

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

BHO-X64: Search Helper - No File

BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

mRun-x64: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

mRun-x64: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe

mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe

mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe

mRun-x64: [setwallpaper] c:\programdata\SetWallpaper.cmd

mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun-x64: [EaseUs Watch] "C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe"

mRun-x64: [EaseUs Tray] "C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

.

============= SERVICES / DRIVERS ===============

.

R0 EUBAKUP;EUBAKUP;C:\Windows\system32\drivers\eubakup.sys --> C:\Windows\system32\drivers\eubakup.sys [?]

R0 EUBKMON;EUBKMON;C:\Windows\system32\drivers\EUBKMON.sys --> C:\Windows\system32\drivers\EUBKMON.sys [?]

R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]

R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]

R1 EUDSKACS;EUDSKACS;\??\C:\Windows\system32\drivers\eudskacs.sys --> C:\Windows\system32\drivers\eudskacs.sys [?]

R1 EUFDDISK;EUFDDISK;\??\C:\Windows\system32\drivers\EuFdDisk.sys --> C:\Windows\system32\drivers\EuFdDisk.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]

R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2010-2-18 14904]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]

R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-1-30 44768]

R2 EaseUS Agent;EaseUS Agent;C:\Program Files (x86)\EASEUS\Todo Backup\bin\Agent.exe [2012-2-8 60552]

R2 Guard Agent;Guard Agent;C:\Program Files (x86)\EASEUS\Todo Backup\bin\GuardAgent.exe [2012-2-8 23176]

R2 OberonGameConsoleService;Oberon Media Game Console service;C:\Program Files (x86)\ASUS\Game Park\GameConsole\OberonGameConsoleService.exe [2010-2-18 44312]

R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]

R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2012-2-8 14216]

S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2012-2-8 8456]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-8 533344]

S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-02-21 06:24:48 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{656CFD5E-5460-423F-8CAA-EAF225E343B3}\mpengine.dll

2012-02-10 16:44:03 -------- d-----w- C:\Users\Mimi\AppData\Roaming\Asus WebStorage

2012-02-10 03:24:38 -------- d-----w- C:\ProgramData\Tarma Installer

2012-02-09 07:11:00 -------- d-----w- C:\Program Files (x86)\IrfanView

2012-02-09 05:49:56 -------- d-----w- C:\Users\Mimi\AppData\Roaming\IrfanView

2012-02-08 23:24:48 44680 ----a-w- C:\Windows\System32\drivers\eubakup.sys

2012-02-08 23:24:48 19592 ----a-w- C:\Windows\System32\drivers\eudskacs.sys

2012-02-08 23:24:48 189576 ----a-w- C:\Windows\System32\drivers\EuFdDisk.sys

2012-02-08 23:24:47 50312 ----a-w- C:\Windows\System32\drivers\EUBKMON.sys

2012-02-08 23:22:54 25224 ----a-w- C:\Windows\System32\fbnative.exe

2012-02-08 23:15:30 3321728 ----a-w- C:\Windows\System32\BootMan.exe

2012-02-08 23:15:30 19840 ----a-w- C:\Windows\SysWow64\EuEpmGdi.dll

2012-02-08 23:15:30 16256 ----a-w- C:\Windows\System32\EuEpmGdi.dll

2012-02-08 23:15:29 9096 ----a-w- C:\Windows\System32\EuGdiDrv.sys

2012-02-08 23:15:29 86408 ----a-w- C:\Windows\SysWow64\setupempdrv03.exe

2012-02-08 23:15:29 8456 ----a-w- C:\Windows\SysWow64\EuGdiDrv.sys

2012-02-08 23:15:29 2469760 ----a-w- C:\Windows\SysWow64\BootMan.exe

2012-02-08 23:15:29 16776 ----a-w- C:\Windows\System32\epmntdrv.sys

2012-02-08 23:15:29 14216 ----a-w- C:\Windows\SysWow64\epmntdrv.sys

2012-02-08 23:15:29 100232 ----a-w- C:\Windows\System32\setupempdrvx64.exe

2012-02-08 23:15:25 -------- d-----w- C:\Program Files (x86)\EASEUS

2012-02-07 19:30:28 -------- d-----w- C:\Program Files (x86)\PDFlite

2012-02-07 19:29:39 -------- d-----w- C:\Program Files (x86)\Yahoo!

2012-02-04 05:15:18 -------- d-----w- C:\Users\Mimi\AppData\Roaming\OpenOffice.org

2012-02-04 04:18:41 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3

2012-02-04 04:17:30 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-02-02 05:59:35 -------- d-----w- C:\Windows\SysWow64\Wat

2012-02-02 05:59:35 -------- d-----w- C:\Windows\System32\Wat

2012-02-02 03:05:48 14336 ----a-w- C:\Windows\System32\drivers\sffp_sd.sys

2012-02-02 02:58:04 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll

2012-02-02 02:58:04 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll

2012-02-02 02:58:04 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll

2012-02-02 02:58:04 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe

2012-02-02 02:58:04 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll

2012-02-02 02:58:04 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll

2012-02-02 02:58:03 48960 ----a-w- C:\Windows\System32\netfxperf.dll

2012-02-02 02:58:03 444752 ----a-w- C:\Windows\System32\mscoree.dll

2012-02-02 02:58:03 320352 ----a-w- C:\Windows\System32\PresentationHost.exe

2012-02-02 02:58:02 1942856 ----a-w- C:\Windows\System32\dfshim.dll

2012-02-02 02:18:45 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2012-02-02 01:25:34 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys

2012-02-02 01:25:33 243712 ----a-w- C:\Windows\System32\drivers\ks.sys

2012-02-02 00:51:19 102400 ----a-w- C:\Windows\System32\drivers\dfsc.sys

2012-02-02 00:51:14 6144 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll

2012-02-02 00:51:14 6144 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll

2012-02-02 00:51:05 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2012-02-02 00:49:59 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll

2012-02-02 00:48:59 94208 ----a-w- C:\Program Files (x86)\Common Files\System\Ole DB\msdaosp.dll

2012-02-02 00:46:54 720896 ----a-w- C:\Windows\System32\odbc32.dll

2012-02-02 00:46:53 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll

2012-02-02 00:46:53 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll

2012-02-02 00:46:53 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll

2012-02-02 00:46:53 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll

2012-02-02 00:46:53 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll

2012-02-02 00:46:53 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll

2012-02-02 00:46:53 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll

2012-02-02 00:46:53 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll

2012-02-02 00:46:53 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll

2012-02-02 00:36:22 5507968 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-02-02 00:36:21 3957120 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-02-02 00:36:20 3902336 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-02-01 23:43:18 1739160 ----a-w- C:\Windows\System32\ntdll.dll

2012-02-01 23:43:18 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll

2012-02-01 23:43:17 236032 ----a-w- C:\Windows\System32\srvsvc.dll

2012-02-01 23:43:16 9728 ----a-w- C:\Windows\SysWow64\sscore.dll

2012-02-01 23:40:21 77312 ----a-w- C:\Windows\System32\packager.dll

2012-02-01 23:40:21 67072 ----a-w- C:\Windows\SysWow64\packager.dll

2012-02-01 23:34:56 220672 ----a-w- C:\Windows\System32\wintrust.dll

2012-02-01 23:34:56 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-02-01 23:33:56 139264 ----a-w- C:\Windows\System32\cabview.dll

2012-02-01 23:33:56 132608 ----a-w- C:\Windows\SysWow64\cabview.dll

2012-02-01 02:01:50 -------- d-----w- C:\Users\Mimi\AppData\Local\Microsoft Games

2012-01-31 16:27:30 -------- d-----w- C:\Users\Mimi\AppData\Local\Diagnostics

2012-01-31 05:00:26 -------- d-----w- C:\Users\Mimi\AppData\Local\Seven Zip

2012-01-31 04:46:45 -------- d-----w- C:\Program Files (x86)\Foxit Software

2012-01-31 04:09:23 66904 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2012-01-31 04:09:23 591192 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2012-01-31 04:09:01 41184 ----a-w- C:\Windows\avastSS.scr

2012-01-31 04:08:52 -------- d-----w- C:\ProgramData\AVAST Software

2012-01-31 04:08:52 -------- d-----w- C:\Program Files\AVAST Software

2012-01-31 03:58:18 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-01-31 03:49:58 -------- d-----w- C:\Users\Mimi\AppData\Local\SRS Labs

2012-01-31 03:48:52 -------- d-----w- C:\Users\Mimi\AppData\Local\Power2Go

2012-01-31 03:48:48 -------- d-----w- C:\Users\Mimi\AppData\Local\VirtualStore

2012-01-31 03:45:56 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll

2012-01-31 03:45:56 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll

2012-01-31 03:45:13 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition

2012-01-31 03:44:34 -------- d-----w- C:\Program Files (x86)\Microsoft

2012-01-31 03:44:14 -------- d-----w- C:\Program Files (x86)\Windows Live SkyDrive

2012-01-31 03:43:28 4865408 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\7e7f4c881ccdfca\Silverlight.2.0.exe

2012-01-31 03:43:11 74520 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\747941201ccdfca\DSETUP.dll

2012-01-31 03:43:11 484632 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\747941201ccdfca\DXSETUP.exe

2012-01-31 03:43:11 1670936 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\747941201ccdfca\dsetup32.dll

2012-01-31 03:42:31 140779848 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\wlcE484.tmp

2012-01-31 03:42:23 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live

.

==================== Find3M ====================

.

2012-01-14 04:02:25 3143168 ----a-w- C:\Windows\System32\win32k.sys

2011-12-28 03:59:11 499200 ----a-w- C:\Windows\System32\drivers\afd.sys

2011-12-16 08:45:22 1197568 ----a-w- C:\Windows\System32\wininet.dll

2011-12-16 08:42:13 634368 ----a-w- C:\Windows\System32\msvcrt.dll

2011-12-16 08:41:26 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2011-12-16 08:02:26 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-12-16 07:59:17 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll

2011-12-16 07:58:33 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2011-12-16 07:26:35 482816 ----a-w- C:\Windows\System32\html.iec

2011-12-16 06:49:33 386048 ----a-w- C:\Windows\SysWow64\html.iec

2011-12-16 06:43:48 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-12-16 06:15:25 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

.

============= FINISH: 19:22:21.36 ===============

Will get back to you as soon as possible for further information or instructions. Thanks!

Attach.zip

Link to post
Share on other sites

Hi again, lets see what else may be hiding itself there. :)

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

Okay, here is the Combofix log.

ComboFix 12-02-23.01 - Mimi 02/24/2012 15:27:45.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4061.2624 [GMT -5:00]

Running from: c:\users\Mimi\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\FullRemove.exe

c:\programdata\Tarma Installer

c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.dat

c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat

D:\install.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-01-24 to 2012-02-24 )))))))))))))))))))))))))))))))

.

.

2012-02-24 20:36 . 2012-02-24 20:36 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-02-24 00:31 . 2012-02-24 00:31 -------- d-----w- c:\program files (x86)\7-Zip

2012-02-21 06:24 . 2012-01-17 09:39 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{656CFD5E-5460-423F-8CAA-EAF225E343B3}\mpengine.dll

2012-02-21 03:25 . 2012-02-21 03:25 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-02-21 03:24 . 2012-02-21 03:24 -------- d-----w- c:\program files (x86)\Java

2012-02-09 07:11 . 2012-02-09 07:11 -------- d-----w- c:\program files (x86)\IrfanView

2012-02-08 23:24 . 2011-10-22 03:46 189576 ----a-w- c:\windows\system32\drivers\EuFdDisk.sys

2012-02-08 23:24 . 2011-10-22 03:46 19592 ----a-w- c:\windows\system32\drivers\eudskacs.sys

2012-02-08 23:24 . 2011-10-22 03:46 44680 ----a-w- c:\windows\system32\drivers\eubakup.sys

2012-02-08 23:24 . 2011-10-22 03:46 50312 ----a-w- c:\windows\system32\drivers\EUBKMON.sys

2012-02-08 23:22 . 2011-10-22 03:47 25224 ----a-w- c:\windows\system32\fbnative.exe

2012-02-08 23:15 . 2011-09-07 22:06 3321728 ----a-w- c:\windows\system32\BootMan.exe

2012-02-08 23:15 . 2011-07-29 18:54 19840 ----a-w- c:\windows\SysWow64\EuEpmGdi.dll

2012-02-08 23:15 . 2011-07-29 18:54 16256 ----a-w- c:\windows\system32\EuEpmGdi.dll

2012-02-08 23:15 . 2011-09-09 23:23 2469760 ----a-w- c:\windows\SysWow64\BootMan.exe

2012-02-08 23:15 . 2011-07-29 18:54 9096 ----a-w- c:\windows\system32\EuGdiDrv.sys

2012-02-08 23:15 . 2011-07-29 18:54 86408 ----a-w- c:\windows\SysWow64\setupempdrv03.exe

2012-02-08 23:15 . 2011-07-29 18:54 8456 ----a-w- c:\windows\SysWow64\EuGdiDrv.sys

2012-02-08 23:15 . 2011-07-29 18:54 16776 ----a-w- c:\windows\system32\epmntdrv.sys

2012-02-08 23:15 . 2011-07-29 18:54 14216 ----a-w- c:\windows\SysWow64\epmntdrv.sys

2012-02-08 23:15 . 2011-07-29 18:54 100232 ----a-w- c:\windows\system32\setupempdrvx64.exe

2012-02-08 23:15 . 2012-02-08 23:22 -------- d-----w- c:\program files (x86)\EASEUS

2012-02-07 19:30 . 2012-02-07 20:33 -------- d-----w- c:\program files (x86)\PDFlite

2012-02-07 19:29 . 2012-02-07 19:31 -------- d-----w- c:\programdata\Yahoo!

2012-02-07 19:29 . 2012-02-07 19:31 -------- d-----w- c:\program files (x86)\Yahoo!

2012-02-04 04:18 . 2012-02-11 22:27 -------- d-----w- c:\program files (x86)\OpenOffice.org 3

2012-02-04 04:17 . 2012-02-21 03:24 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-02-02 05:59 . 2012-02-02 05:59 -------- d-----w- c:\windows\SysWow64\Wat

2012-02-02 05:59 . 2012-02-02 05:59 -------- d-----w- c:\windows\system32\Wat

2012-02-02 03:05 . 2009-10-10 03:17 14336 ----a-w- c:\windows\system32\drivers\sffp_sd.sys

2012-02-02 02:58 . 2009-11-25 17:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll

2012-02-02 02:58 . 2009-11-25 17:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll

2012-02-02 02:58 . 2009-11-25 17:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll

2012-02-02 02:58 . 2009-11-25 17:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe

2012-02-02 02:58 . 2009-11-25 17:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll

2012-02-02 02:58 . 2009-11-25 17:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2012-02-02 02:58 . 2009-11-25 17:47 48960 ----a-w- c:\windows\system32\netfxperf.dll

2012-02-02 02:58 . 2009-11-25 17:47 444752 ----a-w- c:\windows\system32\mscoree.dll

2012-02-02 02:58 . 2009-11-25 17:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe

2012-02-02 02:58 . 2009-11-25 17:47 1942856 ----a-w- c:\windows\system32\dfshim.dll

2012-02-02 01:25 . 2010-03-04 04:40 184832 ----a-w- c:\windows\system32\drivers\usbvideo.sys

2012-02-02 01:25 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys

2012-02-02 00:51 . 2011-04-27 02:57 102400 ----a-w- c:\windows\system32\drivers\dfsc.sys

2012-02-02 00:51 . 2011-08-15 05:08 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll

2012-02-02 00:51 . 2011-08-15 04:25 6144 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll

2012-02-02 00:51 . 2011-10-26 05:19 43520 ----a-w- c:\windows\system32\csrsrv.dll

2012-02-02 00:49 . 2010-11-02 05:18 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll

2012-02-02 00:48 . 2011-06-15 09:04 86016 ----a-w- c:\windows\SysWow64\odbccu32.dll

2012-02-02 00:46 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll

2012-02-02 00:46 . 2010-10-16 05:16 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll

2012-02-02 00:46 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll

2012-02-02 00:46 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll

2012-02-02 00:46 . 2010-10-16 05:16 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll

2012-02-02 00:46 . 2010-10-16 04:34 573440 ----a-w- c:\windows\SysWow64\odbc32.dll

2012-02-02 00:46 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll

2012-02-02 00:46 . 2010-10-16 04:33 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll

2012-02-02 00:46 . 2010-10-16 04:33 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll

2012-02-02 00:46 . 2010-10-16 04:33 208896 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll

2012-02-02 00:36 . 2011-06-23 05:29 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-02-02 00:36 . 2011-06-23 04:38 3957120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-02-02 00:36 . 2011-06-23 04:38 3902336 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-02-01 23:43 . 2011-11-17 07:14 1739160 ----a-w- c:\windows\system32\ntdll.dll

2012-02-01 23:43 . 2011-11-17 05:41 1292592 ----a-w- c:\windows\SysWow64\ntdll.dll

2012-02-01 23:43 . 2010-08-27 06:14 236032 ----a-w- c:\windows\system32\srvsvc.dll

2012-02-01 23:43 . 2010-08-27 05:46 9728 ----a-w- c:\windows\SysWow64\sscore.dll

2012-02-01 23:40 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll

2012-02-01 23:40 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll

2012-02-01 23:34 . 2009-12-29 08:03 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-02-01 23:34 . 2009-12-29 06:55 172032 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-02-01 23:33 . 2010-01-09 07:19 139264 ----a-w- c:\windows\system32\cabview.dll

2012-02-01 23:33 . 2010-01-09 06:52 132608 ----a-w- c:\windows\SysWow64\cabview.dll

2012-01-31 04:46 . 2012-01-31 04:46 -------- d-----w- c:\program files (x86)\Foxit Software

2012-01-31 04:09 . 2011-11-28 17:51 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-01-31 04:09 . 2011-11-28 17:53 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-01-31 04:09 . 2011-11-28 18:01 256960 ----a-w- c:\windows\system32\aswBoot.exe

2012-01-31 04:09 . 2011-11-28 17:54 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-01-31 04:09 . 2011-11-28 17:52 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2012-01-31 04:09 . 2011-11-28 17:52 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-01-31 04:09 . 2011-11-28 17:52 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-01-31 04:09 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr

2012-01-31 04:09 . 2011-11-28 18:01 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe

2012-01-31 04:08 . 2012-02-11 22:27 -------- d-----w- c:\programdata\AVAST Software

2012-01-31 04:08 . 2012-02-11 22:27 -------- d-----w- c:\program files\AVAST Software

2012-01-31 03:58 . 2012-01-29 10:10 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-01-31 03:46 . 2012-01-31 03:46 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework

2012-01-31 03:45 . 2006-11-29 18:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll

2012-01-31 03:45 . 2006-11-29 18:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll

2012-01-31 03:45 . 2012-01-31 03:45 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition

2012-01-31 03:44 . 2012-01-31 05:03 -------- d-----w- c:\program files (x86)\Microsoft

2012-01-31 03:44 . 2012-01-31 03:44 -------- d-----w- c:\program files (x86)\Windows Live SkyDrive

2012-01-31 03:43 . 2012-01-31 03:47 -------- d-----w- c:\program files (x86)\Windows Live

2012-01-31 03:42 . 2012-01-31 03:42 -------- d-----w- c:\program files (x86)\Common Files\Windows Live

2012-01-31 03:41 . 2012-01-31 03:49 -------- d-----w- C:\ASUS.DAT

2012-01-31 03:41 . 2012-02-21 03:06 -------- d-----w- c:\users\Mimi

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]

@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"

[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]

2007-06-02 01:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-08-17 6859392]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-08-20 170624]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]

"EaseUs Watch"="c:\program files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe" [2011-10-22 70792]

"EaseUs Tray"="c:\program files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe" [2011-10-22 743560]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

FancyStart daemon.lnk - c:\windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe [2010-2-18 12862]

SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-2-18 156880]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]

IME File REG_SZ IMSC12.IME

.

R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776]

R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [x]

S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [x]

S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]

S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

S2 EaseUS Agent;EaseUS Agent;c:\program files (x86)\EaseUS\Todo Backup\bin\Agent.exe [2011-10-22 60552]

S2 Guard Agent;Guard Agent;c:\program files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [2011-10-22 23176]

S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe [2009-09-15 44312]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]

S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]

@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"

[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]

2007-06-02 00:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]

@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"

[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]

2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]

@="{64174815-8D98-4CE6-8646-4C039977D808}"

[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]

2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"EeeStorageBackup"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2009-11-26 1732608]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-05 165912]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-05 387608]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-05 365592]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-28 16336488]

"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584]

"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-07-30 617856]

"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uStart Page = https://login.secureserver.net/index.php?app=wbe&domain=email.tomarkit.com

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 192.168.5.1 64.134.255.2 64.134.255.10

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd

Toolbar-Locked - (no file)

AddRemove-ASUS_UL_Series_Screensaver - c:\windows\system32\ASUS_UL_Series_Screensaver.scr

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe

c:\program files\ATKGFNEX\GFNEXSrv.exe

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe

c:\program files (x86)\ASUS\ATK Hotkey\Atouch64.exe

c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe

c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe

c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe

c:\program files (x86)\ASUS\ATK Hotkey\KBFiltr.exe

c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe

c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe

c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe

c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe

c:\windows\AsScrPro.exe

c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe

.

**************************************************************************

.

Completion time: 2012-02-24 15:44:24 - machine was rebooted

ComboFix-quarantined-files.txt 2012-02-24 20:44

.

Pre-Run: 48,515,694,592 bytes free

Post-Run: 47,882,342,400 bytes free

.

- - End Of File - - 9CFA2129CF93D04DD42929FCC5556574

I'm going to try to go to the desktop thread if my battery will last long enough. I forgot to charge it after last night.

Link to post
Share on other sites

That looks excellent! Do you have any problem left?

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

  • Download the latest version of Java Runtime Environment (JRE) Version 7u3.
  • Look for "JDK 7u3 (JDK or JRE).
  • Click the "Download JRE" button at the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Select "Windows x86 Offline" and click on jre-7-windows-i586.exe

    [*]Save it to your desktop

    [*]Close any programs you may have running - especially your web browser.

    [*]Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).

    [*]Reboot your computer once all Java components are removed.

    [*]Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.

MALWAREBYTES ANTIMALWARE

-------------------------------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.

alternate download link 1

alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware

    [*]Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.

  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.

On the Scanner tab:

  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.

Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Link to post
Share on other sites

Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).

Sorry for the newbie questions, but how do you "uninstall" older versions of Java if nothing appears in Programs in the Control Panel? Should I just delete the progra folder? And what happens if I install a program that includes an older version of Java? Will that create any problems with the Java I'm going to install now? Thanks. I'll take care of this part before going on to the next part of your post.

Link to post
Share on other sites

Then just leave it alone. The Java installer will uninstall more recent older versions anyway. :)

If you install a program that can run with an older version it will automatically detect you have a newer version installed and not install the older version.

I'll wait for the MBAM log.

Link to post
Share on other sites

I am so happy to finally be online in my own house. Good news after the 3.5 hour Malwarebytes scan. Here it is.

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.02.28.01

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

Mimi :: MIMI-ASUS [administrator]

2/27/2012 8:28:53 PM

mbam-log-2012-02-27 (20-28-53).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 881692

Time elapsed: 3 hour(s), 32 minute(s), 8 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

**************************

Do you have any further suggestions or instructions for me? I am so appreciative of your time and effort in successfully saving me from having to lose my laptop for who knows how long while Asus installed an unnecessary new hard drive!

Link to post
Share on other sites

I'm glad to hear things are working fine now! :)

Lets do one last scan before calling it clean.

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on this link to open ESET OnlineScan in a new window.
  2. Click the esetonlinebtn.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetsmartinstaller_enu.png
      icon on your desktop.

    3. Check "YES, I accept the Terms of Use."
    4. Click the Start button.
    5. Accept any security warnings from your browser.
    6. Under scan settings, check "Scan Archives" and "Remove found threats"
    7. Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology

[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

[*]When the scan completes, click List Threats

[*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

[*]Click the Back button.

[*]Click the Finish button.

Link to post
Share on other sites

The light at the end of the tunnel!

Here is the report you requested. It looks as though a lot of the identified threats are due to things included in downloads from cnet, which I thought was supposed to be "safe." I was also surprised to note that multiple threats were identified in \Sun\Java\Deployment\cache\6.0\. Isn't that what I just downloaded for my desktop (but didn't install due to an older version in OpenOfficeOrg). I'm wondering how there could be a threat in a Java file.

How does the list look to you?

Link to post
Share on other sites

Sorry, but I don't see the log. :) However from your description no need to either. The cache objects you mention do not belong to Java itself, but rather to sites that use Java (compare it with cookies). Not all CNET downloads are recommended; while you won't find outright malware there some apps that are considered adware/undesirable can be downloaded there. However none of them is outright malicious.

ALL CLEAN

--------------

Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :)

Please do the following to remove the remaining programs from your PC:

  • Delete the tools used during the disinfection:
    • Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.

Please read these advices, in order to prevent reinfecting your PC:

  1. Install and update the following programs regularly:
    • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.

[*]Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

[*]Keep your other software up to date as well

Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

[*]Stay up to date!

The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

Link to post
Share on other sites

  • 2 weeks later...

Finally. I read through everything associated with the four steps you gave. I have already been doing everything except the outbound firewall. I will choose one of those, hopefully shortly. I still need to read the pages associated with the "more links" you listed, which I plan to do during my trip the next two weeks.

Thank you so much for your help, particularly in saving me from having to have my hard drive replaced and possibly not having my laptop back in time for this trip. That would have been a disaster indeed. As I mentioned earlier, you are a genius!

Link to post
Share on other sites

Okay, maybe I spoke too soon about the "all clear." When I just connected to the internet, Avast gave me a popup notice that it couldn't download the virus definitions. I also couldn't update the program version. I then tried checking the real-time shields and couldn't even get the program to switch to the applicable screen to show me whether or not the shields were working.

Do you think another "baddie" got through? I'm afraid to even connect to the internet since it seems I don't have real-time protection. I ran a scan but no threats were found. (sigh)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.