Jump to content

snap.do help please..

erkiderki

By erkiderki
in Resolved Malware Removal Logs

 Share

Recommended Posts

erkiderki

erkiderki

Posted
Posted

Hi!

So . I've been infected by the snap.do virus/malware.. I'm not that good with this type of stuff, so I would really appreciate all the help I can get removing this from my computer. I installed the Malwarebytes Anti-Malware software, but it didn't find anything. I've followed the "what do I do now" steps and have created the logs as requested, here they come:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Erkan at 20:55:57 on 2012-09-28

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.5609.3297 [GMT 2:00]

.

AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\SysWOW64\ezSharedSvcHost.exe

C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe

C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe

C:\Users\Erkan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Users\Erkan\AppData\Local\Smartbar\Application\SnapDo.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_278_ActiveX.exe

C:\Windows\system32\AUDIODG.EXE

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=SE&userid=2d7c0481-c9b1-44c6-957a-f25010775633&searchtype=hp

uSearch Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=SE&userid=2d7c0481-c9b1-44c6-957a-f25010775633&searchtype=ds&q={searchTerms}

uSearch Bar = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=SE&userid=2d7c0481-c9b1-44c6-957a-f25010775633&searchtype=ds&q={searchTerms}

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=SE&userid=2d7c0481-c9b1-44c6-957a-f25010775633&searchtype=ds&q={searchTerms}

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Snap.DoEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} - mscoree.dll

BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll

BHO: SteadyVideoBHO Class: {6c680bae-655c-4e3d-8fc4-e6a520c3d928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll

BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\IPS\IPSBHO.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\coIEPlg.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll"

TB: Snap.Do: {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [spotify] "C:\Users\Erkan\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [spotify Web Helper] "C:\Users\Erkan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

uRun: [browser Infrastructure Helper] C:\Users\Erkan\AppData\Local\Smartbar\Application\SnapDo.exe startup

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"

mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{E932B4D7-D0FC-490F-AE53-CC0FE35DAB1C} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{F74BA875-3BB6-485B-A890-2D8F60B42804} : DhcpNameServer = 40.22.1.201 40.22.1.202

Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll

Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL

mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}

{31ad400d-1b06-4e33-a59a-90c2c140cba0}

{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}

{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}

{6D53EC84-6AAE-4787-AEEE-F4628F01010C}

{9030D464-4C02-4ABF-8ECC-5164760863C6}

{d2ce3e00-f94a-4740-988e-03dc2f38c34f}

{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}

{8dcb7100-df86-4384-8842-8fa844297b3f}

{ae07101b-46d4-4a98-af68-0333ea26e113}

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"

mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

mRun-x64: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

SEH-X64: {E54729E8-BB3D-4270-9D49-7389EA579090}: EasyBits Security Shield Hook - prevents launching insecure programs by kids

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Erkan\AppData\Roaming\Mozilla\Firefox\Profiles\ht2knug6.default\

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll

.

============= SERVICES / DRIVERS ===============

.

R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]

R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-9-28 361984]

R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe [2011-10-22 514232]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-10 86072]

R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-17 682040]

R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-9-13 227896]

R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-7-11 26680]

R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-3-20 2413056]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-28 399432]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-28 676936]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccsvchst.exe [2012-8-22 138272]

R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]

R3 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120919.001\BHDrvx64.sys [2012-9-20 1385120]

R3 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys [?]

R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-21 138912]

R3 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120927.001\IDSviA64.sys [2012-9-28 513184]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\system32\DRIVERS\rtl8192Ce.sys --> C:\Windows\system32\DRIVERS\rtl8192Ce.sys [?]

R3 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1308000.00E\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1308000.00E\SYMDS64.SYS [?]

R3 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1308000.00E\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1308000.00E\SYMEFA64.SYS [?]

R3 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS [?]

R3 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1308000.00E\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1308000.00E\SYMNETS.SYS [?]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]

S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-9-27 250288]

S3 ffusb2audio;Focusrite USB 2.0 Audio Driver;C:\Windows\system32\DRIVERS\ffusb2audio.sys --> C:\Windows\system32\DRIVERS\ffusb2audio.sys [?]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-9-27 114144]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]

.

=============== Created Last 30 ================

.

2012-09-28 08:22:47 -------- d-----w- C:\Users\Erkan\AppData\Roaming\Malwarebytes

2012-09-28 08:22:23 -------- d-----w- C:\ProgramData\Malwarebytes

2012-09-28 08:22:21 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-09-28 08:22:21 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-09-28 08:01:19 -------- d-----w- C:\Users\Erkan\AppData\Local\{691B8C4B-09B0-48D9-8BEF-30BA8AB4604A}

2012-09-27 20:00:54 -------- d-----w- C:\Users\Erkan\AppData\Local\{008F5218-915C-4206-B5B4-294105D588A6}

2012-09-27 19:45:25 -------- d-----w- C:\Users\Erkan\AppData\Local\Macromedia

2012-09-27 19:45:08 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-09-27 19:14:25 -------- d-----w- C:\erkan

2012-09-27 08:00:29 -------- d-----w- C:\Users\Erkan\AppData\Local\{B01197A7-197D-49D2-9BFF-7E977F3BC3C2}

2012-09-26 20:00:04 -------- d-----w- C:\Users\Erkan\AppData\Local\{01AC6D92-CC34-4926-B028-790E312AB874}

2012-09-26 07:59:39 -------- d-----w- C:\Users\Erkan\AppData\Local\{5B32F6EB-33A9-4919-8577-9ED476D0E313}

2012-09-26 07:11:44 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe

2012-09-25 19:59:15 -------- d-----w- C:\Users\Erkan\AppData\Local\{6FCE0456-CEC9-4580-B4FF-EEAF628EA2B7}

2012-09-25 07:58:50 -------- d-----w- C:\Users\Erkan\AppData\Local\{3C8C78DE-59E6-4CBD-90CF-7B1D289DA67F}

2012-09-24 19:37:04 -------- d-----w- C:\Users\Erkan\AppData\Local\{B5AFC710-09DB-4B98-BC4F-C28F1622AD5B}

2012-09-24 07:36:39 -------- d-----w- C:\Users\Erkan\AppData\Local\{A15859F2-E76B-4846-86D3-12C6ABC12AD1}

2012-09-23 07:36:00 -------- d-----w- C:\Users\Erkan\AppData\Local\{B5B34DAD-1C5A-4FA5-A98A-DE99C0E26618}

2012-09-21 14:43:36 -------- d-----w- C:\Users\Erkan\AppData\Local\{27FBAF66-9144-4381-AA9F-FCE80FC7DCF4}

2012-09-21 02:43:11 -------- d-----w- C:\Users\Erkan\AppData\Local\{93B5366E-0407-435C-94CA-3EDA765F2D1B}

2012-09-20 13:15:14 -------- d-----w- C:\Users\Erkan\AppData\Local\{23AF66C2-7BBB-4AF7-A190-B143C1E6FC0A}

2012-09-19 15:39:12 -------- d-----w- C:\Users\Erkan\AppData\Local\{2EA2C5D0-8780-48E2-876C-184BBF669E8E}

2012-09-19 03:30:33 -------- d-----w- C:\Users\Erkan\AppData\Local\{AABF62A2-FA6E-4123-B449-C7B21497871D}

2012-09-18 15:15:07 -------- d-----w- C:\Users\Erkan\AppData\Local\{77F6EEE3-B952-401C-A528-FFE9C7B85A86}

2012-09-18 03:14:43 -------- d-----w- C:\Users\Erkan\AppData\Local\{58AB08BD-0105-4796-BD2E-B8AE0ED2A399}

2012-09-17 13:30:24 -------- d-----w- C:\Users\Erkan\AppData\Local\{97CC6DB5-71D3-4106-B0ED-8641A34CA9BA}

2012-09-16 11:20:01 -------- d-----w- C:\Users\Erkan\AppData\Local\{BCF79DC6-4EB0-4AB1-9167-F106F3D34EFB}

2012-09-15 21:08:50 -------- d-----w- C:\Users\Erkan\AppData\Local\{F0934BB2-A494-49CD-952C-EC073616225F}

2012-09-15 21:00:39 -------- d-----w- C:\Users\Erkan\AppData\Local\{F4ED4DC4-4737-4B51-AD44-28A60E934215}

2012-09-14 08:08:16 -------- d-----w- C:\Users\Erkan\AppData\Local\{8732674C-2983-4514-8E41-2B2529F497D4}

2012-09-13 20:07:51 -------- d-----w- C:\Users\Erkan\AppData\Local\{0F395037-9EBC-4E28-92C4-F95136E4871D}

2012-09-12 20:07:15 -------- d-----w- C:\Users\Erkan\AppData\Local\{5696C7A5-6A61-4518-9200-3405A8EC4898}

2012-09-12 08:37:31 -------- d-----w- C:\Users\Erkan\AppData\Local\Apple Computer

2012-09-12 08:37:06 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys

2012-09-12 08:37:06 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll

2012-09-12 08:37:06 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll

2012-09-12 08:36:21 -------- d-----w- C:\Program Files\iPod

2012-09-12 08:36:20 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}

2012-09-12 08:36:20 -------- d-----w- C:\Program Files\iTunes

2012-09-12 08:36:20 -------- d-----w- C:\Program Files (x86)\iTunes

2012-09-12 08:35:31 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2012-09-12 08:35:31 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2012-09-12 08:35:31 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2012-09-12 08:35:31 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2012-09-12 08:35:31 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2012-09-12 08:35:31 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2012-09-12 08:35:31 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2012-09-12 08:18:08 -------- d-----w- C:\Users\Erkan\AppData\Local\Apple

2012-09-12 08:17:22 -------- d-----w- C:\Program Files\Bonjour

2012-09-12 08:17:22 -------- d-----w- C:\Program Files (x86)\Bonjour

2012-09-12 08:12:33 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys

2012-09-12 08:12:33 574464 ----a-w- C:\Windows\System32\d3d10level9.dll

2012-09-12 08:12:33 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll

2012-09-12 08:12:33 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys

2012-09-12 08:12:32 376688 ----a-w- C:\Windows\System32\drivers\netio.sys

2012-09-12 08:12:32 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2012-09-12 08:12:32 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-09-12 08:06:51 -------- d-----w- C:\Users\Erkan\AppData\Local\{352C62C6-A525-4AD5-96BA-C7C5FE95B015}

2012-09-11 19:30:33 -------- d-----w- C:\Users\Erkan\AppData\Local\{08626293-9CE1-4989-AD52-17136720BD60}

2012-09-11 07:30:08 -------- d-----w- C:\Users\Erkan\AppData\Local\{58C5CF69-8407-4A01-A653-807812B5F14D}

2012-09-10 18:44:43 -------- d-----w- C:\Users\Erkan\AppData\Local\{C482397E-A111-472F-B8BE-8E7BAC285180}

2012-09-09 08:48:08 -------- d-----w- C:\Users\Erkan\AppData\Local\{CDBA50E7-C3E5-4086-80FB-4091EC4B85EA}

2012-09-08 08:17:58 -------- d-----w- C:\Users\Erkan\AppData\Local\{F645517B-B730-4930-97B8-44C65195E866}

2012-09-07 16:14:18 -------- d-----w- C:\Users\Erkan\AppData\Local\{1F534498-09C6-4AE3-82AF-E46BDED85A51}

2012-09-07 03:39:04 -------- d-----w- C:\Users\Erkan\AppData\Local\{643A4EDC-BE39-4CC2-B765-2B60F0905080}

2012-09-06 21:23:49 -------- d-----w- C:\Users\Erkan\AppData\Local\eLicenser

2012-09-06 15:22:14 -------- d-----w- C:\Users\Erkan\AppData\Local\{60D38C72-D7C0-4F62-96BF-D709335258D1}

2012-09-06 03:21:48 -------- d-----w- C:\Users\Erkan\AppData\Local\{3C54A561-AAA5-4AC6-9ABF-19776E608ABE}

2012-09-05 14:41:41 -------- d-----w- C:\Users\Erkan\AppData\Local\{F3C78A15-1044-41E3-80B9-4BB045E539F4}

2012-09-04 15:25:51 -------- d-----w- C:\Users\Erkan\AppData\Local\{D0F7593A-60D8-4E1F-8D7B-D7794F39490C}

2012-09-04 03:25:26 -------- d-----w- C:\Users\Erkan\AppData\Local\{6415CB7E-A9F8-4882-A467-F4CB6141D0E5}

2012-09-03 15:07:39 -------- d-----w- C:\Users\Erkan\AppData\Local\{699BB2E3-0632-41BD-8EE4-4ECA6FF99840}

2012-09-02 20:29:45 -------- d-----w- C:\Users\Erkan\AppData\Local\{A37BF657-856C-41A3-9FDC-751E23C6B99A}

2012-09-01 20:29:04 -------- d-----w- C:\Users\Erkan\AppData\Local\{8E80A910-31F6-46F9-B91D-69FE54E1A5F7}

2012-09-01 13:18:51 -------- d-----w- C:\Users\Erkan\AppData\Local\Steinberg

2012-09-01 13:18:51 -------- d-----w- C:\temp

2012-09-01 13:17:19 -------- d-----w- C:\Users\Erkan\AppData\Roaming\Steinberg

2012-09-01 13:16:59 2892 ----a-w- C:\Windows\SysWow64\audcon.sys

2012-09-01 13:16:58 -------- d-----w- C:\ProgramData\Syncrosoft

2012-09-01 13:15:22 1708544 ----a-w- C:\Windows\System32\synsoacc.dll

2012-09-01 13:15:22 -------- d-----w- C:\ProgramData\eLicenser

2012-09-01 13:15:22 -------- d-----w- C:\Program Files (x86)\Syncrosoft

2012-09-01 13:15:22 -------- d-----w- C:\Program Files (x86)\eLicenser

2012-09-01 13:15:18 1277952 ----a-w- C:\Windows\SysWow64\SYNSOACC.dll

2012-09-01 13:15:16 86016 ----a-w- C:\Windows\SysWow64\SYNSOPOS.exe

2012-09-01 13:15:13 -------- d-----w- C:\Program Files (x86)\Steinberg

2012-08-31 19:38:12 -------- d-----w- C:\Users\Erkan\AppData\Local\{F059AE91-B8F8-4DF7-BDF8-F286FE97B969}

2012-08-31 07:37:48 -------- d-----w- C:\Users\Erkan\AppData\Local\{CB21EB5C-D18A-4A9B-AEF3-F14632C75599}

2012-08-30 19:37:23 -------- d-----w- C:\Users\Erkan\AppData\Local\{7B91C1F6-7D82-4354-A55E-60A70B122DB9}

2012-08-30 07:36:31 -------- d-----w- C:\Users\Erkan\AppData\Local\{5244FCD6-3134-4173-BB0D-1F92C3A48486}

2012-08-29 19:21:00 -------- d-----w- C:\Users\Erkan\AppData\Local\{28200B60-0840-4528-9F63-4F09163172FE}

.

==================== Find3M ====================

.

2012-09-27 20:21:22 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-26 15:41:36 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys

2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-08-22 13:35:20 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS

2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-06 02:17:58 37536 ----a-w- C:\Windows\System32\drivers\NISx64\1308000.00E\srtspx64.sys

2012-07-06 02:17:57 737952 ----a-w- C:\Windows\System32\drivers\NISx64\1308000.00E\srtsp64.sys

2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll

2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll

2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll

.

============= FINISH: 20:56:30,69 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 2012-08-21 17:03:59

System Uptime: 2012-09-28 18:42:03 (2 hours ago)

.

Motherboard: Hewlett-Packard | | 3567

Processor: AMD A6-3420M APU with Radeon HD Graphics | Socket FS1 | 1500/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 671 GiB total, 596,482 GiB free.

D: is FIXED (NTFS) - 24 GiB total, 2,49 GiB free.

E: is FIXED (FAT32) - 4 GiB total, 1,079 GiB free.

F: is CDROM ()

G: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP10: 2012-09-01 15:15:35 - Installation av enhetsdrivrutinspaket: Steinberg Media Technologies GmbH

RP11: 2012-09-09 04:24:13 - Schemalagd kontrollpunkt

RP12: 2012-09-12 10:18:16 - Installed iTunes

RP13: 2012-09-12 11:22:38 - Windows Update

RP14: 2012-09-22 02:00:29 - Schemalagd kontrollpunkt

RP15: 2012-09-23 03:00:12 - Windows Update

RP16: 2012-09-26 11:24:23 - Windows Update

.

==== Installed Programs ======================

.

ActiveX-kontroll för fjärranslutningar för Windows Live Mesh

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.0) MUI

Adobe Shockwave Player 11.6

AMD System Monitor

AMD VISION Engine Control Center

Apple Application Support

Apple Software Update

Bejeweled 3

Bing Bar

Blackhawk Striker 2

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Chuzzle Deluxe

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Cradle of Rome 2

CyberLink YouCam

D3DX10

DAEMON Tools Lite

Dora's World Adventure

eLicenser Control

ESU for Microsoft Windows 7 SP1

Evernote v. 4.2.3

Farm Frenzy

Farmscapes

FATE

Final Drive Fury

Hewlett-Packard ACLM.NET v1.1.2.0

Hoyle Card Games

HP Customer Experience Enhancements

HP Documentation

HP Games

HP On Screen Display

HP Power Manager

HP Quick Launch

HP QuickWeb

HP Recovery Manager

HP Setup

HP Setup Manager

HP Software Framework

HP Support Assistant

IDT Audio

Jewel Match 3

Jewel Quest Mysteries: The Seventh Gate Collector's Edition

John Deere Drive Green

Junk Mail filter update

Letters from Nowhere 2

Luxor HD

Magic Desktop

Mah Jong Medley

Malwarebytes Anti-Malware version 1.65.0.1400

Mesh Runtime

Microsoft Office 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Mozilla Firefox 15.0.1 (x86 sv-SE)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

Norton Internet Security

opensource

Penguins!

Plants vs. Zombies - Game of the Year

Poker Superstars III

Polar Bowler

Polar Golfer

QuickTime

Realtek Ethernet Controller Driver

Realtek PCIE Card Reader

REALTEK Wireless LAN Driver

RollerCoaster Tycoon 3: Platinum

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Skype™ 5.10

Snap.Do

Spotify

Steinberg Magneto VST v1.5

Svenska Spels Poker

swMSM

The Treasures of Mystery Island: The Ghost Ship

Torchlight

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update Installer for WildTangent Games App

WaveLab LE 7

WildTangent Games App (HP Games)

Windows Live Communications Platform

Windows Live Essentials

Windows Live Fotogalleri

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger

Windows Live Mesh ActiveX-objekt til fjernforbindelser

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Meshin etäyhteyksien ActiveX-komponentti

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Liven asennustyökalu

Windows Liven sähköposti

Windows Liven valokuvavalikoima

Virtual Villagers 4 - The Tree of Life

VLC media player 2.0.3

Zuma's Revenge

.

==== End Of File ===========================

Many thanks in advance!

// Erki

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Hello Erki and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

aswMBR2-1.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

aswMBR2.png

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • aswMBR log

Link to post
Share on other sites
erkiderki

erkiderki

Posted
  • Author
Posted

Thanks alot .. here' the logs you requested:

Malwarebytes Anti-Malware (Trial) 1.65.0.1400

www.malwarebytes.org

Database version: v2012.09.28.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Erkan :: KING [administrator]

Protection: Enabled

2012-09-28 21:54:58

mbam-log-2012-09-28 (21-54-58).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 197557

Time elapsed: 1 minute(s), 4 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-09-28 21:58:06

-----------------------------

21:58:06.474 OS Version: Windows x64 6.1.7601 Service Pack 1

21:58:06.474 Number of processors: 4 586 0x100

21:58:06.475 ComputerName: KING UserName:

21:58:10.550 Initialize success

21:58:48.710 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006e

21:58:48.714 Disk 0 Vendor: Hitachi_ JE4O Size: 715404MB BusType: 11

21:58:48.729 Disk 0 MBR read successfully

21:58:48.735 Disk 0 MBR scan

21:58:48.740 Disk 0 Windows 7 default MBR code

21:58:48.748 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048

21:58:48.765 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 686698 MB offset 409600

21:58:48.795 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 24443 MB offset 1406767104

21:58:48.812 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 4062 MB offset 1456826368

21:58:48.841 Disk 0 scanning C:\Windows\system32\drivers

21:58:56.781 Service scanning

21:59:20.979 Modules scanning

21:59:20.997 Disk 0 trace - called modules:

21:59:21.085 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys

21:59:21.099 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80060b5790]

21:59:21.110 3 CLASSPNP.SYS[fffff880018de43f] -> nt!IofCallDriver -> [0xfffffa8005c8cac0]

21:59:21.117 5 amd_xata.sys[fffff88001067b3f] -> nt!IofCallDriver -> \Device\0000006e[0xfffffa8005c887e0]

21:59:21.123 Scan finished successfully

22:00:50.523 Disk 0 MBR has been saved successfully to "C:\Users\Erkan\Documents\MBR.dat"

22:00:50.532 The log file has been saved successfully to "C:\Users\Erkan\Documents\aswMBR.txt"

Thanks again!

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Good! :)

Note: Please do not run this tool without special supervision and instruction of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites
LDTate

LDTate

Posted
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.