Nade Posted April 18, 2013 ID:671115 Share Posted April 18, 2013 Hi people I just scanned my conputer with both Avira and Malware Antibutes and I found this pum.userwload trojan.agentNow, I might have done a mistake since I chose Malware to delete it but it wanted to restart to I chose No, I still havent restarted my conputer. here is the scan result from Avira.Any help would be great, and I thank you in advance!Avira Free AntivirusReport file date: четврток, 18 април 2013 08:18The program is running as an unrestricted full version.Online services are available.Licensee : Avira Free AntivirusSerial number : 0000149996-ADJIE-0000001Platform : Windows 7 UltimateWindows version : (Service Pack 1) [6.1.7601]Boot mode : Normally bootedUsername : NadeComputer name : NADE-PCVersion information:BUILD.DAT : 13.0.0.3499 Bytes 19.03.2013 16:37:00AVSCAN.EXE : 13.6.0.986 639712 Bytes 28.03.2013 05:01:57AVSCANRC.DLL : 13.4.0.360 54560 Bytes 29.11.2012 08:30:16LUKE.DLL : 13.6.0.902 67808 Bytes 28.03.2013 05:02:06AVSCPLR.DLL : 13.6.0.986 94944 Bytes 19.03.2013 18:24:42AVREG.DLL : 13.6.0.940 250592 Bytes 19.03.2013 18:24:42avlode.dll : 13.6.2.940 434912 Bytes 28.03.2013 05:01:56avlode.rdf : 13.0.0.46 15591 Bytes 28.03.2013 14:15:47VBASE000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 11:33:49VBASE001.VDF : 7.11.70.1 2048 Bytes 04.04.2013 11:33:49VBASE002.VDF : 7.11.70.2 2048 Bytes 04.04.2013 11:33:49VBASE003.VDF : 7.11.70.3 2048 Bytes 04.04.2013 11:33:50VBASE004.VDF : 7.11.70.4 2048 Bytes 04.04.2013 11:33:50VBASE005.VDF : 7.11.70.5 2048 Bytes 04.04.2013 11:33:50VBASE006.VDF : 7.11.70.6 2048 Bytes 04.04.2013 11:33:50VBASE007.VDF : 7.11.70.7 2048 Bytes 04.04.2013 11:33:50VBASE008.VDF : 7.11.70.8 2048 Bytes 04.04.2013 11:33:50VBASE009.VDF : 7.11.70.9 2048 Bytes 04.04.2013 11:33:51VBASE010.VDF : 7.11.70.10 2048 Bytes 04.04.2013 11:33:51VBASE011.VDF : 7.11.70.11 2048 Bytes 04.04.2013 11:33:51VBASE012.VDF : 7.11.70.12 2048 Bytes 04.04.2013 11:33:51VBASE013.VDF : 7.11.70.13 2048 Bytes 04.04.2013 11:33:51VBASE014.VDF : 7.11.70.103 136192 Bytes 05.04.2013 12:31:09VBASE015.VDF : 7.11.70.183 183808 Bytes 06.04.2013 17:31:42VBASE016.VDF : 7.11.71.9 145920 Bytes 08.04.2013 11:04:27VBASE017.VDF : 7.11.71.115 169472 Bytes 10.04.2013 05:29:39VBASE018.VDF : 7.11.71.197 172544 Bytes 11.04.2013 13:40:36VBASE019.VDF : 7.11.72.17 135168 Bytes 12.04.2013 12:00:29VBASE020.VDF : 7.11.72.103 158208 Bytes 15.04.2013 05:15:11VBASE021.VDF : 7.11.72.137 152064 Bytes 15.04.2013 12:11:35VBASE022.VDF : 7.11.72.223 159232 Bytes 16.04.2013 12:40:34VBASE023.VDF : 7.11.72.224 2048 Bytes 16.04.2013 12:40:34VBASE024.VDF : 7.11.72.225 2048 Bytes 16.04.2013 12:40:34VBASE025.VDF : 7.11.72.226 2048 Bytes 16.04.2013 12:40:34VBASE026.VDF : 7.11.72.227 2048 Bytes 16.04.2013 12:40:35VBASE027.VDF : 7.11.72.228 2048 Bytes 16.04.2013 12:40:35VBASE028.VDF : 7.11.72.229 2048 Bytes 16.04.2013 12:40:35VBASE029.VDF : 7.11.72.230 2048 Bytes 16.04.2013 12:40:35VBASE030.VDF : 7.11.72.231 2048 Bytes 16.04.2013 12:40:35VBASE031.VDF : 7.11.73.34 110592 Bytes 17.04.2013 14:09:03Engine version : 8.2.12.28AEVDF.DLL : 8.1.2.10 102772 Bytes 19.09.2012 13:42:55AESCRIPT.DLL : 8.1.4.106 483709 Bytes 11.04.2013 13:40:57AESCN.DLL : 8.1.10.4 131446 Bytes 26.03.2013 20:32:47AESBX.DLL : 8.2.5.12 606578 Bytes 28.08.2012 15:58:06AERDL.DLL : 8.2.0.88 643444 Bytes 10.01.2013 18:21:42AEPACK.DLL : 8.3.2.6 827767 Bytes 28.03.2013 14:15:46AEOFFICE.DLL : 8.1.2.56 205180 Bytes 08.03.2013 12:42:00AEHEUR.DLL : 8.1.4.286 5845369 Bytes 11.04.2013 13:40:56AEHELP.DLL : 8.1.25.2 258423 Bytes 12.10.2012 14:52:32AEGEN.DLL : 8.1.7.2 442741 Bytes 26.03.2013 20:32:44AEEXP.DLL : 8.4.0.20 192886 Bytes 15.04.2013 12:11:36AEEMU.DLL : 8.1.3.2 393587 Bytes 19.09.2012 13:42:55AECORE.DLL : 8.1.31.2 201080 Bytes 19.02.2013 13:32:56AEBB.DLL : 8.1.1.4 53619 Bytes 05.11.2012 14:00:38AVWINLL.DLL : 13.6.0.480 26480 Bytes 12.02.2013 13:10:26AVPREF.DLL : 13.6.0.480 51056 Bytes 12.02.2013 13:10:29AVREP.DLL : 13.6.0.480 178544 Bytes 05.02.2013 15:01:33AVARKT.DLL : 13.6.0.902 260832 Bytes 28.03.2013 05:01:54AVEVTLOG.DLL : 13.6.0.902 167648 Bytes 28.03.2013 05:01:55SQLITE3.DLL : 3.7.0.1 397088 Bytes 19.09.2012 17:17:40AVSMTP.DLL : 13.6.0.480 62832 Bytes 12.02.2013 13:10:30NETNT.DLL : 13.6.0.480 16240 Bytes 12.02.2013 13:10:40RCIMAGE.DLL : 13.4.0.360 4782880 Bytes 28.11.2012 14:09:40RCTEXT.DLL : 13.6.0.976 67296 Bytes 28.03.2013 05:01:52Configuration settings for the scan:Jobname.............................: ShlExtConfiguration file..................: C:\Users\Nade\AppData\Local\Temp\bd693856.avpReporting...........................: defaultPrimary action......................: InteractiveSecondary action....................: IgnoreScan master boot sector.............: onScan boot sector....................: onBoot sectors........................: C:,Process scan........................: offScan registry.......................: offSearch for rootkits.................: offIntegrity checking of system files..: offScan all files......................: Intelligent file selectionScan archives.......................: onLimit recursion depth...............: 20Smart extensions....................: onMacrovirus heuristic................: onFile heuristic......................: extendedStart of the scan: четврток, 18 април 2013 08:18Starting the file scan:Begin scan in 'C:\'C:\Users\Nade\AppData\Local\Temp\ccwaaa.exe [DETECTION] Is the TR/Gamarue.AP TrojanBeginning disinfection:C:\Users\Nade\AppData\Local\Temp\ccwaaa.exe [DETECTION] Is the TR/Gamarue.AP Trojan [NOTE] The file was moved to the quarantine directory under the name '567e3b13.qua'!End of the scan: четврток, 18 април 2013 09:05Used time: 46:34 Minute(s)The scan has been done completely. 19072 Scanned directories 1087751 Files were scanned 1 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 Files were deleted 0 Viruses and unwanted programs were repaired 1 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 1087750 Files not concerned 5693 Archives were scanned 0 Warnings 1 Notes Link to post Share on other sites More sharing options...
Larusso Posted April 18, 2013 ID:671146 Share Posted April 18, 2013 My name is Daniel and I will be assisting you with your Malware related problems. Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding. I am currently visiting an evening school and working nightshift only which might be evening for you. In this time I am mostly online with my mobile devices and won't be able to reply.Please reboot your PC if not done yet.Please post the most recent Malwarebytes LogfileLaunch Malwarebytes --> Logs --> click on the last Logfile. A notepad Window will appear. Copy/Paste its content here in your topic.Download DDS and save it to your desktop from here.Double click DDS to run the tool and press StartDon't change any stettings without instructionWhen done, DDS will save two (2) logs to your desktop: DDS.txt Attach.txt[*].Please post them in your next reply Link to post Share on other sites More sharing options...
Nade Posted April 18, 2013 Author ID:671154 Share Posted April 18, 2013 Hi, here is today`s log of MalwarebytesMalwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.orgDatabase version: v2013.04.18.04Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421Nade :: NADE-PC [administrator]18.04.2013 08:08:27mbam-log-2013-04-18 (08-08-27).txtScan type: Full scan (C:\|D:\|)Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 318466Time elapsed: 33 minute(s), 14 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 1HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Data: C:\Users\Nade\LOCALS~1\Temp\ccwaaa.exe -> Delete on reboot.Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 1C:\Users\Nade\AppData\Local\Temp\00026bad.exe (Trojan.Agent.RVGen5) -> Quarantined and deleted successfully.(end) Link to post Share on other sites More sharing options...
Nade Posted April 18, 2013 Author ID:671155 Share Posted April 18, 2013 Daniel, I`ve read everything, and I am sending you the logs. p.s. thank you for the help! .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 UltimateBoot Device: \Device\HarddiskVolume1Install Date: 21.12.2012 12:34:02System Uptime: 18.04.2013 12:55:18 (1 hours ago).Motherboard: ASUSTeK COMPUTER INC. | | X55VDProcessor: Intel® Core i3-2328M CPU @ 2.20GHz | SOCKET 0 | 2200/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 231 GiB total, 191,981 GiB free.D: is FIXED (NTFS) - 235 GiB total, 233,163 GiB free.E: is CDROM ().==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP17: 04.03.2013 19:13:58 - Sony Ericsson PC CompanionRP18: 04.03.2013 19:18:56 - Sony PC CompanionRP19: 09.03.2013 19:20:01 - Sony PC CompanionRP20: 09.03.2013 19:34:50 - Installed Microsoft Visual C++ 2005 RedistributableRP21: 09.03.2013 19:40:21 - Removed Media GoRP22: 09.03.2013 19:41:29 - Removed Media Go Video Playback Engine 1.96.119.08260RP23: 09.03.2013 19:43:25 - Removed Microsoft Visual C++ 2005 RedistributableRP24: 09.03.2013 19:43:55 - Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148RP25: 09.03.2013 19:47:08 - Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161RP26: 09.03.2013 19:48:00 - Removed PlayStation®Store.RP27: 22.03.2013 01:54:09 - Scheduled CheckpointRP28: 03.04.2013 12:49:02 - Scheduled CheckpointRP29: 10.04.2013 16:30:41 - Scheduled CheckpointRP30: 12.04.2013 19:10:09 - Installed Java 7 Update 17.==== Installed Programs ======================.Adobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader XI (11.0.02)Adobe Shockwave Player 11.6ASUS Smart GestureAurora 19.0a2 (x86 en-US)Avira Free AntivirusIntel® Management Engine ComponentsIntel® OpenCL CPU RuntimeIntel® Processor GraphicsIntel® Trusted Connect Service ClientJava 7 Update 17Java Auto UpdaterK-Lite Codec Pack 9.5.5 (Full)Malwarebytes Anti-Malware version 1.75.0.1300Microsoft .NET Framework 4 Client ProfileMicrosoft Office 2010 Service Pack 1 (SP1)Microsoft Office Access MUI (English) 2010Microsoft Office Access Setup Metadata MUI (English) 2010Microsoft Office Excel MUI (English) 2010Microsoft Office Groove MUI (English) 2010Microsoft Office InfoPath MUI (English) 2010Microsoft Office Office 64-bit Components 2010Microsoft Office OneNote MUI (English) 2010Microsoft Office Outlook MUI (English) 2010Microsoft Office PowerPoint MUI (English) 2010Microsoft Office Professional Plus 2010Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2010Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared 64-bit MUI (English) 2010Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Word MUI (English) 2010Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Mozilla Maintenance ServiceNero 8neroxmlNVIDIA Control Panel 296.97NVIDIA Graphics Driver 296.97NVIDIA HD Audio Driver 1.3.13.1NVIDIA Install ApplicationNVIDIA Optimus 1.7.13NVIDIA Update 1.7.13NVIDIA Update ComponentsPlatformSkype™ 6.0Sony Ericsson Update EngineSony PC Companion 2.10.136swMSMVCRedistSetupVIA Platform Device ManagerVLC media player 2.0.4Windows Driver Package - ASUS (ATP) Mouse (08/27/2012 1.0.0.125)WinRAR archiver.==== End Of File =========================== Link to post Share on other sites More sharing options...
Nade Posted April 18, 2013 Author ID:671156 Share Posted April 18, 2013 DDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.17.2Run by Nade at 13:02:23 on 2013-04-18Microsoft Windows 7 Ultimate 6.1.7601.1.1251.389.1033.18.3980.2480 [GMT 2:00].AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\svchost.exe -k LocalServiceC:\Program Files\NVIDIA Corporation\Display\nvxdsync.exeC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\taskhost.exeC:\Program Files (x86)\Avira\AntiVir Desktop\sched.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exeC:\Program Files\Intel\iCLS Client\HeciServer.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exeC:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exeC:\Windows\system32\sppsvc.exeC:\Windows\system32\viakaraokesrv.exeC:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exeC:\Windows\system32\svchost.exe -k bthsvcsC:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exeC:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exeC:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exeC:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exeC:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exeC:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exeC:\Windows\system32\SearchProtocolHost.exeC:\Program Files (x86)\Aurora\firefox.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\system32\NOTEPAD.EXEC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.mWinlogon: Userinit = userinit.exeBHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLLBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: ASUS Browser Extension x86: {78234974-0C4B-4111-BDEB-D9A104418771} - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x86\BrowserExtension.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLLBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dlluRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe"uRun: [sony PC Companion] "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /BackgroundmRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -rmRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServicesmRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /minmRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllTCP: NameServer = 78.157.16.8 78.157.16.51 78.157.16.30TCP: Interfaces\{7BF084F8-9937-4922-A459-CEAF6E0C4FE6} : DHCPNameServer = 78.157.16.8 78.157.16.51 78.157.16.30TCP: Interfaces\{7BF084F8-9937-4922-A459-CEAF6E0C4FE6}\830323E21313E4 : DHCPNameServer = 217.16.69.1 217.16.69.3TCP: Interfaces\{7DE91B37-CB3C-4AB2-9581-A8130FB622A7} : DHCPNameServer = 92.55.71.27 89.205.127.21Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllAppInit_DLLs= C:\Windows\SysWOW64\nvinit.dllSSODL: WebCheck - <orphaned>SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLLx64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLLx64-BHO: ASUS Browser Extension x64: {78234974-0C4B-4111-BDEB-D9A104418772} - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x64\BrowserExtension64.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLLx64-Run: [ASUSQuickGesture(x86)] C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exex64-Run: [ASUSTPLoader(x64)] C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exex64-Run: [ASUSQuickGesture(x64)] C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exex64-Run: [igfxTray] C:\Windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exex64-Run: [Persistence] C:\Windows\System32\igfxpers.exex64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllx64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLx64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Nade\AppData\Roaming\Mozilla\Firefox\Profiles\9lmvvgj1.default\FF - prefs.js: browser.startup.homepage - google.comFF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLLFF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLLFF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dllFF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dllFF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dllFF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dllFF - plugin: C:\Windows\SysWOW64\npDeployJava1.dllFF - plugin: C:\Windows\SysWOW64\npmproxy.dll.============= SERVICES / DRIVERS ===============.R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2012-12-21 29032]R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-3-28 28600]R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-12-21 86752]R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-12-21 110816]R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-3-28 100712]R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-12-21 166720]R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-12-21 365376]R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\System32\ViakaraokeSrv.exe [2012-12-21 27760]R3 ATP;ASUS PS/2 Port Input Device;C:\Windows\System32\drivers\AsusTP.sys [2012-9-11 56704]R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-12-21 331264]R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-12-21 356632]R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-12-21 789272]R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-12-21 104560]R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-12-21 1838656]R3 rtbth;RTBTH Bluetooth Device Driver;C:\Windows\System32\drivers\rtbth.sys [2012-12-21 675424]R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2012-12-21 2193008]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\System32\drivers\ggflt.sys [2013-3-4 14448]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-14 19456]S3 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2013-3-4 155824]S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2012-11-14 29696]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-14 57856]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-14 30208]S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-11-14 1255736]S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944].=============== Created Last 30 ================.2013-04-17 02:23:57 -------- d-----w- C:\TMP2013-04-12 17:11:01 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll2013-03-28 05:02:25 28600 ----a-w- C:\Windows\System32\drivers\avkmgr.sys2013-03-28 05:02:25 100712 ----a-w- C:\Windows\System32\drivers\avgntflt.sys2013-03-21 17:04:33 252712 ----a-w- C:\Windows\ETDUninst.dll.==================== Find3M ====================.2013-04-12 17:10:56 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll2013-04-12 17:10:56 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll2013-04-04 12:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys2013-03-04 18:19:28 27760 ----a-w- C:\Windows\System32\drivers\ggsemc.sys2013-03-04 18:19:28 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll2013-03-04 18:19:28 14448 ----a-w- C:\Windows\System32\drivers\ggflt.sys.============= FINISH: 13:02:48,50 =============== Link to post Share on other sites More sharing options...
Larusso Posted April 18, 2013 ID:671166 Share Posted April 18, 2013 You are welcome.Logfiles appears clean so far. Any problems with this PC ? Link to post Share on other sites More sharing options...
Nade Posted April 18, 2013 Author ID:671167 Share Posted April 18, 2013 For now no, I saw that I still have that file in Quarantine in Malware, should I delete it? And If you dont mind, a bit of help how to prevent these bugs and worm from coming? As I said for now I have Avira the free version and Malwarebutes as well. Link to post Share on other sites More sharing options...
Larusso Posted April 18, 2013 ID:671172 Share Posted April 18, 2013 should I delete it?Not needed. They are in a good place and cant not be reactivated.I'll give you some tips to prevent reinfections when we are done here. So let me check if there are some leftovers( Note: This scan can take several hours )Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as AdministratorNote: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts. Turn off the real time scanner of any existing antivirus program while performing the online scanTick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the activex control to installClick StartMake sure that the option Remove found threats is unticked and the Scan Archives option is ticked.Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.Click ScanWait for the scan to finishWhen the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..." Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.Close the ESET online scan, and let me know how things are now. Link to post Share on other sites More sharing options...
Nade Posted April 18, 2013 Author ID:671212 Share Posted April 18, 2013 Hey Daniel...I just finished the scan, it came out with 4 threads, here is a copyC:\Program Files (x86)\Avira\AntiVir Desktop\apnic.dll a variant of Win32/Bundled.Toolbar.Ask applicationC:\Program Files (x86)\Avira\AntiVir Desktop\apntoolbarinstaller.exe a variant of Win32/Bundled.Toolbar.Ask applicationC:\Users\Nade\AppData\Local\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask applicationD:\Instal programs\avira_free_antivirus_en.exe a variant of Win32/Bundled.Toolbar.Ask applicationD:\Instal programs\Nero 8.1.1.0 Ultra Edition + Keygen [h33t] [CaZoR]\nero8x.exe a variant of Win32/Keygen.DS application Link to post Share on other sites More sharing options...
Nade Posted April 18, 2013 Author ID:671213 Share Posted April 18, 2013 Oh yes, should I uninstall the program? Link to post Share on other sites More sharing options...
Larusso Posted April 18, 2013 ID:671246 Share Posted April 18, 2013 Hy there.Form the list of installed software -> Nero 8D:\Instal programs\Nero 8.1.1.0 Ultra Edition + Keygen [h33t] [CaZoR]\nero8x.exe a variant of Win32/Keygen.DS application Cracked (Illegal) Software - Nero 8Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk. Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore. This is the most likely cause of your infection.If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer. Additionally, cracked programs are illegal. Before posting for help, you should uninstall any such applications.Refering to this sticky Topic, uninstall the software in question.Please launch DDS.Make sure that the following options are checked: DDS.txt attach.txtPress the Start Button.When done, DDS will open both logfiles which will also be saved on your desktop.Please post them in your next reply. Link to post Share on other sites More sharing options...
Nade Posted April 18, 2013 Author ID:671251 Share Posted April 18, 2013 I`ve deleted and unistalled Nero, here are the lists nowDDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.17.2Run by Nade at 16:50:13 on 2013-04-18Microsoft Windows 7 Ultimate 6.1.7601.1.1251.389.1033.18.3980.2717 [GMT 2:00].AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\svchost.exe -k LocalServiceC:\Program Files\NVIDIA Corporation\Display\nvxdsync.exeC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\taskhost.exeC:\Program Files (x86)\Avira\AntiVir Desktop\sched.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exeC:\Program Files\Intel\iCLS Client\HeciServer.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exeC:\Windows\system32\sppsvc.exeC:\Windows\system32\viakaraokesrv.exeC:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exeC:\Windows\system32\svchost.exe -k bthsvcsC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\System32\rundll32.exeC:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exeC:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exeC:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exeC:\Windows\System32\hkcmd.exeC:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exeC:\Windows\System32\igfxpers.exeC:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exeC:\Program Files (x86)\Aurora\firefox.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.mWinlogon: Userinit = userinit.exeBHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLLBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: ASUS Browser Extension x86: {78234974-0C4B-4111-BDEB-D9A104418771} - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x86\BrowserExtension.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLLBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dlluRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe"uRun: [sony PC Companion] "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /BackgroundmRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -rmRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServicesmRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /minmRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllTCP: NameServer = 78.157.16.30 78.157.16.51 78.157.16.8TCP: Interfaces\{7BF084F8-9937-4922-A459-CEAF6E0C4FE6} : DHCPNameServer = 78.157.16.30 78.157.16.51 78.157.16.8TCP: Interfaces\{7BF084F8-9937-4922-A459-CEAF6E0C4FE6}\830323E21313E4 : DHCPNameServer = 217.16.69.1 217.16.69.3TCP: Interfaces\{7DE91B37-CB3C-4AB2-9581-A8130FB622A7} : DHCPNameServer = 92.55.71.27 89.205.127.21Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllAppInit_DLLs= C:\Windows\SysWOW64\nvinit.dllSSODL: WebCheck - <orphaned>SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLLx64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLLx64-BHO: ASUS Browser Extension x64: {78234974-0C4B-4111-BDEB-D9A104418772} - C:\Program Files (x86)\ASUS\ASUS Smart Gesture\install\x64\BrowserExtension64.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLLx64-Run: [ASUSQuickGesture(x86)] C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exex64-Run: [ASUSTPLoader(x64)] C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exex64-Run: [ASUSQuickGesture(x64)] C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exex64-Run: [igfxTray] C:\Windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exex64-Run: [Persistence] C:\Windows\System32\igfxpers.exex64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllx64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLx64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Nade\AppData\Roaming\Mozilla\Firefox\Profiles\9lmvvgj1.default\FF - prefs.js: browser.startup.homepage - google.comFF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLLFF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLLFF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dllFF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dllFF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dllFF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dllFF - plugin: C:\Windows\SysWOW64\npDeployJava1.dllFF - plugin: C:\Windows\SysWOW64\npmproxy.dll.============= SERVICES / DRIVERS ===============.R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2012-12-21 29032]R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-3-28 28600]R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-12-21 86752]R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-12-21 110816]R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-3-28 100712]R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-12-21 166720]R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\System32\ViakaraokeSrv.exe [2012-12-21 27760]R3 ATP;ASUS PS/2 Port Input Device;C:\Windows\System32\drivers\AsusTP.sys [2012-9-11 56704]R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-12-21 331264]R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-12-21 356632]R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-12-21 789272]R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-12-21 104560]R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-12-21 1838656]R3 rtbth;RTBTH Bluetooth Device Driver;C:\Windows\System32\drivers\rtbth.sys [2012-12-21 675424]R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2012-12-21 2193008]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-12-21 365376]S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\System32\drivers\ggflt.sys [2013-3-4 14448]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-14 19456]S3 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2013-3-4 155824]S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2012-11-14 29696]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-14 57856]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-14 30208]S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-11-14 1255736]S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944].=============== Created Last 30 ================.2013-04-18 11:55:55 -------- d-----w- C:\Program Files (x86)\ESET2013-04-17 02:23:57 -------- d-----w- C:\TMP2013-04-12 17:11:01 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll2013-03-28 05:02:25 28600 ----a-w- C:\Windows\System32\drivers\avkmgr.sys2013-03-28 05:02:25 100712 ----a-w- C:\Windows\System32\drivers\avgntflt.sys2013-03-21 17:04:33 252712 ----a-w- C:\Windows\ETDUninst.dll.==================== Find3M ====================.2013-04-12 17:10:56 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll2013-04-12 17:10:56 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll2013-04-04 12:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys2013-03-04 18:19:28 27760 ----a-w- C:\Windows\System32\drivers\ggsemc.sys2013-03-04 18:19:28 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll2013-03-04 18:19:28 14448 ----a-w- C:\Windows\System32\drivers\ggflt.sys.============= FINISH: 16:50:49,26 =============== Link to post Share on other sites More sharing options...
Nade Posted April 18, 2013 Author ID:671252 Share Posted April 18, 2013 .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 UltimateBoot Device: \Device\HarddiskVolume1Install Date: 21.12.2012 12:34:02System Uptime: 18.04.2013 16:47:52 (0 hours ago).Motherboard: ASUSTeK COMPUTER INC. | | X55VDProcessor: Intel® Core i3-2328M CPU @ 2.20GHz | SOCKET 0 | 2200/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 231 GiB total, 191,914 GiB free.D: is FIXED (NTFS) - 235 GiB total, 233,337 GiB free.E: is CDROM ().==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP17: 04.03.2013 19:13:58 - Sony Ericsson PC CompanionRP18: 04.03.2013 19:18:56 - Sony PC CompanionRP19: 09.03.2013 19:20:01 - Sony PC CompanionRP20: 09.03.2013 19:34:50 - Installed Microsoft Visual C++ 2005 RedistributableRP21: 09.03.2013 19:40:21 - Removed Media GoRP22: 09.03.2013 19:41:29 - Removed Media Go Video Playback Engine 1.96.119.08260RP23: 09.03.2013 19:43:25 - Removed Microsoft Visual C++ 2005 RedistributableRP24: 09.03.2013 19:43:55 - Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148RP25: 09.03.2013 19:47:08 - Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161RP26: 09.03.2013 19:48:00 - Removed PlayStation®Store.RP27: 22.03.2013 01:54:09 - Scheduled CheckpointRP28: 03.04.2013 12:49:02 - Scheduled CheckpointRP29: 10.04.2013 16:30:41 - Scheduled CheckpointRP30: 12.04.2013 19:10:09 - Installed Java 7 Update 17RP31: 18.04.2013 16:44:10 - Removed Nero 8. Available with Windows Installer version 1.2 and later..==== Installed Programs ======================.Adobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader XI (11.0.02)Adobe Shockwave Player 11.6ASUS Smart GestureAurora 19.0a2 (x86 en-US)Avira Free AntivirusESET Online Scanner v3Intel® Management Engine ComponentsIntel® OpenCL CPU RuntimeIntel® Processor GraphicsIntel® Trusted Connect Service ClientJava 7 Update 17Java Auto UpdaterK-Lite Codec Pack 9.5.5 (Full)Malwarebytes Anti-Malware version 1.75.0.1300Microsoft .NET Framework 4 Client ProfileMicrosoft Office 2010 Service Pack 1 (SP1)Microsoft Office Access MUI (English) 2010Microsoft Office Access Setup Metadata MUI (English) 2010Microsoft Office Excel MUI (English) 2010Microsoft Office Groove MUI (English) 2010Microsoft Office InfoPath MUI (English) 2010Microsoft Office Office 64-bit Components 2010Microsoft Office OneNote MUI (English) 2010Microsoft Office Outlook MUI (English) 2010Microsoft Office PowerPoint MUI (English) 2010Microsoft Office Professional Plus 2010Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2010Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared 64-bit MUI (English) 2010Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Word MUI (English) 2010Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Mozilla Maintenance ServiceneroxmlNVIDIA Control Panel 296.97NVIDIA Graphics Driver 296.97NVIDIA HD Audio Driver 1.3.13.1NVIDIA Install ApplicationNVIDIA Optimus 1.7.13NVIDIA Update 1.7.13NVIDIA Update ComponentsPlatformSkype™ 6.0Sony Ericsson Update EngineSony PC Companion 2.10.136swMSMVCRedistSetupVIA Platform Device ManagerVLC media player 2.0.4Windows Driver Package - ASUS (ATP) Mouse (08/27/2012 1.0.0.125)WinRAR archiver.==== End Of File =========================== Link to post Share on other sites More sharing options...
Nade Posted April 18, 2013 Author ID:671253 Share Posted April 18, 2013 I appologise for the rule, I did not know. Link to post Share on other sites More sharing options...
Larusso Posted April 18, 2013 ID:671314 Share Posted April 18, 2013 Unless you have any open issues, you are good to go.Please follow these last few stepsPlease download delfix to your Desktop.Close all running programms.Doubleclick on the delfix.exe Make sure that all options are checked.Click Start.This tool will delete most of the tools we have used for the cleanup procedure. If something remaints, simply delete it.Now that you appear to be free from malware lets help you stay that way!It is vital that you keep your system up to datePlease enable Automatic Updates to keep your system up to date. Windows UpdatesWin XP: Start --> Control Panel and double- click on Automatic Updates.Vista / 7: Start --> Control Panel --> System and Security --> Windows Updates[*] Software UpdatesYour installed Software also can have vulnerabilities that malware can use to infect your system.To keep your installed Software up to date I recommend File Hippo.Anti Virus Software Make sure to have one Anti Virus programme installed and update it on a regular basis. It is useless with out of date definitions.Additional Protection Malwarebytes Anti MalwareThe freeware Version is an on demand scanner which will check your system for malware. Update it once a week and run a Quick Scan. You can also buy a licence which offers more features. WinPatrolWinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. Safer Browsing Web of Trust ( WOT )This software helps you to stay away from sites that have malicious purposes. SpywareBlasterThis software helps prevent the installation of ActiveX-based spyware.Use an alternate browserOther browsers tend to be more secure than IE as they do not make use of active x objects. Active x objects can be used by spyware as an infection point on your computer. Opera FirefoxNote: If you use Firefox you may want to have a look on this Add Ons. AdblockPlus ( Blocks advertisments ) NoScript ( Blocks Java, Flash and JavaScript )Computer MaintenanceClean out your temp files on a regular basis -I recommend TFC ( Temp File Cleaner ).Thinking while surfingThere is no software which will protect your system from yourself. I have included some security related articles that I advise you read through in your own time. These articles will give you tips and advice on preventing infection, and how to stay safe whilst browsing the internet. Staying Safe on the Internet ( by Glaswegian ) Making Internet Explorer Safer. Think Prevention!If you have any questions kindly ask. Please respond to this thread one more time so we can mark this thread as resolved. Link to post Share on other sites More sharing options...
Nade Posted April 18, 2013 Author ID:671343 Share Posted April 18, 2013 Daniel, thank you for your time and patience, I have only one more question, regarding Spyware Blaster, If I install it, woul it work well with Avira and MAlwarebutes as well? After your answer you may close this thread. I thank you again for your helpBest regardsNade Link to post Share on other sites More sharing options...
Larusso Posted April 18, 2013 ID:671351 Share Posted April 18, 2013 I run it beside MSE and MBAM Pro, so it should work without any problems Link to post Share on other sites More sharing options...
Maurice Naggar Posted April 20, 2013 ID:672133 Share Posted April 20, 2013 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts