Pyrolean Posted July 3, 2013 ID:698297 Share Posted July 3, 2013 Hi, Since my computer is lately running too slow, I suspect I got infected by a virus or anything similar. Please find here my DDS and Roughkiller logs: DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 10.0.9200.16611Run by Luis at 15:26:37 on 2013-07-03.============== Running Processes ================.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Program Files\AVAST Software\Avast\AvastSvc.exeC:\Windows\Explorer.EXEC:\Program Files\AVAST Software\Avast\AvastUI.exeC:\Windows\system32\DllHost.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Windows\system32\conhost.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\svchost.exe -k NetworkService.============== Pseudo HJT Report ===============.BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dllBHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLLBHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dllBHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLLBHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dllTB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dllTB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dllTB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dllmRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /noguimPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: An vorhandene PDF-Datei anfügen - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.htmlIE: In Adobe PDF konvertieren - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.htmlIE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlIE: Linkziel in Adobe PDF konvertieren - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlIE: Nach Microsoft E&xcel exportieren - c:\progra~1\micros~1\office14\EXCEL.EXE/3000IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dllTCP: NameServer = 212.186.211.21 195.34.133.21TCP: Interfaces\{EDF01445-80BF-47F3-BF3A-EF7CAD19CB2F} : DHCPNameServer = 212.186.211.21 195.34.133.21TCP: Interfaces\{EDF01445-80BF-47F3-BF3A-EF7CAD19CB2F}\7416C61687970235F523337353 : DHCPNameServer = 192.168.16.1TCP: Interfaces\{EDF01445-80BF-47F3-BF3A-EF7CAD19CB2F}\F456354714D274163747 : DHCPNameServer = 213.33.99.70 80.120.17.70Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLLHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dllNotify: SDWinLogon - SDWinLogon.dllSSODL: WebCheck - <orphaned>SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLLSEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLLmASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.116\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome.============= SERVICES / DRIVERS ===============..=============== Created Last 30 ================.2013-07-02 06:10:09 7068072 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{bc0bdf9c-f751-44d5-9d45-a2c61b031471}\mpengine.dll2013-06-26 19:44:17 -------- d-----w- c:\users\luis\appdata\roaming\Canneverbe Limited2013-06-26 19:44:17 -------- d-----w- c:\programdata\Canneverbe Limited2013-06-21 14:58:28 -------- d-----w- c:\program files\Microsoft Security Client2013-06-18 12:28:51 -------- d-----w- c:\program files\Medieval Software2013-06-12 20:23:06 2706432 ----a-w- c:\windows\system32\mshtml.tlb2013-06-12 20:23:05 218112 ----a-w- c:\program files\internet explorer\sqmapi.dll2013-06-12 06:07:27 1505280 ----a-w- c:\windows\system32\d3d11.dll2013-06-12 06:07:20 24576 ----a-w- c:\windows\system32\cryptdlg.dll2013-06-12 06:07:12 903168 ----a-w- c:\windows\system32\certutil.exe2013-06-12 06:07:12 1160192 ----a-w- c:\windows\system32\crypt32.dll2013-06-12 06:07:11 43008 ----a-w- c:\windows\system32\certenc.dll2013-06-12 06:07:11 140288 ----a-w- c:\windows\system32\cryptsvc.dll2013-06-12 06:07:11 103936 ----a-w- c:\windows\system32\cryptnet.dll2013-06-12 06:07:05 492544 ----a-w- c:\windows\system32\win32spl.dll2013-06-12 06:07:04 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll2013-06-12 06:07:01 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe2013-06-12 06:07:00 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe2013-06-12 06:06:57 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys2013-06-10 17:47:54 -------- d-----w- c:\windows\pss2013-06-09 15:56:10 -------- d-----w- c:\users\luis\appdata\roaming\CANON INC2013-06-09 14:58:41 -------- d-----w- c:\users\luis\appdata\roaming\Canon_Inc_IC2013-06-09 14:56:09 -------- d-----w- c:\program files\Canon2013-06-09 14:56:05 -------- d-----w- c:\program files\common files\Canon_Inc_IC2013-06-09 14:42:55 -------- d-----w- c:\programdata\Canon_Inc_IC2013-06-08 19:27:06 73728 ----a-r- c:\users\luis\appdata\roaming\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe2013-06-08 19:27:06 73728 ----a-r- c:\users\luis\appdata\roaming\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe2013-06-08 19:27:06 73728 ----a-r- c:\users\luis\appdata\roaming\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\ARPPRODUCTICON.exe2013-06-08 19:07:38 -------- d-----w- c:\program files\DirectVobSub.==================== Find3M ====================.2013-07-03 13:03:36 23552 ----a-w- c:\windows\system32\drivers\monitor.sys.bak2013-06-28 08:36:12 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys2013-06-28 08:35:53 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys2013-05-17 01:25:57 1767936 ----a-w- c:\windows\system32\wininet.dll2013-05-17 01:25:27 2877440 ----a-w- c:\windows\system32\jscript9.dll2013-05-17 01:25:26 61440 ----a-w- c:\windows\system32\iesetup.dll2013-05-17 01:25:26 109056 ----a-w- c:\windows\system32\iesysprep.dll2013-05-14 08:40:13 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe2013-05-11 08:45:33 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll2013-05-10 07:57:38 49728 ----a-w- c:\windows\system32\AdobePDF.dll2013-05-10 07:57:34 25160 ----a-w- c:\windows\system32\AdobePDFUI.dll2013-05-09 08:59:10 61680 ----a-w- c:\windows\system32\drivers\aswRdr2.sys2013-05-09 08:59:10 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys2013-05-09 08:59:09 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys2013-05-09 08:58:37 41664 ----a-w- c:\windows\avastSS.scr2013-05-02 00:06:08 238872 ------w- c:\windows\system32\MpSigStub.exe2013-04-13 04:45:16 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll2013-04-13 04:45:15 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll2013-04-12 13:45:29 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys2013-04-10 05:18:40 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys2013-04-10 05:18:40 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys2013-04-10 03:14:06 2347520 ----a-w- c:\windows\system32\win32k.sys2013-04-09 13:37:00 51144 ----a-w- c:\windows\system32\drivers\Soluto.sys.============= FINISH: 15:27:21,41 =============== RogueKiller V8.6.2 [Jul 2 2013] by Tigzymail : tigzyRK<at>gmail<dot>comBlog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits versionStarted in : Normal modeUser : Luis [Admin rights]Mode : Scan -- Date : 07/03/2013 15:33:24| ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: +++++--- User ---[MBR] 98c63b410177239a0580bee34c6ab7d9[bSP] 88b1216fb8708809541a6ecd3c228b11 : Windows 7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 226259 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 463378860 | Size: 12213 MoUser = LL1 ... OK!User = LL2 ... OK! Finished : << RKreport[0]_S_07032013_153324.txt >> Thanks in advance for your help! Cheers,P.attach.rar Link to post Share on other sites More sharing options...
Pyrolean Posted July 3, 2013 Author ID:698340 Share Posted July 3, 2013 Hi, can anyone help me? Link to post Share on other sites More sharing options...
Maniac Posted July 3, 2013 ID:698470 Share Posted July 3, 2013 Hello Pyrolean and ! My name is Maniac and I will be glad to help you solve your malware problem. Please note:If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.Make sure you read all of the instructions and fixes thoroughly before continuing with them.Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.Step 1Launch Malwarebytes' Anti-MalwareGo to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.Go to Scanner tab and select Perform Quick Scan, then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately. Step 2 Please scan your machine with ESET OnlineScanHold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScanClick the button.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your Desktop.Double click on the to download the ESET Smart Installer. icon on your Desktop.Check "YES, I accept the Terms of Use."Click the Start button.Accept any security warnings from your browser.Under Scan Settings, check "Scan Archives" and "Remove found threats" Click Advanced settings and select the following:Scan potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth technologyESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.When the scan completes, click List ThreatsClick Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.Click the Back button.Click the Finish button.In your next reply, post the following log files:Malwarebytes' Anti-Malware logESET Online Scanner log Link to post Share on other sites More sharing options...
Pyrolean Posted July 3, 2013 Author ID:698489 Share Posted July 3, 2013 Hi! Thanks for your reply! There goes the first log: Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Versión de la Base de Datos: v2013.07.03.05 Windows 7 Service Pack 1 x86 NTFSInternet Explorer 10.0.9200.16618Luis :: LUIS-PC [administrador] 03.07.2013 15:10:54mbam-log-2013-07-03 (15-10-54).txt Tipos de Análisis: Análisis RápidoOpciones de análisis activado: Memoria | Inicio | Registro | Sistema de archivos | Heurística/Extra | Heurística/Shuriken | PUP | PUMOpciones de análisis desactivados: P2PObjetos examinados: 200111Tiempo transcurrido: 5 minuto(s), 36 segundo(s) Procesos en Memoria Detectados: 0(No se han detectado elementos maliciosos) Módulos de Memoria Detectados: 0(No se han detectado elementos maliciosos) Claves del Registro Detectados: 0(No se han detectado elementos maliciosos) Valores del Registro Detectados: 0(No se han detectado elementos maliciosos) Elementos de Datos del Registro Detectados: 0(No se han detectado elementos maliciosos) Carpetas Detectadas: 0(No se han detectado elementos maliciosos) Archivos Detectados: 0(No se han detectado elementos maliciosos) fin) Link to post Share on other sites More sharing options...
Pyrolean Posted July 4, 2013 Author ID:698751 Share Posted July 4, 2013 Hi again! And here the second log from ESET Online Scanner: C:\Windows.old\Users\Pyogenesis\Downloads\winamp563_full_emusic-7plus_all.exe Win32/OpenCandy application C:\Windows.old\Documents and Settings\Pyogenesis\Downloads\winamp563_full_emusic-7plus_all.exe Win32/OpenCandy application cleaned by deleting - quarantined Link to post Share on other sites More sharing options...
Maniac Posted July 4, 2013 ID:698760 Share Posted July 4, 2013 Download Dr.Web CureIt to the desktop. The download is nearly 104.6 MB in sizeTurn OFF your antivirus program. How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware ProgramsTurn off any other add-on security app {if you have them} like MBAM File System Protection.If this system is Windows 8/7 or VISTA, then Right-click on drweb-cureit.exe and select Run as Administrator.Otherwise, on Windows XP, doubleclick on drweb-cureit.exe file to start the tool.You will see a screen similar to this: Click the checkbox to participate, and then click on Continue button.Next Click on Select onjects for scanningNext Put a checkmark by clicking on the boxes as shown. Do not select Temporary files or System Restore points. Then click on Start scanning buttonThe scan in progress will be shown like this IF something is detected, you will see a screen similar to this For each item "detected", click on the Action column down arrow, like this Your options will be Cure or Ignore IF you see an item that you are very sure is ok, then un-check the checkbox for that item. Typically, you will keep the Cure default. Then click on the Neutralize button.When the actions are completed, you will see this Click on the green Open Report line. It will pop-up the report in NOTEPAD. Save the report to your desktop. The report will be called Cureit.logClose Dr.Web Cureit.Reboot your computer to allow files that were in use to be moved/deleted during reboot.After reboot, attach the log Cureit.log you saved previously in your next reply.Re-Enable your antivirus program when all done. Link to post Share on other sites More sharing options...
Pyrolean Posted July 5, 2013 Author ID:699023 Share Posted July 5, 2013 Hi, I did the scanning, but since no threat was found, I have no report to paste. Which one schould be the next step? Thanks,P. Link to post Share on other sites More sharing options...
Maniac Posted July 5, 2013 ID:699047 Share Posted July 5, 2013 How are things running now? Link to post Share on other sites More sharing options...
Pyrolean Posted July 5, 2013 Author ID:699065 Share Posted July 5, 2013 Hi, the pc is still running a little bit slow. Also, sometimes, whenever I jump from one tab to another I see half a second like a flawed screening of the content of the tab (as if it were like a virus blocked sreening, but only half a second). Looking forward to your further help, thanks again! Cheers,P. Link to post Share on other sites More sharing options...
Maniac Posted July 5, 2013 ID:699073 Share Posted July 5, 2013 Your system seems to be clean. Please try these tips: http://forums.malwarebytes.org/index.php?showtopic=81990 Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted July 10, 2013 Root Admin ID:700992 Share Posted July 10, 2013 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts