Jump to content

How to clean or remove infection from external drive


prabir_rio
 Share

Recommended Posts

As soon as I plug my external drive to my PC my QuickHeal antivirus gives me the following message. It doesn't repair the file or clean the infection but just display the message that the file is skipped. I am afraid of using the external drive that it may infect my PC as well. But i can't do a full formatting as well as I have a lot of my work files in it which I need to back up or copy before I format the whole drive. Please some one help to remove/clean the infection from my external drive. Also, why my antivirus is not cleaning the infection as it is a paid and full version one!!!

 

 

 

H:\Prabir\Personal\Other Programs\Downloads\FruityLoops355_Demo_Install.exe/FruityLoopsEngine.dll

Detected: "Trojan.Black.a.n9"

File is skipped

H:\Prabir\Personal\Other Programs\Downloads\FruityLoops355_Demo_Install.exe

File is skipped

H:\Prabir\Personal\Other Programs\Downloads\Downloadz\Codecs\need_this_to_play_smr_avi_movies.zip/setup.exe

Detected: "Trojan.Agent.ATV.n8"

File is skipped

H:\Prabir\Personal\Other Programs\Downloads\Downloadz\Codecs\need_this_to_play_smr_avi_movies.zip

File is skipped

H:\Prabir\Personal\Other Programs\Downloads\Downloadz\Codecs\smrpatchsetup.zip/setup.exe

Detected: "Trojan.Agent.ATV.n8"

File is skipped

 

Regards,

Prabir

Link to post
Share on other sites

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Connect your external, then checkmark all your hard drives
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.
Link to post
Share on other sites

Hi Marius,

 

Thanks for your response and extending your help. Please see below the log pasted.

 

C:\Users\user\AppData\Local\Temp\79312B7.tmp multiple threats
C:\Users\user\AppData\Local\Temp\7933600.tmp a variant of Win32/ELEX.L application
C:\Users\user\AppData\Local\Temp\7934415.tmp multiple threats
C:\Users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\415a8fa8-5fbae3b0 Java/Exploit.Agent.NRV trojan
C:\Users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\5aceb1f2-56305206 multiple threats
C:\Users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\5488f5b7-7956d77e multiple threats
C:\Users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\3ea43786-2f0bbe4b multiple threats
C:\Users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\6263f106-7e6b3103 a variant of Java/TrojanDownloader.OpenStream.NCM trojan
C:\Users\user\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\21b9c4c8-274d7488 Java/Exploit.CVE-2013-0422.CV trojan
C:\Users\user\Desktop - Copy\LaunchManager_Dritek_2.0.00_Vistax64Vistax86_A.zip multiple threats
F:\26.03.2012\Desktop\LaunchManager_Dritek_2.0.00_Vistax64Vistax86_A.zip multiple threats
F:\Programs\LaunchManager_Dritek_2.0.00_Vistax64Vistax86_A.zip multiple threats
H:\Prabir\Personal\Movies\English\BSPlayer Pro 2.56 Build 1043\keygen.rar a variant of Win32/Keygen.AC application
 
After the scan is completed, I enabled my Quick Heal Total Security and it again gave me the same messages for my external hard drives as I had posted earlier. Please guide me what to do next. 
 
​I don't have a continuous access to internet. So please bear with my delay in response.
 
With Regards,
Prabir 
Link to post
Share on other sites

There is not only a trojan on your external, but also within your system!

 

Scan with DDS

Download DDS and save it to your desktop from here or here or
here.

Disable any script blocker, and then double click dds.scr to run the tool.

When done, DDS will open two (2) logs
DDS.txt
Attach.txt
Save both reports to your desktop.

 

 

 

 

Scan with aswMBR


Please download aswMBR.exe to your desktop.

  • Double-click the aswMBR.exe to run it
  • When prompted with The application can use the Avast! Free Antivirus for scanning >> select No
  • Now click on the Scan button to start scan
  • On completion of the scan click Save Log, save it to your desktop and post the contents in your next reply


Note: There will also be a file on your desktop named MBR.dat(or similir) do not delete this for now it is a actual backup of the MBR(master boot record).

Link to post
Share on other sites

Hi,

 

Thank you very much. Please find the logs below:

 

DDS.TXT:

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.7600.16385  BrowserJavaVersion: 10.25.2
Run by user at 18:00:03 on 2013-09-14
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.91.1033.18.3002.1566 [GMT 5.5:30]
.
AV: Quick Heal Total Security 13.00 *Enabled/Updated* {D8418B0E-EE80-1320-B172-3D5DEB3CE14F}
SP: Quick Heal Total Security 13.00 *Enabled/Updated* {63206AEA-C8BA-1CAE-8BC2-062F90BBABF2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Quick Heal Firewall *Enabled* {E07A0A2B-A4EF-1278-9A2D-946815EFA634}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Fingerprint Sensor\AtService.exe
C:\Program Files\Acer Bio Protection\CompPtcVUI.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
C:\Program Files\Quick Heal\Quick Heal Total Security\EMLPROXY.EXE
C:\Program Files\Google\Google Input Tools\GoogleInputService.exe
C:\Program Files\Acer Bio Protection\BASVC.exe
C:\Program Files\Quick Heal\Quick Heal Total Security\opssvc.exe
C:\Program Files\Quick Heal\Quick Heal Total Security\quhlpsvc.exe
C:\Program Files\Quick Heal\Quick Heal Total Security\SCANWSCS.EXE
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Reliance 3G\AssistantServices.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Google\Google Input Tools\GoogleInputHandler.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Acer Bio Protection\PdtWzd.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Quick Heal\Quick Heal Total Security\onlinent.exe
C:\Program Files\Reliance 3G\UIExec.exe
C:\Program Files\Quick Heal\Quick Heal Total Security\SCANMSG.EXE
C:\Program Files\Quick Heal\Quick Heal Total Security\UPSCHD.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Acer Bio Protection\PwdBank.exe
C:\Program Files\Reliance 3G\UIMain.exe
C:\Program Files\Reliance 3G\CMUpdater.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE
C:\Windows\system32\taskeng.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\conduitengine\ConduitEngine.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: {B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE} - <orphaned>
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: uTorrentBar Toolbar: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - c:\program files\utorrentbar\tbuTor.dll
TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\conduitengine\ConduitEngine.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\conduitengine\ConduitEngine.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Google Update] "c:\users\user\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Ekolurc] c:\users\user\appdata\roaming\avwyor\ernen.exe
uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [VitaKeyPdtWzd] "c:\program files\acer bio protection\PdtWzd.exe"
mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Quick Heal Core UI] "c:\program files\quick heal\quick heal total security\strtupap.exe"
mRun: [uIExec] "c:\program files\reliance 3g\UIExec.exe"
mRun: [sonicWALLNetExtender] c:\program files\sonicwall\ssl-vpn\netextender\NEGui.exe -hideGUI -clearReboot
mRun: [Autodesk Sync] c:\program files\autodesk\autodesk sync\AdSync.exe
mRun: [AutorunRemover.exe] c:\program files\autorunremover\AutorunRemover.exe -Hide
mRun: [uSBAntivirus.exe] c:\program files\usbantivirus\USBAntivirus.exe -Hide
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\program files\acer bio protection\PwdBank.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TCP: Interfaces\{4C9A4BB0-C45B-4C22-92EE-814A2882B54F} : NameServer = 220.226.6.104 220.226.100.40
TCP: Interfaces\{577885E7-6B1B-423A-8B0F-33C7EA524708}\34F42554 : DHCPNameServer = 217.77.71.33 217.77.71.1
TCP: Interfaces\{577885E7-6B1B-423A-8B0F-33C7EA524708}\34F42554741424F4E4 : DHCPNameServer = 217.77.71.33 217.77.71.1
TCP: Interfaces\{577885E7-6B1B-423A-8B0F-33C7EA524708}\36F62756D696E696E67613 : DHCPNameServer = 192.168.168.10 192.168.168.168 192.168.10.15
TCP: Interfaces\{577885E7-6B1B-423A-8B0F-33C7EA524708}\36F627D696E696E676 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{577885E7-6B1B-423A-8B0F-33C7EA524708}\84F44554C4026414C414943554 : DHCPNameServer = 8.8.8.8 195.24.192.33
TCP: Interfaces\{577885E7-6B1B-423A-8B0F-33C7EA524708}\C414026414C4149435540224F4E414E4A4F4 : DHCPNameServer = 8.8.8.8 195.24.192.33
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R1 ggc;ggc;c:\windows\system32\drivers\ggc.sys [2012-3-26 49864]
R1 wstif;wstif;c:\windows\system32\drivers\wstif.sys [2012-3-26 67136]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2009-8-5 1807608]
R2 Autodesk Content Service;Autodesk Content Service;c:\program files\autodesk\content service\Connect.Service.ContentService.exe [2012-1-31 19232]
R2 catflt;catflt;c:\windows\system32\drivers\catflt.sys [2011-8-6 39880]
R2 Core Mail Protection;Core Mail Protection;c:\program files\quick heal\quick heal total security\EMLPROXY.EXE [2011-8-6 29640]
R2 Core Scanning ServerEx;Core Scanning ServerEx;c:\program files\quick heal\quick heal total security\SAPISSVC.EXE [2011-8-6 206280]
R2 EMLSS;EMLSS;c:\windows\system32\drivers\EMLTDI.SYS [2012-3-26 29384]
R2 GoogleInputService;GoogleInputService;c:\program files\google\google input tools\GoogleInputService.exe [2012-11-7 164888]
R2 IGBASVC;EgisTec Service;c:\program files\acer bio protection\BASVC.exe [2009-9-5 3449856]
R2 Online Protection System;Online Protection System;c:\program files\quick heal\quick heal total security\OPSSVC.EXE [2011-8-6 24520]
R2 Quick Update Service;Quick Update Service;c:\program files\quick heal\quick heal total security\QUHLPSVC.EXE [2011-8-6 90568]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2013-5-14 3289208]
R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-1-26 3027840]
R2 UI Assistant Service;UI Assistant Service;c:\program files\reliance 3g\AssistantServices.exe [2012-5-18 270672]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2009-8-5 659328]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-7-10 122880]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-7-27 51712]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-11 4231168]
R3 NxDrv;SonicWALL NetExtender Adapter;c:\windows\system32\drivers\NxDrv.sys [2009-10-21 22600]
R3 wsnfmp;Network Filter Miniport;c:\windows\system32\drivers\wsnf.sys [2012-3-26 44616]
S0 mscank;mscank;c:\windows\system32\drivers\mscank.sys [2012-3-26 33096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Core Scanning Server;Core Scanning Server;c:\program files\quick heal\quick heal total security\SAPISSVC.EXE [2011-8-6 206280]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-6-21 162408]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-7-29 25112]
S3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2012-5-18 9216]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-12-23 174592]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-14 1343400]
S3 wsnf;Network Filter Service;c:\windows\system32\drivers\wsnf.sys [2012-3-26 44616]
.
=============== Created Last 30 ================
.
2013-09-12 09:00:11 -------- d-----w- c:\users\user\appdata\roaming\Malwarebytes
2013-09-12 08:59:50 -------- d-----w- c:\programdata\Malwarebytes
2013-09-12 08:59:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-09-11 16:28:28 -------- d-----w- c:\users\user\appdata\roaming\337 Wallpaper
2013-09-11 16:20:13 -------- d-----w- c:\programdata\Freemake
2013-09-11 16:20:01 -------- d-----w- c:\program files\Freemake
2013-09-11 15:46:39 -------- d-----w- c:\users\user\appdata\roaming\EurekaLog
2013-09-11 15:46:16 -------- d-----w- c:\program files\FDRLab
2013-09-11 08:01:23 -------- d-----w- c:\users\user\appdata\local\Programs
2013-08-23 06:51:30 -------- d-----w- c:\program files\USBAntivirus
.
==================== Find3M  ====================
.
2013-07-11 07:53:08 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-07-11 07:53:05 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-07-11 07:53:05 789416 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 18:03:18.23 ===============
 
ATTACH.TXT
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate 
Boot Device: \Device\HarddiskVolume1
Install Date: 23-12-2009 15:28:08
System Uptime: 14-09-2013 17:48:51 (1 hours ago)
.
Motherboard: Acer |  | Aspire 4736     
Processor: Intel® Core2 Duo CPU     T6600  @ 2.20GHz | uPGA-478 | 1188/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 45 GiB total, 7.819 GiB free.
D: is FIXED (NTFS) - 84 GiB total, 63.307 GiB free.
E: is FIXED (NTFS) - 84 GiB total, 43.688 GiB free.
F: is FIXED (NTFS) - 84 GiB total, 52.023 GiB free.
G: is CDROM ()
J: is CDROM (CDFS)
K: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet 4500 G510n-z
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet 4500 G510n-z
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service: 
.
Class GUID: 
Description: Officejet Pro 8500 A909g
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: 
Name: Officejet Pro 8500 A909g
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service: 
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet Pro 8500 A909g
Device ID: ROOT\MULTIFUNCTION\0002
Manufacturer: HP
Name: Officejet Pro 8500 A909g
PNP Device ID: ROOT\MULTIFUNCTION\0002
Service: 
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet P4014
Device ID: ROOT\MULTIFUNCTION\0003
Manufacturer: Hewlett-Packard
Name: HP LaserJet P4014
PNP Device ID: ROOT\MULTIFUNCTION\0003
Service: 
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet 4500 G510g-m
Device ID: ROOT\MULTIFUNCTION\0004
Manufacturer: HP
Name: Officejet 4500 G510g-m
PNP Device ID: ROOT\MULTIFUNCTION\0004
Service: 
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP LaserJet P4014
Device ID: ROOT\MULTIFUNCTION\0005
Manufacturer: Hewlett-Packard
Name: HP LaserJet P4014
PNP Device ID: ROOT\MULTIFUNCTION\0005
Service: 
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: mscank
Device ID: ROOT\LEGACY_MSCANK\0000
Manufacturer: 
Name: mscank
PNP Device ID: ROOT\LEGACY_MSCANK\0000
Service: mscank
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet 6500 E710n-z
Device ID: ROOT\MULTIFUNCTION\0006
Manufacturer: HP
Name: Officejet 6500 E710n-z
PNP Device ID: ROOT\MULTIFUNCTION\0006
Service: 
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Officejet 4500 G510n-z
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: Officejet 4500 G510n-z
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
.
==== System Restore Points ===================
.
RP236: 05-09-2013 16:04:53 - Scheduled Checkpoint
.
==== Installed Programs ======================
.
µTorrent
32 Bit HP CIO Components Installer
4500_G510nz_Help
4500G510nz
4500G510nz_Software_Min
Acer Bio Protection
Acer Crystal Eye Webcam
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Photoshop 7.0
Adobe Reader 9.5.2 MUI
Adobe Shockwave Player 11.5
Ahead Nero Burning ROM
ALPS Touch Pad Driver
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
AuthenTec Fingerprint Software
AutoCAD 2013 - English
AutoCAD 2013 Language Pack - English
Autodesk Content Service
Autodesk Content Service Language Pack
Autodesk Material Library 2013
Autodesk Material Library Base Resolution Image Library 2013
Autodesk Sync
Broadcom Wireless LAN Driver Installation Program for Windows7
BtwMfcMM
BufferChm
calibre
CCleaner
Conduit Engine
CutePDF Writer 2.8
Destinations
DeviceDiscovery
DivX Setup
DjVuLibre+DjView
DocMgr
DocProc
ESET Online Scanner v3
FARO LS 1.1.406.58
Fax
Fingerprint Solution
Google Chrome
Google Earth
Google Input Bengali
Google Input Tools
Google Talk Plugin
Google Update Helper
GoToMeeting 5.1.0.880
GPBaseService2
HP Customer Participation Program 13.0
HP Document Manager 2.0
HP Imaging Device Functions 13.0
HP Officejet 4500 G510n-z
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Update
HPProductAssistant
HPSSupply
Intel® Graphics Media Accelerator Driver
Intel® TV Wizard
Intel® Matrix Storage Manager
Java 7 Update 25
Java Auto Updater
JMicron Flash Media Controller Driver
Leapfrog Viewer version 2
MapInfo Beta Data
MapInfo Professional 9.5
MarketResearch
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network
OCR Software by I.R.I.S. 13.0
PowerDVD
Quick Heal Total Security
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Reliance 3G
Reliance Netconnect - Broadband+
Scan
Shop for HP Supplies
Skype Click to Call
Skype™ 6.6
SmartWebPrinting
SolutionCenter
SonicWALL SSL-VPN NetExtender
Status
Synaptics Pointing Device Driver
TeamViewer 7
Toolbox
TrayApp
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
uTorrentBar Toolbar
VC80CRTRedist - 8.0.50727.4053
VideoLAN VLC media player 0.8.6b
VS10RuntimeWin32
WebReg
WinRAR archiver
Yahoo! Messenger
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
14-09-2013 17:50:59, Error: Microsoft-Windows-DNS-Client [1012]  - There was an error while attempting to read the local hosts file.
14-09-2013 17:50:20, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
14-09-2013 17:49:24, Error: Service Control Manager [7000]  - The Security Center service failed to start due to the following error:  The account specified for this service is different from the account specified for other services running in the same process.
14-09-2013 17:49:12, Error: Service Control Manager [7003]  - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
14-09-2013 17:49:12, Error: Service Control Manager [7003]  - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
14-09-2013 17:49:11, Error: Service Control Manager [7023]  - The Computer Browser service terminated with the following error:  The specified service does not exist as an installed service.
12-09-2013 20:53:33, Error: Service Control Manager [7001]  - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
12-09-2013 20:53:06, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
12-09-2013 20:51:58, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
12-09-2013 20:51:57, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
12-09-2013 20:51:57, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12-09-2013 20:51:56, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
12-09-2013 20:51:56, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
12-09-2013 20:51:54, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12-09-2013 20:51:47, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
12-09-2013 20:51:33, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD CSC DfsC discache ggc NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf wstif
12-09-2013 20:51:33, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
12-09-2013 20:51:33, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
12-09-2013 20:51:33, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
12-09-2013 20:51:33, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
12-09-2013 20:51:33, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
12-09-2013 20:51:33, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
12-09-2013 20:51:33, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
12-09-2013 20:51:33, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
12-09-2013 20:51:33, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
12-09-2013 20:51:33, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
12-09-2013 20:46:44, Error: Service Control Manager [7022]  - The Online Protection System service hung on starting.
12-09-2013 20:42:07, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
12-09-2013 11:57:48, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the UI Assistant Service service to connect.
12-09-2013 11:57:48, Error: Service Control Manager [7000]  - The UI Assistant Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
12-09-2013 09:41:07, Error: Service Control Manager [7034]  - The FreemakeVideoCapture service terminated unexpectedly.  It has done this 1 time(s).
12-09-2013 09:36:26, Error: Service Control Manager [7000]  - The WinPcap Packet Driver (NPF) service failed to start due to the following error:  The system cannot find the file specified.
12-09-2013 07:07:27, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
12-09-2013 07:07:27, Error: Service Control Manager [7000]  - The Windows Search service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
12-09-2013 07:06:57, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
12-09-2013 07:06:57, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-1073473535.
11-09-2013 22:03:45, Error: Service Control Manager [7034]  - The WinZiper service service terminated unexpectedly.  It has done this 1 time(s).
10-09-2013 21:48:02, Error: Service Control Manager [7031]  - The Autodesk Content Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
08-09-2013 20:45:01, Error: cdrom [11]  - The driver detected a controller error on \Device\CdRom0.
07-09-2013 09:18:16, Error: Service Control Manager [7038]  - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:  The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
07-09-2013 09:18:16, Error: Service Control Manager [7000]  - The UPnP Device Host service failed to start due to the following error:  The service did not start due to a logon failure.
07-09-2013 09:18:16, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
.
==== End Of File ===========================
 
ansMBR.dat
 
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-09-14 18:07:51
-----------------------------
18:07:51.210    OS Version: Windows 6.1.7600 
18:07:51.210    Number of processors: 2 586 0x170A
18:07:51.212    ComputerName: USER-PC  UserName: user
18:07:52.078    Initialize success
18:08:11.266    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:08:11.270    Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
18:08:11.368    Disk 0 MBR read successfully
18:08:11.372    Disk 0 MBR scan
18:08:11.377    Disk 0 Windows 7 default MBR code
18:08:11.382    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        46077 MB offset 63
18:08:11.387    Disk 0 Partition - 00     0F Extended LBA            259157 MB offset 94365810
18:08:11.408    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        86388 MB offset 94365873
18:08:11.415    Disk 0 Partition - 00     05     Extended             86388 MB offset 271289655
18:08:11.433    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        86388 MB offset 271289718
18:08:11.442    Disk 0 Partition - 00     05     Extended             86380 MB offset 625137345
18:08:11.464    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS        86380 MB offset 448213563
18:08:11.474    Disk 0 scanning sectors +625121280
18:08:11.568    Disk 0 scanning C:\Windows\system32\drivers
18:08:17.327    Service scanning
18:08:39.159    Modules scanning
18:08:46.834    Disk 0 trace - called modules:
18:08:46.846    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll dxgkrnl.sys igdkmd32.sys dxgmms1.sys 
18:08:46.852    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87a89030]
18:08:46.859    3 CLASSPNP.SYS[8c58e59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86c31028]
18:08:46.865    Scan finished successfully
18:10:06.082    Disk 0 MBR has been saved successfully to "C:\Users\user\Desktop\MBR.dat"
18:10:06.089    The log file has been saved successfully to "C:\Users\user\Desktop\aswMBR.txt"
 
With Regards,
 
Prabir 
Link to post
Share on other sites

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe



When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.

Link to post
Share on other sites

I have run combofix as suggested. I had manually disabled the antivirus before but somehow combofix keeps up popping message that the AV is enabled. I don't understand why, but I finally ran combofix. Please see the log below. Also, I didn't connected my external drive while running the program as that was not suggested.

 

 

 

ComboFix 13-09-14.01 - user 15-09-2013  20:39:16.1.2 - x86
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.91.1033.18.3002.1798 [GMT 5.5:30]
Running from: c:\users\user\Desktop\ComboFix.exe
AV: Quick Heal Total Security 13.00 *Enabled/Updated* {D8418B0E-EE80-1320-B172-3D5DEB3CE14F}
FW: Quick Heal Firewall *Enabled* {E07A0A2B-A4EF-1278-9A2D-946815EFA634}
SP: Quick Heal Total Security 13.00 *Enabled/Updated* {63206AEA-C8BA-1CAE-8BC2-062F90BBABF2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Pitney Bowes MapInfo Professional v9.5_+_Example_Data\MIPro_v9.5_TrialData.exe
c:\users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\user\Documents\~WRL0005.tmp
c:\users\user\Documents\~WRL0006.tmp
c:\users\user\Documents\~WRL0241.tmp
c:\users\user\Documents\~WRL0412.tmp
c:\users\user\Documents\~WRL0513.tmp
c:\users\user\Documents\~WRL0693.tmp
c:\users\user\Documents\~WRL0743.tmp
c:\users\user\Documents\~WRL0858.tmp
c:\users\user\Documents\~WRL1060.tmp
c:\users\user\Documents\~WRL1089.tmp
c:\users\user\Documents\~WRL1107.tmp
c:\users\user\Documents\~WRL1138.tmp
c:\users\user\Documents\~WRL1233.tmp
c:\users\user\Documents\~WRL1475.tmp
c:\users\user\Documents\~WRL1512.tmp
c:\users\user\Documents\~WRL1999.tmp
c:\users\user\Documents\~WRL2150.tmp
c:\users\user\Documents\~WRL2406.tmp
c:\users\user\Documents\~WRL2419.tmp
c:\users\user\Documents\~WRL3090.tmp
c:\users\user\Documents\~WRL3102.tmp
c:\users\user\Documents\~WRL3191.tmp
c:\users\user\Documents\~WRL3224.tmp
c:\users\user\Documents\~WRL3375.tmp
c:\users\user\Documents\~WRL3487.tmp
c:\users\user\Documents\~WRL3520.tmp
c:\users\user\Documents\~WRL3643.tmp
c:\users\user\Documents\~WRL3685.tmp
c:\users\user\Documents\~WRL3831.tmp
c:\users\user\Documents\~WRL3867.tmp
c:\users\user\Documents\~WRL3876.tmp
c:\users\user\Documents\~WRL4020.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-15 to 2013-09-15  )))))))))))))))))))))))))))))))
.
.
2013-09-15 15:15 . 2013-09-15 15:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-12 09:00 . 2013-09-12 09:00 -------- d-----w- c:\users\user\AppData\Roaming\Malwarebytes
2013-09-12 08:59 . 2013-09-12 08:59 -------- d-----w- c:\programdata\Malwarebytes
2013-09-12 08:59 . 2013-09-12 15:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-09-11 16:28 . 2013-09-11 16:28 -------- d-----w- c:\users\user\AppData\Roaming\337 Wallpaper
2013-09-11 16:20 . 2013-09-12 04:11 -------- d-----w- c:\programdata\Freemake
2013-09-11 16:20 . 2013-09-12 04:11 -------- d-----w- c:\program files\Freemake
2013-09-11 15:46 . 2013-09-11 15:46 -------- d-----w- c:\users\user\AppData\Roaming\EurekaLog
2013-09-11 15:46 . 2013-09-11 15:46 -------- d-----w- c:\program files\FDRLab
2013-09-11 08:01 . 2013-09-11 08:01 -------- d-----w- c:\users\user\AppData\Local\Programs
2013-08-23 06:51 . 2013-08-23 06:55 -------- d-----w- c:\program files\USBAntivirus
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-11 07:53 . 2013-07-11 07:53 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-07-11 07:53 . 2012-08-27 11:20 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-07-11 07:53 . 2010-11-09 07:56 789416 ----a-w- c:\windows\system32\deployJava1.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 07:21 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 07:21 3911776 ----a-w- c:\program files\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-06-21 19875432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-08 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-08 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-08 151064]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-28 7625248]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"VitaKeyPdtWzd"="c:\program files\Acer Bio Protection\PdtWzd.exe" [2009-09-05 3570176]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-08-07 225280]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-09-03 1557800]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"Quick Heal Core UI"="c:\program files\Quick Heal\Quick Heal Total Security\strtupap.exe" [2011-08-06 161224]
"UIExec"="c:\program files\Reliance 3G\UIExec.exe" [2011-08-09 153424]
"SonicWALLNetExtender"="c:\program files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe" [2010-06-22 1103744]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-05 383424]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-12-23 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ    c:\program files\Acer Bio Protection\PwdFilter
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200445]
   Ime File REG_SZ          GoogleInputTools.ime
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R0 mscank;mscank;c:\windows\system32\DRIVERS\mscank.sys [2011-08-06 33096]
R2 Core Scanning ServerEx;Core Scanning ServerEx;c:\program files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE [2011-08-06 206280]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-06-21 162408]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-28 25112]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2011-03-26 9216]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-02 174592]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-13 1343400]
R3 wsnf;Network Filter Service;c:\windows\system32\DRIVERS\wsnf.sys [2011-08-06 44616]
R4 ggc;ggc;c:\windows\system32\DRIVERS\ggc.sys [2011-07-29 49864]
R4 Online Protection System;Online Protection System;c:\program files\Quick Heal\Quick Heal Total Security\opssvc.exe [2011-08-06 24520]
S1 wstif;wstif;c:\windows\system32\drivers\wstif.sys [2012-04-10 67136]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2009-08-04 1807608]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-01-31 19232]
S2 catflt;catflt;c:\windows\system32\DRIVERS\catflt.sys [2011-08-06 39880]
S2 Core Mail Protection;Core Mail Protection;c:\program files\Quick Heal\Quick Heal Total Security\EMLPROXY.EXE [2011-08-06 29640]
S2 Core Scanning Server;Core Scanning Server;c:\program files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE [2011-08-06 206280]
S2 EMLSS;EMLSS;c:\windows\system32\drivers\emltdi.sys [2011-08-06 29384]
S2 GoogleInputService;GoogleInputService;c:\program files\Google\Google Input Tools\GoogleInputService.exe [2012-11-07 164888]
S2 IGBASVC;EgisTec Service;c:\program files\Acer Bio Protection\BASVC.exe [2009-09-05 3449856]
S2 Quick Update Service;Quick Update Service;c:\program files\Quick Heal\Quick Heal Total Security\quhlpsvc.exe [2011-08-06 90568]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-05-14 3289208]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
S2 UI Assistant Service;UI Assistant Service;c:\program files\Reliance 3G\AssistantServices.exe [2011-08-09 270672]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-08-04 659328]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 122880]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-27 51712]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 NxDrv;SonicWALL NetExtender Adapter;c:\windows\system32\DRIVERS\NxDrv.sys [2009-10-21 22600]
S3 wsnfmp;Network Filter Miniport;c:\windows\system32\DRIVERS\wsnf.sys [2011-08-06 44616]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ    HPSLPSVC
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-04 06:22]
.
2013-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-04 06:22]
.
2013-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-108519296-852325044-3339374726-1000Core.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-01 15:11]
.
2013-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-108519296-852325044-3339374726-1000UA.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-01 15:11]
.
2013-09-15 c:\windows\Tasks\Resume Quickup Download.job
- c:\program files\Quick Heal\Quick Heal Total Security\ACAPPAA.EXE [2011-08-06 17:50]
.
.
------- Supplementary Scan -------
.

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Ekolurc - c:\users\user\AppData\Roaming\Avwyor\ernen.exe
HKLM-Run-AutorunRemover.exe - c:\program files\AutorunRemover\AutorunRemover.exe
HKLM-Run-USBAntivirus.exe - c:\program files\USBAntivirus\USBAntivirus.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(564)
c:\program files\Acer Bio Protection\PwdFilter.DLL
.
- - - - - - - > 'Explorer.exe'(3624)
c:\windows\System32\wer.dll
c:\windows\System32\SyncCenter.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Acer Bio Protection\CompPtcVUI.exe
c:\program files\Quick Heal\Quick Heal Total Security\SCANWSCS.EXE
c:\program files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
c:\windows\system32\sppsvc.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\taskhost.exe
c:\program files\Google\Google Input Tools\GoogleInputHandler.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2013-09-15  20:50:54 - machine was rebooted
ComboFix-quarantined-files.txt  2013-09-15 15:20
.
Pre-Run: 9,033,334,784 bytes free
Post-Run: 8,792,068,096 bytes free
.
- - End Of File - - 41B9412D053C3E1E9602147CA5354DA0
A36C5E4F47E84449FF07ED3517B43A31

 

 

With Regards,

Prabir
 

Link to post
Share on other sites

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

 

 

Full System Scan with Malwarebytes Antimalware


  • If not existing, please download
Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.



If the program is already installed:

  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

 

CFScript.txt

Link to post
Share on other sites

Please see the logs below:

 

Combofix.txt

 

ComboFix 13-09-14.01 - user 16-09-2013  21:50:14.3.2 - x86
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.91.1033.18.3002.1694 [GMT 5.5:30]
Running from: c:\users\user\Desktop\ComboFix.exe
Command switches used :: c:\users\user\Desktop\CFScript.txt
AV: Quick Heal Total Security 13.00 *Disabled/Updated* {D8418B0E-EE80-1320-B172-3D5DEB3CE14F}
FW: Quick Heal Firewall *Disabled* {E07A0A2B-A4EF-1278-9A2D-946815EFA634}
SP: Quick Heal Total Security 13.00 *Disabled/Updated* {63206AEA-C8BA-1CAE-8BC2-062F90BBABF2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\user\Desktop - Copy\LaunchManager_Dritek_2.0.00_Vistax64Vistax86_A.zip"
"f:\26.03.2012\Desktop\LaunchManager_Dritek_2.0.00_Vistax64Vistax86_A.zip"
"f:\programs\LaunchManager_Dritek_2.0.00_Vistax64Vistax86_A.zip"
"h:\prabir\Personal\Movies\English\BSPlayer Pro 2.56 Build 1043\keygen.rar"
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-16 to 2013-09-16  )))))))))))))))))))))))))))))))
.
.
2013-09-16 16:26 . 2013-09-16 16:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-12 09:00 . 2013-09-12 09:00 -------- d-----w- c:\users\user\AppData\Roaming\Malwarebytes
2013-09-12 08:59 . 2013-09-12 08:59 -------- d-----w- c:\programdata\Malwarebytes
2013-09-12 08:59 . 2013-09-12 15:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-09-11 16:28 . 2013-09-11 16:28 -------- d-----w- c:\users\user\AppData\Roaming\337 Wallpaper
2013-09-11 16:20 . 2013-09-12 04:11 -------- d-----w- c:\programdata\Freemake
2013-09-11 16:20 . 2013-09-12 04:11 -------- d-----w- c:\program files\Freemake
2013-09-11 15:46 . 2013-09-11 15:46 -------- d-----w- c:\users\user\AppData\Roaming\EurekaLog
2013-09-11 15:46 . 2013-09-11 15:46 -------- d-----w- c:\program files\FDRLab
2013-09-11 08:01 . 2013-09-11 08:01 -------- d-----w- c:\users\user\AppData\Local\Programs
2013-08-23 06:51 . 2013-08-23 06:55 -------- d-----w- c:\program files\USBAntivirus
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-11 07:53 . 2013-07-11 07:53 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-07-11 07:53 . 2012-08-27 11:20 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-07-11 07:53 . 2010-11-09 07:56 789416 ----a-w- c:\windows\system32\deployJava1.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-06-21 19875432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-08 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-08 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-08 151064]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-28 7625248]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"VitaKeyPdtWzd"="c:\program files\Acer Bio Protection\PdtWzd.exe" [2009-09-05 3570176]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-08-07 225280]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-09-03 1557800]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"Quick Heal Core UI"="c:\program files\Quick Heal\Quick Heal Total Security\strtupap.exe" [2011-08-06 161224]
"UIExec"="c:\program files\Reliance 3G\UIExec.exe" [2011-08-09 153424]
"SonicWALLNetExtender"="c:\program files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe" [2010-06-22 1103744]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-05 383424]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-12-23 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ    c:\program files\Acer Bio Protection\PwdFilter
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200445]
   Ime File REG_SZ          GoogleInputTools.ime
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R0 mscank;mscank;c:\windows\system32\DRIVERS\mscank.sys [2011-08-06 33096]
R2 Core Scanning Server;Core Scanning Server;c:\program files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE [2011-08-06 206280]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-08-14 3291008]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-06-21 162408]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-28 25112]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2011-03-26 9216]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-02 174592]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-13 1343400]
R3 wsnf;Network Filter Service;c:\windows\system32\DRIVERS\wsnf.sys [2011-08-06 44616]
R4 ggc;ggc;c:\windows\system32\DRIVERS\ggc.sys [2011-07-29 49864]
S1 wstif;wstif;c:\windows\system32\drivers\wstif.sys [2012-04-10 67136]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2009-08-04 1807608]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-01-31 19232]
S2 catflt;catflt;c:\windows\system32\DRIVERS\catflt.sys [2011-08-06 39880]
S2 Core Mail Protection;Core Mail Protection;c:\program files\Quick Heal\Quick Heal Total Security\EMLPROXY.EXE [2011-08-06 29640]
S2 Core Scanning ServerEx;Core Scanning ServerEx;c:\program files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE [2011-08-06 206280]
S2 EMLSS;EMLSS;c:\windows\system32\drivers\emltdi.sys [2011-08-06 29384]
S2 GoogleInputService;GoogleInputService;c:\program files\Google\Google Input Tools\GoogleInputService.exe [2012-11-07 164888]
S2 IGBASVC;EgisTec Service;c:\program files\Acer Bio Protection\BASVC.exe [2009-09-05 3449856]
S2 Quick Update Service;Quick Update Service;c:\program files\Quick Heal\Quick Heal Total Security\quhlpsvc.exe [2011-08-06 90568]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
S2 UI Assistant Service;UI Assistant Service;c:\program files\Reliance 3G\AssistantServices.exe [2011-08-09 270672]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-08-04 659328]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 122880]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-27 51712]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 NxDrv;SonicWALL NetExtender Adapter;c:\windows\system32\DRIVERS\NxDrv.sys [2009-10-21 22600]
S3 wsnfmp;Network Filter Miniport;c:\windows\system32\DRIVERS\wsnf.sys [2011-08-06 44616]
S4 Online Protection System;Online Protection System;c:\program files\Quick Heal\Quick Heal Total Security\opssvc.exe [2011-08-06 24520]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ    HPSLPSVC
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-04 06:22]
.
2013-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-04 06:22]
.
2013-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-108519296-852325044-3339374726-1000Core.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-01 15:11]
.
2013-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-108519296-852325044-3339374726-1000UA.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-01 15:11]
.
2013-09-16 c:\windows\Tasks\Resume Quickup Download.job
- c:\program files\Quick Heal\Quick Heal Total Security\ACAPPAA.EXE [2011-08-06 17:50]
.
.
------- Supplementary Scan -------
.

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(564)
c:\program files\Acer Bio Protection\PwdFilter.DLL
.
- - - - - - - > 'Explorer.exe'(4556)
c:\windows\system32\msiltcfg.dll
c:\windows\system32\LINKINFO.dll
c:\windows\System32\gameux.dll
c:\windows\system32\ieframe.DLL
c:\windows\System32\davclnt.dll
.
Completion time: 2013-09-16  21:59:11
ComboFix-quarantined-files.txt  2013-09-16 16:29
ComboFix2.txt  2013-09-16 15:49
ComboFix3.txt  2013-09-15 15:20
.
Pre-Run: 8,599,519,232 bytes free
Post-Run: 8,529,117,184 bytes free
.
- - End Of File - - 4A48B393AC6BC5C585A6A1B3EEA9E32D
A36C5E4F47E84449FF07ED3517B43A31
 

Malwarebytes Log:

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.16.06

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
user :: USER-PC [administrator]

Protection: Disabled

16-09-2013 22:12:22
mbam-log-2013-09-16 (22-12-22).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|H:\|I:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 612128
Time elapsed: 2 hour(s), 28 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKCU\SOFTWARE\3FWHZQA3LT (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\SMH2B46TDP (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKCU\Software\1ClickDownload (PUP.Optional.1ClickDownload.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 7
F:\Programs\Photoshop 7\Photoshop 7\_ISDel.exe (Trojan.Agent) -> Quarantined and deleted successfully.
H:\FreeAgent HD Backup\Prabir data from Acer\Programs\Photoshop 7\Photoshop 7\_ISDel.exe (Trojan.Agent) -> Quarantined and deleted successfully.
H:\Prabir\Personal\Movies\English\BSPlayer Pro 2.56 Build 1043\keygen.rar (Trojan.Agent) -> Quarantined and deleted successfully.
H:\Prabir\Personal\Programs\Photoshop 7\Photoshop 7\_ISDel.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\Prabir\Personal\Other Programs\Yahoo\ymsgr5.5.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
I:\Prabir\Personal\Other Programs\Downloads\Downloadz\DivX5 Real Cracked, Working\DivxPro.5.kgenfixed.DAMN.ShareReactor\DAMN_DivX50_kg.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
I:\Prabir\Personal\Other Programs\Downloads\Downloadz\DivX5 Real Cracked, Working\DivxPro.5.Bundle.DAMN.ShareReactor\DAMN_DivX50_kg.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.

(end)

 

However, I encountered a problem after restarting as the computer runs only in safe mode. It does load in normal mode but then as soon as you double click any program to run, say skype or excel, it just hangs with the curson going round and round.

 

Regards,

Prabir

Link to post
Share on other sites

  • Root Admin

Topic re-opened.  You will be given the benefit of the doubt this time but any future findings of piracy will result in the topic being closed again and no futher assistance being offered.
 

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Link to post
Share on other sites

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

Link to post
Share on other sites

Please see the Eset log below:

 

C:\Users\user\Desktop - Copy\LaunchManager_Dritek_2.0.00_Vistax64Vistax86_A.zip multiple threats
F:\26.03.2012\Desktop\LaunchManager_Dritek_2.0.00_Vistax64Vistax86_A.zip multiple threats
F:\Programs\LaunchManager_Dritek_2.0.00_Vistax64Vistax86_A.zip multiple threats
 
With Regards
Prabir 
Link to post
Share on other sites

 

C:\Users\user\Desktop - Copy\LaunchManager_Dritek_2.0.00_Vistax64Vistax86_A.zip multiple threats
F:\26.03.2012\Desktop\LaunchManager_Dritek_2.0.00_Vistax64Vistax86_A.zip multiple threats
F:\Programs\LaunchManager_Dritek_2.0.00_Vistax64Vistax86_A.zip multiple threats

 

These files aren´t malware but contain security risks. I would delete them immediately - your choice.

 

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner

Please download AdwCleaner to your desktop.

  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Delete
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[s1].txt also

SecurityCheck

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.

Link to post
Share on other sites

Marius,

 

The files deleted as suggested. Please find the logs below:

 

ADwCleaner log:

 

# AdwCleaner v3.004 - Report created 22/09/2013 at 08:43:44
# Updated 15/09/2013 by Xplode
# Operating System : Windows 7 Ultimate  (32 bits)
# Username : user - USER-PC
# Running from : C:\Users\user\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\1ClickDownload
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\users\user\AppData\LocalLow\uTorrentBar

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\tracing\askpartnercobrandingtool_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2542127
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AC0BA97-F4FC-4100-AC01-A81E717CFC8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1AC0BA97-F4FC-4100-AC01-A81E717CFC8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B241C2AB-2D84-4273-8CA5-4C2BE8DA4D32}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9332A984-F9A9-4246-8039-5DF22EF70A43}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentBar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\conduitEngine
Key Deleted : HKLM\Software\uTorrentBar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7600.16385

-\\ Google Chrome v

[ File : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [4025 octets] - [22/09/2013 08:39:13]
AdwCleaner[s0].txt - [3928 octets] - [22/09/2013 08:43:44]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [3988 octets] ##########

 

 

 

Checkup log:

 

 Results of screen317's Security Check version 0.99.73 
 Windows 7  x86 (UAC is enabled) 
 Out of date service pack!!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
 Windows Firewall Disabled! 
Quick Heal Total Security 13.00  
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 CCleaner    
 Java 7 Update 25 
 Adobe Reader 9 Adobe Reader out of Date!
 Google Chrome 29.0.1547.62 
 Google Chrome 29.0.1547.66 
````````Process Check: objlist.exe by Laurent```````` 
 Quick Heal Quick Heal Total Security onlinent.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 

With Regards,

 

Prabir

Link to post
Share on other sites

Your system is clean now! :)

 

 

Windows 7 out of date

Your Microsoft Windows installation is out of date. Microsoft continually releases security and stability updates for its supported operating systems and you should always apply these to help keep your PC secure. Out-of-date Windows installations represent a risk to your system and are also a conduit for the spread of malware. You should run the Windows Update program from your start menu to access the latest updates to your operating system (information can be found here). The latest service pack (SP1) can be obtained directly from Microsoft here.

 

 

 

 

Adobe Reader out of date

Your Adobe Reader is outdated. We will fix this.


  • Get the actual software from here. Important: Uncheck any optional software (for example Google Chrome, etc.) offered.
  • Run setup and follow the instructions.
  • Click upon Start-->control panel-->add/remove programs.
  • Search for and remove any older reader versions.

 

 

 

 

Uninstall our tools using delfix

Please follow these steps in order:

  1. In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  2. In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  3. In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process

[*] If there is still something left please delete it manualy.

 

 

 

 

How to protect yourself

  • System Updates
    Beeing up to date is very important. Please be sure to activate automatic updates in your control panel.
    Windows XP | Windows Vista |
    Windows 7 | windows 8
  • Protection
    What you need is one (not more) good virus scanner with backgroud protection. Additionally I recommend a special malwarescanner that you run from time to time.
    Personally I am using the avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer you good protection for free use. But please remember: You get only the full protection if you use the payed versions of your security software.
  • Up to date Software
    Stay up to date with all the programs you use. Some of those really have to have an eye on are: your browser(s) including add-ons and plug-ins, Java, Flash Player, your virus scanner, and basically every software you use often. These link may help you to check:

    [*] Backups
    There are chances for an emergency every day. So be prepared. Back up your data on a regular basis. If you burn it to DVDs from time to time, use a cloud-drive or a professional network backup system is your choice. [*] Brains
    It's no joke! You really need one of those things. :) It is very important not just to click anywhere it is colored or flashing while you surfing on the web. Do not click an OK button on any popping window without reading what it says. While installing software always choose the custom mode, read what those windows says and uncheck adware that will be installed along the software you want.

Link to post
Share on other sites

Hi Marius,

 

Thanks a ton. Its a relief to hear that the system is clean. I will run all the updates as you suggested. Please tell me what I should do with my external drives. Should I use them or throw them away. Can I copy data stored in them safely now!! Also please whats the best way to clean an external drive in future without getting the system effected like this time...

 

Regards,

Prabir

Link to post
Share on other sites

I don´t think the system was infected by the threats from the external drive.

 

For the futured, keep autorun functions disabled to ensure no potential threat can be executed when plugging in an external.

 

Then, scan the whole drive with for example ESET and remove found threats. To get a second opinion, feel free to scan with an on-demand scanner like MBAM afterwards.

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.