Jump to content

Infected - no internet access after removal


fimpen_b
 Share

Recommended Posts

Hi. Hope you can help. Here's the logs:

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.21.2
Run by Fredrik at 13:07:44 on 2013-12-11
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.46.1033.18.3582.2449 [GMT 1:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\emaudsv.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Syncrosoft\POS\H2O\cledx.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Personal\bin\Personal.exe
C:\Users\Fredrik\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Program Files\Everything\Everything.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
mRun: [H2O] c:\program files\syncrosoft\pos\h2o\cledx.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\fredrik\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\fredrik\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bankid~1.lnk - c:\program files\personal\bin\Personal.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: Interfaces\{31806A7B-F74D-48ED-8728-2E3113B50D2B} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{4F535746-6231-440B-A66A-FBBC34534015} : DHCPNameServer = 192.168.1.2
TCP: Interfaces\{913D9AF0-3C3A-4478-91DB-55891E190C01} : DHCPNameServer = 192.168.1.2
TCP: Interfaces\{913D9AF0-3C3A-4478-91DB-55891E190C01}\245627E6A6F6E6163737F6E6 : DHCPNameServer = 192.168.1.2
TCP: Interfaces\{EED3B6A4-01A2-46C6-89F0-E0D006086463} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\fredrik\appdata\roaming\mozilla\firefox\profiles\bxdqpzik.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\personal\bin\np_prsnl.dll
FF - plugin: c:\users\fredrik\appdata\local\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll
.
============= SERVICES / DRIVERS ===============
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-8-7 21992]
R2 emaudsv;E-MU Audio Service;c:\windows\system32\emaudsv.exe [2007-11-26 21504]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2013-1-18 383264]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2010-10-17 33792]
R3 emusba10;E-MU USB-Audio 1.0 Driver;c:\windows\system32\drivers\emusba10.sys [2010-10-6 164696]
R3 EMUXMIDI;E-MU Xmidi Driver;c:\windows\system32\drivers\EMUXMIDI.sys [2009-12-4 141656]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-12-11 40776]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
S3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\drivers\athrusb.sys [2007-4-20 870400]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 cxwibu;Team H2O WIBU Driver;c:\program files\wibukey\h2o\cxwibu.sys [2010-10-17 7040]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2013-12-11 108032]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-5-10 18432]
S3 NisSrv;Microsoft Network Inspection;"c:\program files\microsoft security client\nissrv.exe" --> c:\program files\microsoft security client\NisSrv.exe [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-6-25 15872]
S3 teVirtualMIDI32;teVirtualMIDI - Virtual MIDI Driver x86;c:\windows\system32\drivers\teVirtualMIDI32.sys [2010-11-15 21888]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-25 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-10-4 1343400]
S4 CBTWlanSrv;CBT Wlan Service;c:\windows\CBTWlanSrv.exe [2010-10-3 106496]
S4 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
.
=============== Created Last 30 ================
.
2013-12-11 11:55:15 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-12-11 11:36:55 -------- d-----w- c:\users\fredrik\appdata\local\Apple Computer
2013-12-11 11:35:33 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-12-11 11:35:33 -------- d-----w- c:\program files\iTunes
2013-12-11 11:35:33 -------- d-----w- c:\program files\iPod
2013-12-11 11:17:43 -------- d-----w- c:\users\fredrik\appdata\roaming\AVG2014
2013-12-11 11:17:06 -------- d-----w- c:\users\fredrik\appdata\roaming\TuneUp Software
2013-12-11 11:16:23 -------- d--h--w- C:\$AVG
2013-12-11 11:16:22 -------- d-----w- c:\programdata\AVG2014
2013-12-11 11:15:39 -------- d-----w- c:\program files\AVG
2013-12-11 11:13:14 -------- d--h--w- c:\programdata\Common Files
2013-12-11 11:13:14 -------- d-----w- c:\users\fredrik\appdata\local\MFAData
2013-12-11 11:13:14 -------- d-----w- c:\users\fredrik\appdata\local\Avg2014
2013-12-11 11:13:14 -------- d-----w- c:\programdata\MFAData
2013-12-11 11:06:26 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a80102cb-c3dd-40eb-a1e0-a2608aed2da1}\offreg.dll
2013-12-11 11:04:57 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-12-11 11:04:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-12-11 10:46:43 -------- d-----w- c:\windows\system32\wbem\repository
2013-12-11 10:18:52 -------- d-----w- C:\RegBackup
2013-12-11 10:11:16 -------- d-----w- c:\program files\Tweaking.com
2013-12-11 10:02:05 -------- d-----w- c:\windows\Migration
2013-12-11 09:28:10 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-12-11 09:28:10 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-12-11 09:28:10 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-12-11 09:28:10 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-12-11 09:28:10 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-12-11 09:28:10 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-12-11 09:28:10 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-12-11 09:18:39 7772552 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a80102cb-c3dd-40eb-a1e0-a2608aed2da1}\mpengine.dll
2013-12-11 09:13:50 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2013-12-11 09:13:49 164864 ----a-w- c:\program files\windows media player\wmplayer.exe
2013-12-10 23:11:29 2048 ----a-w- c:\windows\system32\tzres.dll
2013-12-10 23:11:27 301568 ----a-w- c:\windows\system32\msieftp.dll
2013-12-10 23:11:27 163840 ----a-w- c:\windows\system32\scrrun.dll
2013-12-10 23:11:27 141824 ----a-w- c:\windows\system32\wscript.exe
2013-12-10 23:11:27 126976 ----a-w- c:\windows\system32\cscript.exe
2013-12-10 23:11:27 121856 ----a-w- c:\windows\system32\wshom.ocx
2013-12-10 23:11:26 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2013-12-10 23:11:25 159232 ----a-w- c:\windows\system32\imagehlp.dll
2013-12-10 23:10:50 2349056 ----a-w- c:\windows\system32\win32k.sys
2013-12-10 23:10:49 81408 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-12-10 23:10:49 177152 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-12-10 22:48:58 3584 ----a-r- c:\users\fredrik\appdata\roaming\microsoft\installer\{121634b0-2f4b-11d3-ada3-00c04f52dd52}\Icon386ED4E3.exe
2013-12-10 22:48:58 -------- d-----w- c:\program files\Windows Installer Clean Up
2013-12-10 22:48:35 -------- d-----w- c:\program files\MSECACHE
2013-12-10 22:10:42 -------- d-----w- c:\users\fredrik\appdata\roaming\Zoom Player
2013-12-10 22:10:42 -------- d-----w- c:\users\fredrik\appdata\roaming\Wuala
2013-12-10 22:10:30 -------- d-----w- c:\users\fredrik\appdata\roaming\VST3 Presets
2013-12-10 22:10:30 -------- d-----w- c:\users\fredrik\appdata\roaming\Waves Audio
2013-12-10 22:10:30 -------- d-----w- c:\users\fredrik\appdata\roaming\Valhalla DSP, LLC
2013-12-10 22:10:29 -------- d-----w- c:\users\fredrik\appdata\roaming\uTorrent
2013-12-10 22:10:29 -------- d-----w- c:\users\fredrik\appdata\roaming\Topten Software
2013-12-10 22:10:29 -------- d-----w- c:\users\fredrik\appdata\roaming\theimagingfactory
2013-12-10 22:08:25 -------- d-----w- c:\users\fredrik\appdata\roaming\iZotope
2013-12-10 22:06:23 -------- d-----w- c:\users\fredrik\appdata\local\Wuala
2013-12-10 22:06:23 -------- d-----w- c:\users\fredrik\appdata\local\VirtualStore
2013-12-10 22:04:38 -------- d-----w- c:\users\fredrik\appdata\local\Spotify
2013-12-10 22:04:37 -------- d-----w- c:\users\fredrik\appdata\local\RawTherapee4.0
2013-12-10 22:04:37 -------- d-----w- c:\users\fredrik\appdata\local\Programs
2013-12-10 22:04:37 -------- d-----w- c:\users\fredrik\appdata\local\Native Instruments
2013-12-10 22:04:21 -------- d-----w- c:\users\fredrik\appdata\local\Mozilla
2013-12-10 22:03:55 -------- d-----w- c:\users\fredrik\appdata\local\Macromedia
2013-12-10 22:03:19 -------- d-----w- c:\users\fredrik\appdata\local\Google
2013-12-10 22:03:19 -------- d-----w- c:\users\fredrik\appdata\local\ESET
2013-12-10 22:03:15 -------- d-----w- c:\users\fredrik\appdata\local\ElevatedDiagnostics
2013-12-10 22:03:15 -------- d-----w- c:\users\fredrik\appdata\local\Deployment
2013-12-10 22:03:13 -------- d-----w- c:\users\fredrik\appdata\local\Apps
2013-12-10 22:03:04 -------- d-----w- c:\users\fredrik\appdata\local\Apple
2013-12-10 22:03:04 -------- d-----w- c:\users\fredrik\appdata\local\Alien Skin
2013-12-10 22:02:27 -------- d-----w- c:\users\fredrik\appdata\local\Adobe
2013-12-10 22:02:27 -------- d-----w- c:\users\fredrik\appdata\local\112dB
2013-12-10 22:01:02 -------- d-----w- c:\users\fredrik\.FBReader
2013-12-06 11:14:38 -------- d-----w- c:\program files\FBReader
2013-11-25 20:46:27 -------- d-----w- c:\windows\system32\crpfld
2013-11-25 20:46:23 -------- d-----w- c:\program files\Fielding DSP
2013-11-25 19:58:29 -------- d-----w- c:\program files\D-Link
2013-11-25 19:58:22 -------- d-----w- c:\program files\WinPcap
2013-11-25 08:44:09 1168384 ----a-w- c:\windows\system32\crypt32.dll
2013-11-25 08:44:05 679424 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-11-25 08:44:05 216576 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-11-25 08:44:04 656896 ----a-w- c:\windows\system32\nshwfp.dll
2013-11-25 08:44:00 1796096 ----a-w- c:\windows\system32\authui.dll
2013-11-25 08:44:00 168960 ----a-w- c:\windows\system32\credui.dll
2013-11-25 08:44:00 152576 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2013-11-25 08:43:54 99840 ----a-w- c:\windows\system32\sspicli.dll
2013-11-25 08:43:54 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2013-11-25 08:43:54 369848 ----a-w- c:\windows\system32\drivers\cng.sys
2013-11-25 08:43:54 247808 ----a-w- c:\windows\system32\schannel.dll
2013-11-25 08:43:54 220160 ----a-w- c:\windows\system32\ncrypt.dll
2013-11-25 08:43:54 22016 ----a-w- c:\windows\system32\secur32.dll
2013-11-25 08:43:54 22016 ----a-w- c:\windows\system32\lsass.exe
2013-11-25 08:43:54 136640 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-11-25 08:43:54 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2013-11-25 08:43:53 15872 ----a-w- c:\windows\system32\sspisrv.dll
2013-11-25 08:43:52 305152 ----a-w- c:\windows\system32\gdi32.dll
.
==================== Find3M  ====================
.
2013-12-06 14:06:06 256 ----a-w- c:\windows\system32\msvcsv60.dll
2013-11-26 09:23:02 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-26 09:22:11 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2013-11-26 08:53:56 61952 ----a-w- c:\windows\system32\iesetup.dll
2013-11-26 08:52:26 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2013-11-26 08:29:55 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-26 08:29:52 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2013-11-26 08:28:16 553472 ----a-w- c:\windows\system32\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- c:\windows\system32\jscript9.dll
2013-11-26 07:32:06 1928192 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-26 06:33:33 1820160 ----a-w- c:\windows\system32\wininet.dll
2013-11-11 04:50:18 230048 ----a-w- c:\windows\system32\MpSigStub.exe
2013-09-27 08:53:06 214696 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-09-14 00:48:58 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2001-01-05 14:51:08 162304 ----a-w- c:\program files\UNWISE.EXE
.
============= FINISH: 13:08:05,62 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate 
Boot Device: \Device\HarddiskVolume2
Install Date: 2010-10-03 22:41:26
System Uptime: 2013-12-11 12:54:26 (1 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. |  | EP35-DS4
Processor: Intel® Core2 Quad CPU    Q9550  @ 2.83GHz | Socket 775 | 3400/400mhz
.
==== Disk Partitions =========================
.
B: is FIXED (NTFS) - 466 GiB total, 318,571 GiB free.
C: is FIXED (NTFS) - 80 GiB total, 7,978 GiB free.
D: is FIXED (NTFS) - 386 GiB total, 81,339 GiB free.
E: is CDROM (CDFS)
F: is CDROM ()
G: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Nsynas32
Device ID: ROOT\LEGACY_NSYNAS32\0000
Manufacturer: 
Name: Nsynas32
PNP Device ID: ROOT\LEGACY_NSYNAS32\0000
Service: Nsynas32
.
==== System Restore Points ===================
.
RP562: 2013-12-11 12:15:07 - Installed AVG 2014
RP563: 2013-12-11 12:15:43 - Installed AVG 2014
RP564: 2013-12-11 12:34:31 - Installed iTunes
RP565: 2013-12-11 12:46:02 - Restore Operation
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
AC3Filter 1.63b
AcusticaAudio Nebula3Free
Addictive Drums
ADM 1.1.0
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader 9.5.2 - Svenska
Algorithmix Plugin Bundle 1.3
Alien Skin Blow Up
Alien Skin Exposure 2
Alien Skin Exposure 3
AmpegSVX
AmpliTube 3
AmpliTube Fender
AmpliTube2
Applied Acoustics Systems - Lounge Lizard EP-3 v3.1.2
Arturia CS-80V v1.5
µTorrent
AudioEase Altiverb VST RTAS v6.12
BankID säkerhetsprogram
Bass Audio Decoder (remove only)
BFD Windows Setup 2
Buzz build 1494
Camel Audio Alchemy
Cantabile 2.0 Lite
CCleaner
CD Audio Reader Filter (remove only)
CPUID CPU-Z 1.58
CS-80V2 2.0
D-Link Powerline AV Utility
DCoder Image Source (remove only)
DirectVobSub (remove only)
Drumaxx
DScaler 5 Mpeg Decoders
E-MU USB-MIDI Windows Drivers
E-MU USB Audio
eLicenser Control
Everything 1.2.1.371
FBReader for Windows
ffdshow [rev 3124] [2009-11-03]
FFMPEG Core Files (remove only)
Fielding DSP Reviver 1.3.2 (32-bit)
FileZilla Client 3.7.3
FL Studio 9
FLUX Spring Pack Bundle v1.0.4.14
foobar2000 v1.1
Gabest MPEG Splitter (remove only)
Gigaset USB Stick 108
Haali Media Splitter
Hardcore
IK Multimedia Amplitube v1.3
IL Download Manager
IL Harmless
ImgBurn
iZotope Trash
Java 7 Update 21
Java Auto Updater
Java 6 Update 39
KORG Legacy Collection - DIGITAL EDITION
Malwarebytes Anti-Malware version 1.75.0.1300
Mastering Edition 1.5
MEAP
MeldaProduction MFreeEffectsBundle 7
Melodyne Runtime 4.1 (x86)
Microsoft .NET Framework 4.5.1
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access MUI (Swedish) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel 2007 Help Uppdatering (KB963678)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel MUI (Swedish) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove MUI (Swedish) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office InfoPath MUI (Swedish) 2007
Microsoft Office Language Pack 2007 - Swedish/svenska
Microsoft Office O MUI (Swedish) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office OneNote MUI (Swedish) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office Outlook MUI (Swedish) 2007
Microsoft Office Powerpoint 2007 Help Uppdatering (KB963669)
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (Swedish) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (Finnish) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Swedish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (Swedish) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Publisher MUI (Swedish) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (Swedish) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
Microsoft Office SharePoint Designer MUI (Swedish) 2007
Microsoft Office Word 2007 Help Uppdatering (KB963665)
Microsoft Office Word MUI (English) 2007
Microsoft Office Word MUI (Swedish) 2007
Microsoft Office X MUI (Swedish) 2007
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MONOGRAM AMR Splitter/Decoder (remove only)
Mozilla Firefox 10.0 (x86 sv-SE)
MSVC80_x86_v2
Native Instruments B4 II
Native Instruments FM8
Native Instruments Pro52 v2.2
Native Instruments Traktor 2
NICE-EQ-VST-TUBE-FREE-DEMO Nice-EQ-TUBE-FREE
NirSoft RegScanner
NVIDIA 3D Vision Controller Driver
NVIDIA 3D Vision Controller Driver 280.19
NVIDIA 3D Vision Driver 311.06
NVIDIA Control Panel 311.06
NVIDIA Display Control Panel
NVIDIA Graphics Driver 311.06
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.10.0514
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.11.3
NVIDIA Update Components
Ohm Force - Ohmicide VST
OpenSource AVI Splitter (remove only)
OpenSource DTS/AC3/DD+ Source Filter (remove only)
OpenSource Flash Video Splitter (remove only)
PCM Native Reverb Bundle
PDF Settings CS5
Phoscyon 1.8.0
PhotoKit Sharpener Plug-in Module
Pianoteq v2.2.0
PoiZone
ProAudioDSP Dynamic Spectrum Mapper VST RTAS v1.3.2
Prophet-V2 2.0
PSP oldTimer 32bit
PSP VintageWarmer2 2.3.1 32bit
PureSync
PureSync 3.1.5
PVSonyDll
Raw Therapee V4.0.9.50 x86
RealMedia (remove only)
REAPER
RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
Rob Papen Albino 3
Rosetta Stone Version 3
Sakura
Sawer
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition 
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition 
SHOUTcast Source (remove only)
Softube FET Compressor VST RTAS v1.0.3
Softube Spring Reverb VST RTAS v1.0.4
Softube Trident A-Range VST RTAS v1.0.2
Softube Tube-Tech CL 1B VST RTAS v1.0.3
Softube Tube-Tech PE 1C VST RTAS v1.0.1
Softube Tube Delay VST RTAS v1.0.5
Softube Valley People Dyna-mite VST RTAS v1.0.3
Softube Vintage Amp Room VST RTAS v1.0.8
Sonalksis Plug-Ins for Windows 2.04
Sonic Charge Bitspeek VST v1.0
Sonic Charge Synplant 1.0
Sonnox Oxford Inflator Native VST v1.5.1
Sonnox Oxford Limiter Native VST v1.1.1
SpinAudio RoomVerb M2 v2.1.152
SPL Analog Code Transient Designer VST RTAS v1.3
Steinberg Cubase 5
Steinberg Cubase SX 3
Steinberg Drum Loop Expansion 01
Steinberg Groove Agent ONE Content
Steinberg HALion VSTi DXi v3.5
Steinberg HALionOne
Steinberg HALionOne Additional Content Set 01
Steinberg HALionOne Expression Set
Steinberg HALionOne GM Drum Set
Steinberg HALionOne GM Set
Steinberg HALionOne Pro Set
Steinberg HALionOne Studio Drum Set
Steinberg HALionOne Studio Set
Steinberg LoopMash Content
Steinberg REVerence Content 01
Steinberg SKI Remote
StormGate1 1.0c
Sylenth1 v2.20
SyncroSoft Emu (Remove only)
Syntorus 1.0.0
T-RackS 1.x
T-RackS 3 Deluxe
Toraverb
Total Audio MP3 Converter v2.3 build 1037
Toxic Biohazard
TP-LINK Wireless Client Utility
Tweaking.com - Windows Repair (All in One)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760586) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
WAV MP3 Converter 4.2 Build 1259
WaveLab 6
Waves Complete v8.0.11
Wibu Emu driver v1.0
Windows Installer Clean Up
WinPcap 4.1.1
WinRAR archiver
VirSyn VTAPE VST RTAS v1.3.0
Visual Studio 2012 x86 Redistributables
VLC media player 1.1.11
Zoom Player (remove only)
.
==== Event Viewer Messages From Past Week ========
.
2013-12-11 12:56:56, Error: Service Control Manager [7038]  - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:  Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
2013-12-11 12:56:56, Error: Service Control Manager [7000]  - The NVIDIA Update Service Daemon service failed to start due to the following error:  The service did not start due to a logon failure.
2013-12-11 12:54:49, Error: Service Control Manager [7000]  - The Nsynas32 service failed to start due to the following error:  The system cannot find the device specified.
2013-12-11 12:54:46, Error: Service Control Manager [7000]  - The Microsoft Antimalware Service service failed to start due to the following error:  The system cannot find the file specified.
2013-12-11 12:53:23, Error: Microsoft-Windows-HAL [12]  - The platform firmware has corrupted memory across the previous system power transition.  Please check for updated firmware for your system.
2013-12-11 12:47:13, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{be7c11e4-cf2d-11df-8898-806e6f6e6963}\System Volume Information\SystemRestore\New-system' was corrupted and it has been recovered. Some data might have been lost.
2013-12-11 12:45:28, Error: VDS Basic Provider [1]  - Unexpected failure. Error code: 490@01010004
2013-12-11 11:56:45, Error: Service Control Manager [7001]  - The Remote Access Connection Manager service depends on the Secure Socket Tunneling Protocol Service service which failed to start because of the following error:  The operation completed successfully.
2013-12-11 11:56:45, Error: Service Control Manager [7001]  - The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error:  The dependency service or group failed to start.
2013-12-11 11:13:09, Error: Service Control Manager [7034]  - The Windows Event Log service terminated unexpectedly.  It has done this 3 time(s).
2013-12-11 11:13:09, Error: Service Control Manager [7023]  - The Windows Event Log service terminated with the following error:  The instance name passed was not recognized as valid by a WMI data provider.
2013-12-11 11:13:09, Error: Microsoft-Windows-Eventlog [22]  - The event logging service encountered an error while initializing publishing resources for channel Application. If channel type is Analytic or Debug, then this could mean there was an error initializing logging resources as well.
2013-12-11 11:11:09, Error: Service Control Manager [7031]  - The Windows Event Log service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
2013-12-11 11:10:09, Error: Service Control Manager [7031]  - The Windows Event Log service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
2013-12-11 10:29:09, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 4.5.1 for Windows 7 (KB2858725).
2013-12-11 10:09:52, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.163.1607.0).
2013-12-11 00:12:11, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Silverlight (KB2890788).
2013-12-10 22:17:57, Error: volsnap [36]  - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
2013-12-10 22:07:25, Error: Service Control Manager [7031]  - The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
.
==== End Of File ===========================
 

 

Link to post
Share on other sites

  • Root Admin

Please go ahead and run through the following steps and post back the logs when ready.

STEP 03
Please download Malwarebytes Anti-Rootkit from here

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

STEP 04
Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus



STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.


Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.


STEP 06
button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

    [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.



STEP 07
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.


 

Link to post
Share on other sites

  • 3 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.