Jump to content

Virus in robots trap?


qim

Recommended Posts

Hi

 

I am sorry to come back so soon after

 

https://forums.malwarebytes.org/index.php?showtopic=142423#entry794609

 

but something strange happened that left me worried.

 

I saw and decided to implement a robots trap in my website, following the instructions in http://www.fleiner.com/bots/

 

I googled and did not find anything negative against this site, and it was even listed in an acabdemic lecture. So, I started by creatinf a file in my website called index.shtml in a sub-folder that is denied by my normal robots.txt. But as soon as I pasted the code in the file something unexpected happened: a webpage withat content opened up on the screen. I deleted the code immediately and left the empty file.

 

The code, which is in itself strange as it does not have closing </htll> and </head> is this:

<html><head><title>You are a bad netizen if you are a web bot!</title>   <body><h1><b>You are a bad netizen if you are a web bot!</h1></b> <!--#config timefmt="%y%j%H%M%S" --> <!--  of date string --> <!--#exec  cmd="sleep 20" --> <!-- make this page sloooow to load -->  To give robots some work here some special links:  these are <a href=a<!--#echo var="DATE_GMT" -->.html>some links</a>  to this <a href=b<!--#echo var="DATE_GMT" -->.html>very page</a>  but with <a href=c<!--#echo var="DATE_GMT" -->.html>different names</a>

I never went on to place the code the .htaccess.

 

 

I looked again at our last thread where you asked me to run ComoFix. As that was left pending I decided (perhaps wrongly) to go ahead. It took ages at two stages I thought it had crashed and was syuck for ever. But it did finish and produced the following log.

 

ComboFix 14-02-20.01 - qimi 22/02/2014  11:13:01.2.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.351.1033.18.6056.2988 [GMT 1:00]
Executando de: c:\users\qimi\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((   Arquivos/Ficheiros criados de 2014-01-22 to 2014-02-22  ))))))))))))))))))))))))))))
.
.
2014-02-22 10:24 . 2014-02-22 10:24 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-02-22 10:24 . 2014-02-22 10:24 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-02-22 10:24 . 2014-02-22 10:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-22 10:24 . 2014-02-22 10:24 -------- d-----w- c:\users\Camilo\AppData\Local\temp
2014-02-21 08:37 . 2014-02-06 09:01 10536864 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FE25E906-CA05-4207-90AD-7510BE60655C}\mpengine.dll
2014-02-21 07:55 . 2014-02-06 09:01 10536864 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-02-20 05:51 . 2014-02-20 05:51 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CA1BA9E1-EC41-4B37-9E36-D5E0A15980EA}\gapaengine.dll
2014-02-18 11:58 . 2014-02-18 12:42 -------- d-----w- C:\System Backup
2014-02-18 11:49 . 2014-02-20 21:40 1024 ---ha-w- C:\SYSTAG.BIN
2014-02-18 11:49 . 2014-02-18 11:49 -------- d-----w- c:\programdata\AomeiBR
2014-02-18 11:48 . 2013-05-07 13:27 30648 ----a-w- c:\windows\system32\ambakdrv.sys
2014-02-18 11:48 . 2013-05-07 13:27 151480 ----a-w- c:\windows\system32\ammntdrv.sys
2014-02-18 11:48 . 2013-02-06 14:52 17848 ----a-w- c:\windows\system32\amwrtdrv.sys
2014-02-18 11:48 . 2014-02-20 21:40 -------- d-----w- c:\program files (x86)\AOMEI Backupper
2014-02-18 06:29 . 2013-10-18 10:27 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E41936F0-4ADA-42A7-BB17-8F59ADA142A9}\gapaengine.dll
2014-02-17 11:37 . 2014-02-17 11:37 -------- d-----w- c:\program files (x86)\Western Digital Corporation
2014-02-17 07:07 . 2014-02-17 07:10 -------- d-----w- C:\FRST
2014-02-15 11:39 . 2014-02-15 11:39 -------- d-----w- C:\boot
2014-02-15 11:39 . 2014-02-15 11:39 -------- d-----w- c:\program files\Macrium
2014-02-15 11:31 . 2014-02-15 11:35 -------- d-----w- c:\programdata\Macrium
2014-02-15 10:39 . 2014-02-15 10:39 -------- d-----w- c:\programdata\Package Cache
2014-02-15 10:39 . 2014-02-15 10:39 -------- d-----w- c:\program files (x86)\Seagate
2014-02-12 06:28 . 2013-12-06 02:30 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-02-11 13:40 . 2014-02-11 13:40 -------- d-----w- c:\windows\Hewlett-Packard
2014-02-09 09:02 . 2014-02-09 09:02 -------- d-----w- c:\users\qimi\AppData\Roaming\Opera Software
2014-02-09 09:02 . 2014-02-09 09:02 -------- d-----w- c:\users\qimi\AppData\Local\Opera Software
2014-02-07 15:36 . 2014-02-10 10:41 -------- d-----w- c:\windows\ERUNT
2014-02-07 05:08 . 2014-02-07 05:25 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-02-07 05:06 . 2014-02-07 05:06 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-02-06 09:20 . 2014-02-06 09:20 -------- d-----w- c:\program files (x86)\ERUNT
2014-02-05 15:11 . 2014-02-08 18:30 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2014-02-04 11:25 . 2014-02-04 11:25 -------- d-----w- c:\program files\Hewlett-Packard
2014-02-03 12:30 . 2014-02-03 12:30 -------- d-----w- c:\program files\Inpaint
2014-01-23 15:23 . 2013-12-18 20:09 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-21 08:42 . 2012-09-26 19:29 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-21 08:42 . 2012-09-26 19:29 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-12 07:10 . 2012-04-15 14:18 88567024 ----a-w- c:\windows\system32\MRT.exe
2014-01-19 07:33 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2013-11-27 01:41 . 2014-01-15 14:20 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-11-27 01:41 . 2014-01-15 14:20 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-11-27 01:41 . 2014-01-15 14:20 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-11-27 01:41 . 2014-01-15 14:20 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-11-27 01:41 . 2014-01-15 14:20 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-11-27 01:41 . 2014-01-15 14:20 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-11-27 01:41 . 2014-01-15 14:20 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-11-26 11:40 . 2014-01-15 14:20 376768 ----a-w- c:\windows\system32\drivers\netio.sys
2013-11-26 10:32 . 2014-01-15 14:20 3156480 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"POP Peeper"="c:\program files (x86)\POP Peeper\POPPeeper.exe" [2011-11-16 1613824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
.
c:\users\qimi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Ink Alerts - HP Deskjet 1510 series.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Deskjet 1510 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN3A81HPJJ05YR;CONNECTION=USB;MONITOR=1; [2009-7-14 45568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AMPPALP;Intel® Centrino® Bluetooth 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 OXSDIDRV_x64;Oxford Semi eSATA Filter (x64);c:\windows\system32\DRIVERS\OXSDIDRV_x64.sys;c:\windows\SYSNATIVE\DRIVERS\OXSDIDRV_x64.sys [x]
R3 OXUDIDRV;OXUDIDRV;c:\windows\system32\Drivers\OXUDIDRV_X64.sys;c:\windows\SYSNATIVE\Drivers\OXUDIDRV_X64.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe;c:\windows\SYSNATIVE\SUPDSvc.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 ambakdrv;ambakdrv;c:\windows\system32\ambakdrv.sys;c:\windows\SYSNATIVE\ambakdrv.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 ammntdrv;ammntdrv;c:\windows\system32\ammntdrv.sys;c:\windows\SYSNATIVE\ammntdrv.sys [x]
S2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 amwrtdrv;amwrtdrv;c:\windows\system32\amwrtdrv.sys;c:\windows\SYSNATIVE\amwrtdrv.sys [x]
S2 Apache2.2;Apache2.2;c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe;c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe [x]
S2 Backupper Service;AOMEI Backupper Scheduler Service;c:\program files (x86)\AOMEI Backupper\ABService.exe;c:\program files (x86)\AOMEI Backupper\ABService.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 KSS;Kaspersky Security Scan Service;c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [x]
S2 MySQL56;MySQL56;c:\program files\MySQL\MySQL Server 5.6\bin\mysqld --defaults-file=c:\programdata\MySQL\MySQL Server 5.6\my.ini MySQL56;c:\program files\MySQL\MySQL Server 5.6\bin\mysqld --defaults-file=c:\programdata\MySQL\MySQL Server 5.6\my.ini MySQL56 [x]
S2 ReflectService.exe;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe;c:\program files\Macrium\Reflect\ReflectService.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 AMPPAL;Intel® Centrino® Bluetooth 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-22 05:42 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2014-02-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-26 08:42]
.
2014-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-25 16:28]
.
2014-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-25 16:28]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-25 11895400]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-07 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-07 391960]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-07 418584]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-03-30 10372368]
"IntelTBRunOnce"="wscript.exe" [2013-10-12 168960]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
.
------- Scan Suplementar -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.co.uk/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\qimi\AppData\Roaming\Mozilla\Firefox\Profiles\0hj8uk30.default-1391934873739\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORFÃOS REMOVIDOS - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MySQL56]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.6\bin\mysqld\" --defaults-file=\"c:\programdata\MySQL\MySQL Server 5.6\my.ini\" MySQL56"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tempo para conclusão: 2014-02-22  11:40:42
ComboFix-quarantined-files.txt  2014-02-22 10:40
ComboFix2.txt  2014-02-12 17:06
.
Pré-execução: 404,355,129,344 bytes free
Pós execução: 404,307,132,416 bytes free
.
- - End Of File - - 26D9A94C89FB2E43D2B4D397C07196DB

 

ComboFix 14-02-20.01 - qimi 22/02/2014  11:13:01.2.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.351.1033.18.6056.2988 [GMT 1:00]
Executando de: c:\users\qimi\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((   Arquivos/Ficheiros criados de 2014-01-22 to 2014-02-22  ))))))))))))))))))))))))))))
.
.
2014-02-22 10:24 . 2014-02-22 10:24 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-02-22 10:24 . 2014-02-22 10:24 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-02-22 10:24 . 2014-02-22 10:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-22 10:24 . 2014-02-22 10:24 -------- d-----w- c:\users\Camilo\AppData\Local\temp
2014-02-21 08:37 . 2014-02-06 09:01 10536864 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FE25E906-CA05-4207-90AD-7510BE60655C}\mpengine.dll
2014-02-21 07:55 . 2014-02-06 09:01 10536864 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-02-20 05:51 . 2014-02-20 05:51 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CA1BA9E1-EC41-4B37-9E36-D5E0A15980EA}\gapaengine.dll
2014-02-18 11:58 . 2014-02-18 12:42 -------- d-----w- C:\System Backup
2014-02-18 11:49 . 2014-02-20 21:40 1024 ---ha-w- C:\SYSTAG.BIN
2014-02-18 11:49 . 2014-02-18 11:49 -------- d-----w- c:\programdata\AomeiBR
2014-02-18 11:48 . 2013-05-07 13:27 30648 ----a-w- c:\windows\system32\ambakdrv.sys
2014-02-18 11:48 . 2013-05-07 13:27 151480 ----a-w- c:\windows\system32\ammntdrv.sys
2014-02-18 11:48 . 2013-02-06 14:52 17848 ----a-w- c:\windows\system32\amwrtdrv.sys
2014-02-18 11:48 . 2014-02-20 21:40 -------- d-----w- c:\program files (x86)\AOMEI Backupper
2014-02-18 06:29 . 2013-10-18 10:27 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E41936F0-4ADA-42A7-BB17-8F59ADA142A9}\gapaengine.dll
2014-02-17 11:37 . 2014-02-17 11:37 -------- d-----w- c:\program files (x86)\Western Digital Corporation
2014-02-17 07:07 . 2014-02-17 07:10 -------- d-----w- C:\FRST
2014-02-15 11:39 . 2014-02-15 11:39 -------- d-----w- C:\boot
2014-02-15 11:39 . 2014-02-15 11:39 -------- d-----w- c:\program files\Macrium
2014-02-15 11:31 . 2014-02-15 11:35 -------- d-----w- c:\programdata\Macrium
2014-02-15 10:39 . 2014-02-15 10:39 -------- d-----w- c:\programdata\Package Cache
2014-02-15 10:39 . 2014-02-15 10:39 -------- d-----w- c:\program files (x86)\Seagate
2014-02-12 06:28 . 2013-12-06 02:30 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-02-11 13:40 . 2014-02-11 13:40 -------- d-----w- c:\windows\Hewlett-Packard
2014-02-09 09:02 . 2014-02-09 09:02 -------- d-----w- c:\users\qimi\AppData\Roaming\Opera Software
2014-02-09 09:02 . 2014-02-09 09:02 -------- d-----w- c:\users\qimi\AppData\Local\Opera Software
2014-02-07 15:36 . 2014-02-10 10:41 -------- d-----w- c:\windows\ERUNT
2014-02-07 05:08 . 2014-02-07 05:25 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-02-07 05:06 . 2014-02-07 05:06 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-02-06 09:20 . 2014-02-06 09:20 -------- d-----w- c:\program files (x86)\ERUNT
2014-02-05 15:11 . 2014-02-08 18:30 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2014-02-04 11:25 . 2014-02-04 11:25 -------- d-----w- c:\program files\Hewlett-Packard
2014-02-03 12:30 . 2014-02-03 12:30 -------- d-----w- c:\program files\Inpaint
2014-01-23 15:23 . 2013-12-18 20:09 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-21 08:42 . 2012-09-26 19:29 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-21 08:42 . 2012-09-26 19:29 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-12 07:10 . 2012-04-15 14:18 88567024 ----a-w- c:\windows\system32\MRT.exe
2014-01-19 07:33 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2013-11-27 01:41 . 2014-01-15 14:20 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-11-27 01:41 . 2014-01-15 14:20 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-11-27 01:41 . 2014-01-15 14:20 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-11-27 01:41 . 2014-01-15 14:20 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-11-27 01:41 . 2014-01-15 14:20 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-11-27 01:41 . 2014-01-15 14:20 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-11-27 01:41 . 2014-01-15 14:20 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-11-26 11:40 . 2014-01-15 14:20 376768 ----a-w- c:\windows\system32\drivers\netio.sys
2013-11-26 10:32 . 2014-01-15 14:20 3156480 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"POP Peeper"="c:\program files (x86)\POP Peeper\POPPeeper.exe" [2011-11-16 1613824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
.
c:\users\qimi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Ink Alerts - HP Deskjet 1510 series.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Deskjet 1510 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN3A81HPJJ05YR;CONNECTION=USB;MONITOR=1; [2009-7-14 45568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableSecureUIAPath"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AMPPALP;Intel® Centrino® Bluetooth 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 OXSDIDRV_x64;Oxford Semi eSATA Filter (x64);c:\windows\system32\DRIVERS\OXSDIDRV_x64.sys;c:\windows\SYSNATIVE\DRIVERS\OXSDIDRV_x64.sys [x]
R3 OXUDIDRV;OXUDIDRV;c:\windows\system32\Drivers\OXUDIDRV_X64.sys;c:\windows\SYSNATIVE\Drivers\OXUDIDRV_X64.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe;c:\windows\SYSNATIVE\SUPDSvc.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 ambakdrv;ambakdrv;c:\windows\system32\ambakdrv.sys;c:\windows\SYSNATIVE\ambakdrv.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 ammntdrv;ammntdrv;c:\windows\system32\ammntdrv.sys;c:\windows\SYSNATIVE\ammntdrv.sys [x]
S2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 amwrtdrv;amwrtdrv;c:\windows\system32\amwrtdrv.sys;c:\windows\SYSNATIVE\amwrtdrv.sys [x]
S2 Apache2.2;Apache2.2;c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe;c:\program files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe [x]
S2 Backupper Service;AOMEI Backupper Scheduler Service;c:\program files (x86)\AOMEI Backupper\ABService.exe;c:\program files (x86)\AOMEI Backupper\ABService.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 KSS;Kaspersky Security Scan Service;c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [x]
S2 MySQL56;MySQL56;c:\program files\MySQL\MySQL Server 5.6\bin\mysqld --defaults-file=c:\programdata\MySQL\MySQL Server 5.6\my.ini MySQL56;c:\program files\MySQL\MySQL Server 5.6\bin\mysqld --defaults-file=c:\programdata\MySQL\MySQL Server 5.6\my.ini MySQL56 [x]
S2 ReflectService.exe;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe;c:\program files\Macrium\Reflect\ReflectService.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 AMPPAL;Intel® Centrino® Bluetooth 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-22 05:42 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2014-02-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-26 08:42]
.
2014-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-25 16:28]
.
2014-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-25 16:28]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-25 11895400]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-07 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-07 391960]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-07 418584]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-03-30 10372368]
"IntelTBRunOnce"="wscript.exe" [2013-10-12 168960]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
.
------- Scan Suplementar -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.co.uk/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\qimi\AppData\Roaming\Mozilla\Firefox\Profiles\0hj8uk30.default-1391934873739\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORFÃOS REMOVIDOS - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MySQL56]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.6\bin\mysqld\" --defaults-file=\"c:\programdata\MySQL\MySQL Server 5.6\my.ini\" MySQL56"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tempo para conclusão: 2014-02-22  11:40:42
ComboFix-quarantined-files.txt  2014-02-22 10:40
ComboFix2.txt  2014-02-12 17:06
.
Pré-execução: 404,355,129,344 bytes free
Pós execução: 404,307,132,416 bytes free
.
- - End Of File - - 26D9A94C89FB2E43D2B4D397C07196DB
 

 

IF you don't think rthere is nothing wrong with that site, I apologize and, please, ignore this request.

 

Thank you

 

 

 

 

Link to post
Share on other sites

Sorry; i forgot to add the dds flogs:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16533
Run by qimi at 20:55:50 on 2014-02-22
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.351.1033.18.6056.3795 [GMT 1:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\windows\system32\nvvsvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files (x86)\AOMEI Backupper\ABService.exe
C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\POP Peeper\POPPeeper.exe
C:\windows\system32\RunDll32.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe
C:\windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe
C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_70_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
EB: IE Developer Toolbar: {A202B231-EF71-4a08-BDB9-4CE5AE8BDE0A} - C:\Program Files (x86)\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
uRun: [POP Peeper] "C:\Program Files (x86)\POP Peeper\POPPeeper.exe" -min
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
StartupFolder: C:\Users\qimi\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\windows\System32\RunDll32.exe
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: EnableSecureUIAPath = dword:1
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
IE: {328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
IE: {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - {CC962137-2E78-4F94-975E-FC0C07DBD78F} - C:\Program Files (x86)\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}



TCP: NameServer = 192.168.1.1
TCP: Interfaces\{18DBC74A-DE0D-4804-B59B-7EE2A2B67458} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B4115DE2-7658-4EBB-B11F-9B5E21E13BCB} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{B4115DE2-7658-4EBB-B11F-9B5E21E13BCB}\1456E616F5B4572696 : DHCPNameServer = 10.81.224.1
TCP: Interfaces\{B4115DE2-7658-4EBB-B11F-9B5E21E13BCB}\2656C6B696E6E233369346 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{B4115DE2-7658-4EBB-B11F-9B5E21E13BCB}\64F4E4F5A5F4E4F564255454F594E4455425E45445 : DHCPNameServer = 192.168.3.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [bTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
x64-Notify: igfxcui - igfxdev.dll
x64-mASetup: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\windows\System32\ieudinit.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\qimi\AppData\Roaming\Mozilla\Firefox\Profiles\0hj8uk30.default-1391934873739\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll
.
============= SERVICES / DRIVERS ===============
.
R0 ambakdrv;ambakdrv;C:\windows\System32\ambakdrv.sys [2014-2-18 30648]
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R0 nvpciflt;nvpciflt;C:\windows\System32\drivers\nvpciflt.sys [2012-10-25 30056]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\windows\System32\drivers\SABI.sys [2011-9-6 13824]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 ammntdrv;ammntdrv;C:\windows\System32\ammntdrv.sys [2014-2-18 151480]
R2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-4-21 1136640]
R2 amwrtdrv;amwrtdrv;C:\windows\System32\amwrtdrv.sys [2014-2-18 17848]
R2 Apache2.2;Apache2.2;C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe [2012-1-28 20549]
R2 Backupper Service;AOMEI Backupper Scheduler Service;C:\Program Files (x86)\AOMEI Backupper\ABService.exe [2014-2-18 29912]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-3-30 923984]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-3-30 1001808]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-4-21 134928]
R2 KSS;Kaspersky Security Scan Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2012-4-25 202296]
R2 MySQL56;MySQL56;"C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld" --defaults-file="C:\ProgramData\MySQL\MySQL Server 5.6\my.ini" MySQL56 --> C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld [?]
R2 ReflectService.exe;Macrium Reflect Image Mounting Service;C:\Program Files\Macrium\Reflect\ReflectService.exe [2014-1-24 1142768]
R2 TurboB;Turbo Boost UI Monitor driver;C:\windows\System32\drivers\TurboB.sys [2010-10-8 19192]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-9-6 2656536]
R3 AMPPAL;Intel® Centrino® Bluetooth 3.0 + High Speed Virtual Adapter;C:\windows\System32\drivers\AmpPal.sys [2011-4-21 294912]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-3-30 1321296]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\windows\System32\drivers\btmaux.sys [2011-3-8 51712]
R3 btmhsf;btmhsf;C:\windows\System32\drivers\btmhsf.sys [2011-11-15 327168]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2010-11-10 31088]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2011-9-6 138024]
R3 iBtFltCoex;iBtFltCoex;C:\windows\System32\drivers\iBtFltCoex.sys [2011-12-9 60416]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-9-6 317440]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-9-6 471144]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 AMPPALP;Intel® Centrino® Bluetooth 3.0 + High Speed Protocol;C:\windows\System32\drivers\AmpPal.sys [2011-4-21 294912]
S3 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2012-3-20 134944]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
S3 OXSDIDRV_x64;Oxford Semi eSATA Filter (x64);C:\windows\System32\drivers\OXSDIDRV_x64.sys [2009-9-28 51760]
S3 OXUDIDRV;OXUDIDRV;C:\windows\System32\drivers\OXUDIDRV_x64.sys [2013-11-12 31280]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2012-11-3 19456]
S3 Samsung UPD Service;Samsung UPD Service;C:\windows\System32\SUPDSvc.exe [2011-9-6 166704]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2013-11-15 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2012-11-3 30208]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-10-8 150016]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-4-14 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
ShellExec: Opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2014-02-22 19:47:02 -------- d-sh--w- C:\$RECYCLE.BIN
2014-02-22 11:30:16 10536864 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E1F3E4C8-1325-4467-A345-2724BCCA9182}\mpengine.dll
2014-02-22 10:43:39 10536864 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-02-20 05:51:40 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CA1BA9E1-EC41-4B37-9E36-D5E0A15980EA}\gapaengine.dll
2014-02-18 11:58:52 -------- d-----w- C:\System Backup
2014-02-18 11:49:21 1024 ---ha-w- C:\SYSTAG.BIN
2014-02-18 11:49:19 -------- d-----w- C:\ProgramData\AomeiBR
2014-02-18 11:48:57 30648 ----a-w- C:\windows\System32\ambakdrv.sys
2014-02-18 11:48:57 17848 ----a-w- C:\windows\System32\amwrtdrv.sys
2014-02-18 11:48:57 151480 ----a-w- C:\windows\System32\ammntdrv.sys
2014-02-18 11:48:50 -------- d-----w- C:\Program Files (x86)\AOMEI Backupper
2014-02-17 11:37:21 -------- d-----w- C:\Program Files (x86)\Western Digital Corporation
2014-02-17 07:07:49 -------- d-----w- C:\FRST
2014-02-15 11:39:46 -------- d-----w- C:\boot
2014-02-15 11:39:01 -------- d-----w- C:\Program Files\Macrium
2014-02-15 11:31:23 -------- d-----w- C:\ProgramData\Macrium
2014-02-15 10:39:32 -------- d-----w- C:\ProgramData\Package Cache
2014-02-15 10:39:17 -------- d-----w- C:\Program Files (x86)\Seagate
2014-02-12 07:04:47 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-02-12 06:28:54 2048 ----a-w- C:\windows\SysWow64\msxml3r.dll
2014-02-11 13:40:54 -------- d-----w- C:\windows\Hewlett-Packard
2014-02-09 09:02:22 -------- d-----w- C:\Users\qimi\AppData\Roaming\Opera Software
2014-02-09 09:02:22 -------- d-----w- C:\Users\qimi\AppData\Local\Opera Software
2014-02-07 15:36:50 -------- d-----w- C:\windows\ERUNT
2014-02-07 05:08:52 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-07 05:06:05 91352 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2014-02-03 12:30:42 -------- d-----w- C:\Program Files\Inpaint
.
==================== Find3M  ====================
.
2014-02-21 08:42:23 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-21 08:42:23 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-02-05 10:00:21 2334720 ----a-w- C:\windows\System32\jscript9.dll
2014-02-05 09:54:06 1392128 ----a-w- C:\windows\System32\wininet.dll
2014-02-05 09:52:51 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2014-02-05 09:51:59 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2014-02-05 09:51:52 599040 ----a-w- C:\windows\System32\vbscript.dll
2014-02-05 09:50:40 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2014-02-05 08:56:17 1806848 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-02-05 08:50:39 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2014-02-05 08:49:56 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-02-05 08:48:40 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-02-05 08:48:27 421376 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-01-19 07:33:29 270496 ------w- C:\windows\System32\MpSigStub.exe
2013-12-24 23:09:41 1987584 ----a-w- C:\windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32 2565120 ----a-w- C:\windows\System32\d3d10warp.dll
2013-12-18 20:09:39 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-06 02:30:08 2048 ----a-w- C:\windows\System32\msxml3r.dll
2013-12-06 02:30:08 1882112 ----a-w- C:\windows\System32\msxml3.dll
2013-12-06 02:02:08 1237504 ----a-w- C:\windows\SysWow64\msxml3.dll
2013-12-04 02:27:33 485888 ----a-w- C:\windows\System32\secproc_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\windows\System32\secproc_ssp_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\windows\System32\secproc_ssp.dll
2013-12-04 02:27:16 488448 ----a-w- C:\windows\System32\secproc.dll
2013-12-04 02:26:32 528384 ----a-w- C:\windows\System32\msdrm.dll
2013-12-04 02:16:51 658432 ----a-w- C:\windows\System32\RMActivate_isv.exe
2013-12-04 02:16:51 626176 ----a-w- C:\windows\System32\RMActivate.exe
2013-12-04 02:16:50 552960 ----a-w- C:\windows\System32\RMActivate_ssp_isv.exe
2013-12-04 02:16:48 553984 ----a-w- C:\windows\System32\RMActivate_ssp.exe
2013-12-04 02:03:20 87040 ----a-w- C:\windows\SysWow64\secproc_ssp_isv.dll
2013-12-04 02:03:20 87040 ----a-w- C:\windows\SysWow64\secproc_ssp.dll
2013-12-04 02:03:20 423936 ----a-w- C:\windows\SysWow64\secproc_isv.dll
2013-12-04 02:03:08 428032 ----a-w- C:\windows\SysWow64\secproc.dll
2013-12-04 02:02:06 390144 ----a-w- C:\windows\SysWow64\msdrm.dll
2013-12-04 01:54:14 510976 ----a-w- C:\windows\SysWow64\RMActivate_ssp.exe
2013-12-04 01:54:10 594944 ----a-w- C:\windows\SysWow64\RMActivate_isv.exe
2013-12-04 01:54:09 572416 ----a-w- C:\windows\SysWow64\RMActivate.exe
2013-12-04 01:54:06 508928 ----a-w- C:\windows\SysWow64\RMActivate_ssp_isv.exe
2013-11-27 01:41:37 343040 ----a-w- C:\windows\System32\drivers\usbhub.sys
2013-11-27 01:41:15 99840 ----a-w- C:\windows\System32\drivers\usbccgp.sys
2013-11-27 01:41:11 53248 ----a-w- C:\windows\System32\drivers\usbehci.sys
2013-11-27 01:41:11 325120 ----a-w- C:\windows\System32\drivers\usbport.sys
2013-11-27 01:41:09 25600 ----a-w- C:\windows\System32\drivers\usbohci.sys
2013-11-27 01:41:06 30720 ----a-w- C:\windows\System32\drivers\usbuhci.sys
2013-11-27 01:41:03 7808 ----a-w- C:\windows\System32\drivers\usbd.sys
2013-11-26 23:29:48 5693440 ----a-w- C:\windows\SysWow64\mstscax.dll
2013-11-26 22:49:20 6573056 ----a-w- C:\windows\System32\mstscax.dll
2013-11-26 11:40:00 376768 ----a-w- C:\windows\System32\drivers\netio.sys
2013-11-26 10:32:56 3156480 ----a-w- C:\windows\System32\win32k.sys
2013-11-26 08:16:50 3419136 ----a-w- C:\windows\SysWow64\d2d1.dll
.
============= FINISH: 20:56:36.68 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 14/04/2012 02:53:47
System Uptime: 22/02/2014 20:46:06 (0 hours ago)
.
Motherboard: SAMSUNG ELECTRONICS CO., LTD. |  | RC530/RC730
Processor: Intel® Core i7-2670QM CPU @ 2.20GHz | CPU 1 | 2201/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 500 GiB total, 382.685 GiB free.
D: is FIXED (NTFS) - 408 GiB total, 285.933 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP441: 22/02/2014 12:30:03 - ComboFix created restore point
.
==== Installed Programs ======================
.
?? ??? ?? Windows Live Mesh ActiveX ???
??? ActiveX ?? Windows Live Mesh ???? ??????? ???????
???? ??? Windows Live
???? ???? ActiveX ????? ?? Windows Live Mesh ????????? ???????
???? Windows Live
????? Windows Live
?????? ??????? ?? Windows Live
??????? ?????????? Windows Live Mesh ActiveX ??? ????????? ???????????
??????? Windows Live Mesh ActiveX ??(????)
??????? Windows Live Mesh ActiveX ???
???????? ?????????? Windows Live
????????? ActiveX ?? Windows Live Mesh ????????????????????????? (???)
?????????? Windows Live
??????????? ?? Windows Live
ActiveState Komodo Edit 8.0.1
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh
ActiveX ???????? ?? Windows Live Mesh ?? ?????????? ??????
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader XI (11.0.06)
Adobe Shockwave Player 12.0
Agatha Christie - Death on the Nile
AOMEI Backupper
Apache HTTP Server 2.2.22
Apple Application Support
Apple Software Update
„Windows Live Essentials“
„Windows Live Mail“
„Windows Live Mesh ActiveX“ nuotoliniu ryšiu valdiklis
„Windows Live Messenger“
„Windows Live“ fotogalerija
BatteryLifeExtender
Bejeweled 2 Deluxe
Belkin Setup and Router Monitor
Build-a-lot
Bullzip PDF Printer 9.3.0.1516
ChargeableUSB
Chime/Chime Pro for Internet Explorer
Chuzzle Deluxe
Compatibility Pack for the 2007 Office system
Contrôle ActiveX Windows Live Mesh pour connexions à distance
Control ActiveX de Windows Live Mesh para conexiones remotas
Control ActiveX Windows Live Mesh pentru conexiuni la distan?a
Controle ActiveX do Windows Live Mesh para Conexões Remotas
Controlo ActiveX do Windows Live Mesh para Ligações Remotas
CyberLink Media Suite
CyberLink Media+ Player10
CyberLink MediaShow
CyberLink Power2Go
CyberLink PowerDirector
CyberLink YouCam
D3DX10
Data Lifeguard Diagnostic for Windows 1.25
Diner Dash 2 Restaurant Rescue
dnGREP 2.7.1 (x64)
Easy Content Share
Easy Display Manager
Easy Migration
Easy Network Manager
Easy SpeedUp Manager
EasyBatteryManager
EasyFileShare
ERUNT 1.1j
ESET Online Scanner v3
ETDWare PS/2-X64 8.0.7.2_WHQL
Farm Frenzy
Fast Start
FileZilla Client 3.7.3
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsluge polaczen zdalnych
Fotogalerija Windows Live
Free CSS Toolbox 1.2
Galeria de Fotografias do Windows Live
Galeria fotografii uslugi Windows Live
Galerie de photos Windows Live
Galerie foto Windows Live
Galería fotográfica de Windows Live
GIMP 2.8.4
Google Chrome
Google Update Helper
HP Deskjet 1510 series Basic Device Software
HP Deskjet 1510 series Help
HP FWUpdateEDO2
HP Photo Creations
hp print screen utility
HP Update
HTML-Kit Tools
Inpaint 5.6
Insaniquarium Deluxe
Intel PROSet Wireless
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® PROSet/Wireless for Bluetooth® 3.0 + High Speed
Intel® PROSet/Wireless Software for Bluetooth® Technology
Intel® PROSet/Wireless WiFi Software
Intel® Rapid Storage Technology
Internet Explorer (Enable DEP)
Internet Explorer Developer Toolbar
Iomega Encryption
Java 7 Update 51
John Deere Drive Green
Junk Mail filter update
Kaspersky Security Scan
Kontrola Windows Live Mesh ActiveX za daljinske veze
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave
Macrium Reflect Free Edition
Malwarebytes Anti-Malware version 1.75.0.1300
MDL Chime/Chime Pro for Internet Explorer
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office File Validation Add-In
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
Monitor da tecnologia Intel® Turbo Boost 2.0
Movie Color Enhancer
MozBackup 1.5.1
Mozilla Firefox 27.0.1 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 24.3.0 (x86 en-US)
MSVCRT
MSVCRT_amd64
Multimedia POP
MySQL Connector C++ 1.1.2
MySQL Connector J
MySQL Connector Net 6.6.5
MySQL Connector/ODBC 5.2(w)
MySQL Documents 5.6
MySQL Examples and Samples 5.6
MySQL Installer
MySQL Notifier 1.0.3
MySQL Server 5.6
MySQL Workbench 5.2 CE
Notepad++
NVIDIA Control Panel 307.21
NVIDIA Graphics Driver 307.21
NVIDIA Install Application
NVIDIA Optimus 1.10.8
NVIDIA Update 1.10.8
NVIDIA Update Components
Opera Stable 19.0.1326.59
Opera Stable 19.0.1326.63
Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená pripojení
Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia
PeaZip 4.9.1
Peggle
Penguins!
Plants vs. Zombies
Poczta uslugi Windows Live
Podstawowe programy Windows Live
Polar Golfer
POP Peeper
Pošta Windows Live
Product Improvement Study for HP Deskjet 1510 series
QuickTime
Raccolta foto di Windows Live
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
RemoteComms External Disk Access
S?????? f?t???af??? t?? Windows Live
Safari
Samsung AnyWeb Print
Samsung Printer Live Update
Samsung Recovery Solution 5
Samsung Support Center 1.0
Samsung Universal Print Driver
Samsung Universal Scan Driver
Samsung Update Plus
SD226 Biological Psychology
SeaTools for Windows
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Simple CSS 2.1
Skype™ 6.11
SopCast 3.4.7
St???e?? e?????? ActiveX t?? Windows Live Mesh ??a ap?µa???sµ??e? s??d?se??
SUPERAntiSpyware
swMSM
TextStylist
User Guide
Uzak Baglantilar Için Windows Live Mesh ActiveX Denetimi
Veetle TV
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
VueScan x64
WildTangent Games
WildTangent ORB Game Console
Windows Live
Windows Live ??
Windows Live ?? ???
Windows Live ???
Windows Live ????
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotótár
Windows Live Foto-galerija
Windows Live fotoattelu galerija
Windows Live Fotogalerie
Windows Live Fotogalleri
Windows Live Fotogaléria
Windows Live Fotograf Galerisi
Windows Live Galeria de Fotos
Windows Live Galerija fotografija
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger
Windows Live Mesh ActiveX-objekt til fjernforbindelser
Windows Live Mesh ActiveX-vezérlo távoli kapcsolatokhoz
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Mesh ActiveX kontrola za daljinske veze
Windows Live Mesh ActiveX vadikla attalajiem savienojumiem
Windows Live Meshin etäyhteyksien ActiveX-komponentti
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Pošta
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Temel Parçalar
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Liven asennustyökalu
Windows Liven sähköposti
Windows Liven valokuvavalikoima
WOT for Internet Explorer
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
22/02/2014 20:49:13, Error: Service Control Manager [7038]  - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:  Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
22/02/2014 20:49:13, Error: Service Control Manager [7000]  - The NVIDIA Update Service Daemon service failed to start due to the following error:  The service did not start due to a logon failure.
22/02/2014 12:20:44, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
22/02/2014 11:19:40, Error: Application Popup [1060]  - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
22/02/2014 09:28:43, Error: Microsoft-Windows-DistributedCOM [10016]  - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID  {9BA05972-F6A8-11CF-A442-00A0C90A8F39}  and APPID  {9BA05972-F6A8-11CF-A442-00A0C90A8F39}  to the user qimi-PC\qimi SID (S-1-5-21-251638132-866889896-205452805-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
19/02/2014 15:10:43, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR3.
17/02/2014 14:34:10, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D3DCB472-7261-43CE-924B-0704BD730D5F}  and APPID  {D3DCB472-7261-43CE-924B-0704BD730D5F}  to the user qimi-PC\qimi SID (S-1-5-21-251638132-866889896-205452805-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
17/02/2014 14:34:10, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {145B4335-FE2A-4927-A040-7C35AD3180EF}  and APPID  {145B4335-FE2A-4927-A040-7C35AD3180EF}  to the user qimi-PC\qimi SID (S-1-5-21-251638132-866889896-205452805-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
16/02/2014 15:30:08, Error: bowser [8003]  - The master browser has received a server announcement from the computer KATERINA-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B4115DE2-7658-4EBB-B11F-9B5E21E13BCB}. The master browser is stopping or an election is being forced.
16/02/2014 14:22:38, Error: Microsoft-Windows-WMPNSS-Service [14332]  - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
16/02/2014 10:40:17, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
16/02/2014 10:40:17, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
16/02/2014 10:40:17, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
16/02/2014 10:40:16, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
16/02/2014 10:40:16, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
16/02/2014 10:40:15, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
16/02/2014 10:40:06, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
16/02/2014 10:39:53, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss SABI SASDIFSV SASKUTIL spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
16/02/2014 10:39:53, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
16/02/2014 10:39:53, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
16/02/2014 10:39:53, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
16/02/2014 10:39:53, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
16/02/2014 10:39:53, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
16/02/2014 10:39:53, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
16/02/2014 10:39:53, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
16/02/2014 10:39:53, Error: Service Control Manager [7001]  - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
16/02/2014 10:39:53, Error: Service Control Manager [7001]  - The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
16/02/2014 10:39:53, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
16/02/2014 10:39:53, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
16/02/2014 10:39:53, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
16/02/2014 10:39:53, Error: Service Control Manager [7001]  - The Apache2.2 service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
15/02/2014 22:25:01, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR1.
.
==== End Of File ===========================
 

Link to post
Share on other sites

  • Root Admin

Well unfortunately we do not provide HTML website security and analysis which is a completely different topic than a locally infected computer.

 

The issue you have as determined from the hard drive scanning tool is that you need to replace the hard drive and reinstall Windows.

Link to post
Share on other sites

It look as if the message I sent some 10 mins ago did not reach you.

 

I have already dealt with the website and everything is fine. I only mentioned it so that you had the background to the problem, which might be known to you, already (if it was a problem).

 

What worries me is the PC especvially as I googled and found iin verious sites taht the following code may be indicative of malware. My Pc is not too bad but keeps opening pages unexpectedly (like the one I mentioned in my first post). I hope that you can have a quick look at the logs to set my mind st peace.

 

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)

Link to post
Share on other sites

  • Root Admin

No not your topic only that we do not provide help with website security which is basically what you were asking in the parts of your post.

 

Also, not sure what value there really is in doing too much more here if the hard drive needs to be replaced and Windows reinstalled as none of this will look or respond like it is right now.

Link to post
Share on other sites

Hi, well I understand...

 

But this is nothing to do with the website. That is dealt in other ways. (see Attachment)

 

What I was hoping for is that you would look at the logs and tell me if the appearance of

 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

 

in the log, as I mentioned in my last post,  is anything to worry about.

 

At this stage all I really wanted was a yes/no reply.

 

Thank you anyway.

 

qim

Link to post
Share on other sites

I posted an attachments, an email from the server explaining things about the website and that it was clean and there was nothing to worry about. besides, I cannot see how you could sort out problems at the server.

 

My worry is the PC. But now the attachment that I placed a few minutes ago has disappeared. Was it withdrawn by you? Or should I place it again?

Link to post
Share on other sites

  • 2 weeks later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.