Jump to content

Might be infected


Danus

Recommended Posts

Im un-sure of the infection how ever, i was infected with a backdoor and a keylogger and MBAM removed them how ever, my computer is showing weird syphtoms of infectinon such as: Freezing, Opening websites that i didnt click (or maybe im just paranoid)

Ive scanned my computer with Dss.

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.16518  BrowserJavaVersion: 10.25.2
Run by Denis at 19:10:42 on 2014-02-22
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.3071.1770 [GMT 2:00]
.
AV: AVG Internet Security 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: AVG Internet Security 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2014\avgfws.exe
C:\Program Files\AVG\AVG2014\avgidsagent.exe
C:\Program Files\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\metasploit\postgresql\bin\pg_ctl.exe
C:\metasploit\ruby\bin\ruby.exe
C:\metasploit\postgresql\bin\postgres.exe
C:\Windows\system32\conhost.exe
C:\metasploit\ruby\bin\ruby.exe
C:\metasploit\postgresql\bin\postgres.exe
C:\metasploit\ruby\bin\ruby.exe
C:\metasploit\postgresql\bin\postgres.exe
C:\metasploit\postgresql\bin\postgres.exe
C:\metasploit\postgresql\bin\postgres.exe
C:\metasploit\postgresql\bin\postgres.exe
C:\metasploit\postgresql\bin\postgres.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
C:\Windows\system32\conhost.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\CyberGhost 5\Service.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Program Files\AVG Nation toolbar\vprot.exe
D:\bin\TSVNCache.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\metasploit\postgresql\bin\postgres.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\DllHost.exe
C:\metasploit\postgresql\bin\postgres.exe
C:\Windows\system32\conhost.exe
C:\metasploit\apps\pro\engine\arch-lib\win32\nginx\bin\nginxr7.exe
C:\metasploit\apps\pro\engine\arch-lib\win32\nginx\bin\nginxr7.exe
C:\Windows\system32\conhost.exe
C:\metasploit\postgresql\bin\postgres.exe
C:\metasploit\postgresql\bin\postgres.exe
C:\metasploit\postgresql\bin\postgres.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [AVG-Secure-Search-Update_0913b] c:\users\denis\appdata\roaming\avg 0913b campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid b0eb79e07a9247d08704d16d67f70dcb-1f227ae979d8a8c72f7e088f96ef9e984931ed3c --CMPID 0913b
uRun: [Gyazo] c:\program files\gyazo\GyStation.exe
uRun: [CyberGhost] "c:\program files\cyberghost 5\CyberGhost.EXE" /autostart /min
uRun: [steam] "c:\program files\steam\steam.exe" -silent
uRun: [uTorrent] "c:\users\denis\appdata\roaming\utorrent\uTorrent.exe"  /MINIMIZED
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY
mRun: [vProt] "c:\program files\avg nation toolbar\vprot.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [mobilegeni daemon] c:\program files\mobogenie\DaemonProcess.exe
mRun: [Kepard] "c:\program files\kepard\Kepard.exe" tray
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
mRun: [sDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mRunOnce: [browserChoice] browserchoice.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
Trusted Zone: localhost
Trusted Zone: localhost




TCP: NameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{04EA2C75-84F5-4F4C-A690-04E992F4C472} : DHCPNameServer = 10.0.0.138
TCP: Interfaces\{04EA2C75-84F5-4F4C-A690-04E992F4C472}\2456A75617D2E4F5363393533633 : DHCPNameServer = 10.0.0.138
TCP: Interfaces\{781CD32F-BD95-4840-BD8E-3C4B78A6DF7B} : DHCPNameServer = 8.8.8.8 8.8.4.4
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\17.3.0\ViProtocol.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\denis\appdata\roaming\mozilla\firefox\profiles\ev126mw9.default\
FF - prefs.js: browser.search.selectedEngine - AVG Nation Search

FF - prefs.js: keyword.URL -
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\battlelog web plugins\2.3.2\npbattlelog.dll
FF - plugin: c:\program files\battlelog web plugins\sonar\0.70.4\npesnsonar.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\17.3.0\npsitesafety.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\users\denis\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_44.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-11-25 149272]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-10-31 222520]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-10-1 102712]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-9-10 27448]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2013-11-25 120600]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2012-9-4 47928]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-11-25 210712]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2014-1-19 22808]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-10-31 176952]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-8-1 193848]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-9-29 37664]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2013-6-26 242240]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-12-8 22856]
R3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\netr28u.sys [2009-5-25 734208]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [2013-6-28 27136]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-12-12 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-12-14 52224]
.
=============== Created Last 30 ================
.
2014-02-22 01:01:09    293376    ----a-w-    c:\windows\system32\browserchoice.exe
2014-02-21 08:36:30    --------    d-----w-    c:\program files\OpenVPN
2014-02-14 13:32:44    --------    d-----w-    c:\users\denis\appdata\local\ESN
2014-02-14 13:32:40    --------    d-----w-    c:\program files\Battlelog Web Plugins
2014-02-14 13:30:49    --------    d-----w-    c:\programdata\EA Core
2014-02-14 13:30:46    --------    d-----w-    c:\programdata\EA Logs
2014-02-14 01:03:07    454656    ----a-w-    c:\windows\system32\vbscript.dll
2014-02-12 13:28:57    18968    ----a-w-    c:\windows\system32\sdnclean.exe
2014-02-12 13:28:52    --------    d-----w-    c:\programdata\Spybot - Search & Destroy
2014-02-12 13:28:42    --------    d-----w-    c:\program files\Spybot - Search & Destroy 2
2014-02-10 05:32:46    --------    d-----w-    c:\program files\LogMeIn Hamachi
2014-02-07 12:11:08    --------    d-----w-    c:\program files\GtkSharp
2014-02-07 12:10:23    --------    d-----w-    c:\program files\Kepard
2014-02-03 17:44:43    --------    d-----w-    c:\program files\1C Company
.
==================== Find3M  ====================
.
2014-02-18 17:33:16    139032    ----a-w-    c:\windows\system32\drivers\PnkBstrK.sys
2014-02-18 17:33:06    290184    ----a-w-    c:\windows\system32\PnkBstrB.xtr
2014-02-18 17:33:06    290184    ----a-w-    c:\windows\system32\PnkBstrB.exe
2014-02-18 17:32:31    280904    ----a-w-    c:\windows\system32\PnkBstrB.ex0
2014-02-14 13:40:45    76888    ----a-w-    c:\windows\system32\PnkBstrA.exe
2014-02-14 13:13:50    138056    ----a-w-    c:\users\denis\appdata\roaming\PnkBstrK.sys
2014-02-10 06:04:44    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-10 06:04:44    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-02-06 10:20:26    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2014-02-06 10:19:55    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2014-02-06 10:01:36    61952    ----a-w-    c:\windows\system32\iesetup.dll
2014-02-06 10:00:46    51200    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2014-02-06 09:47:22    112128    ----a-w-    c:\windows\system32\ieUnatt.exe
2014-02-06 09:47:18    108032    ----a-w-    c:\windows\system32\ieetwcollector.exe
2014-02-06 09:46:27    553472    ----a-w-    c:\windows\system32\jscript9diag.dll
2014-02-06 09:25:36    4244480    ----a-w-    c:\windows\system32\jscript9.dll
2014-02-06 09:09:30    1964032    ----a-w-    c:\windows\system32\inetcpl.cpl
2014-02-06 08:41:35    1820160    ----a-w-    c:\windows\system32\wininet.dll
2014-01-19 19:46:54    22808    ----a-w-    c:\windows\system32\drivers\avgidsshimx.sys
2014-01-03 23:27:51    0    ----a-w-    c:\windows\system32\w32apiw.dll
2014-01-03 08:48:45    444952    ----a-w-    c:\windows\system32\wrap_oal.dll
2014-01-03 08:48:45    109080    ----a-w-    c:\windows\system32\OpenAL32.dll
2013-12-24 23:09:41    1987584    ----a-w-    c:\windows\system32\d3d10warp.dll
2013-12-06 02:02:08    2048    ----a-w-    c:\windows\system32\msxml3r.dll
2013-12-06 02:02:08    1237504    ----a-w-    c:\windows\system32\msxml3.dll
2013-12-04 02:03:20    87040    ----a-w-    c:\windows\system32\secproc_ssp_isv.dll
2013-12-04 02:03:20    87040    ----a-w-    c:\windows\system32\secproc_ssp.dll
2013-12-04 02:03:20    423936    ----a-w-    c:\windows\system32\secproc_isv.dll
2013-12-04 02:03:08    428032    ----a-w-    c:\windows\system32\secproc.dll
2013-12-04 02:02:06    390144    ----a-w-    c:\windows\system32\msdrm.dll
2013-12-04 01:54:14    510976    ----a-w-    c:\windows\system32\RMActivate_ssp.exe
2013-12-04 01:54:10    594944    ----a-w-    c:\windows\system32\RMActivate_isv.exe
2013-12-04 01:54:09    572416    ----a-w-    c:\windows\system32\RMActivate.exe
2013-12-04 01:54:06    508928    ----a-w-    c:\windows\system32\RMActivate_ssp_isv.exe
2013-12-03 01:02:00    71680    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2013-12-03 01:02:00    646144    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-03 01:02:00    645120    ----a-w-    c:\windows\system32\jsIntl.dll
2013-12-03 01:02:00    62464    ----a-w-    c:\windows\system32\tdc.ocx
2013-12-03 01:02:00    194048    ----a-w-    c:\windows\system32\elshyph.dll
2013-12-03 01:02:00    182272    ----a-w-    c:\windows\system32\msls31.dll
2013-11-27 01:14:25    258560    ----a-w-    c:\windows\system32\drivers\usbhub.sys
2013-11-27 01:13:46    284672    ----a-w-    c:\windows\system32\drivers\usbport.sys
2013-11-27 01:13:44    76288    ----a-w-    c:\windows\system32\drivers\usbccgp.sys
2013-11-27 01:13:41    43520    ----a-w-    c:\windows\system32\drivers\usbehci.sys
2013-11-27 01:13:38    20480    ----a-w-    c:\windows\system32\drivers\usbohci.sys
2013-11-27 01:13:36    24064    ----a-w-    c:\windows\system32\drivers\usbuhci.sys
2013-11-27 01:13:33    6016    ----a-w-    c:\windows\system32\drivers\usbd.sys
2013-11-26 11:11:29    240576    ----a-w-    c:\windows\system32\drivers\netio.sys
2013-11-26 10:10:21    2349056    ----a-w-    c:\windows\system32\win32k.sys
2013-11-26 08:16:50    3419136    ----a-w-    c:\windows\system32\d2d1.dll
2013-11-25 19:56:22    210712    ----a-w-    c:\windows\system32\drivers\avgidsdriverx.sys
2013-11-25 19:56:22    149272    ----a-w-    c:\windows\system32\drivers\avgidshx.sys
2013-11-25 19:49:18    120600    ----a-w-    c:\windows\system32\drivers\avgdiskx.sys
.
============= FINISH: 19:11:56.46 ===============
 

attach.rar

Link to post
Share on other sites

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
You told us that you removed several items with Malwarebytes´ Antimalware. This tool creates a log on every run and we need to see them.


  • The logs can be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Zip any and all of these logs and attach the file to your next reply.

Link to post
Share on other sites

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )

    [*]Leave everything else as it is. [*]Close all other running programs as well as your Browser. [*]Click the Scan button & wait for it to finish. [*]Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. [*]Save it where you can easily find it, such as your desktop. [*]Please post the content of the ark.txt here.


**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Link to post
Share on other sites

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-02-25 18:00:27
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-4 SAMSUNG_HD502HJ rev.1AJ10001 465.76GB
Running: s3lw3buc.exe; Driver: C:\Users\Denis\AppData\Local\Temp\fxldrpob.sys


---- System - GMER 2.1 ----

SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys  ZwNotifyChangeKey [0xD32116E0]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys  ZwNotifyChangeMultipleKeys [0xD3211800]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys  ZwOpenProcess [0xD3211010]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys  ZwOpenThread [0xD32114D0]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys  ZwSuspendProcess [0xD3211300]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys  ZwSuspendThread [0xD32113E0]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys  ZwTerminateProcess [0xD3211120]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys  ZwTerminateThread [0xD3211210]
SSDT            \SystemRoot\system32\DRIVERS\avgidsshimx.sys  ZwWriteVirtualMemory [0xD32115E0]

INT 0x51        ?                                             C27BD058
INT 0x52        ?                                             C30357D8
INT 0x53        ?                                             C3035CD8
INT 0x62        ?                                             C3035558
INT 0x63        ?                                             C3035A58
INT 0x72        ?                                             C27BD2D8
INT 0x73        ?                                             C30352D8
INT 0x82        ?                                             C27BD558
INT 0x83        ?                                             C3B3ECD8
INT 0x91        ?                                             C27BD7D8
INT 0x92        ?                                             C27A9058
INT 0x93        ?                                             C27BDCD8
INT 0xA2        ?                                             C27A9A58
INT 0xA3        ?                                             C27A97D8
INT 0xB0        ?                                             C3035058
INT 0xB1        ?                                             C27A9CD8
INT 0xB2        ?                                             C27A9558
INT 0xB3        ?                                             C27A92D8

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\tdx \Device\Tcp                       avgtdix.sys
AttachedDevice  \Driver\tdx \Device\Udp                       avgtdix.sys
AttachedDevice  \Driver\tdx \Device\RawIp                     avgtdix.sys

---- EOF - GMER 2.1 ----
 

Link to post
Share on other sites

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe



When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.

Link to post
Share on other sites

ComboFix 14-02-24.02 - Denis 02/28/2014  17:12:10.1.2 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.3071.703 [GMT 2:00]
Running from: c:\users\Denis\Desktop\ComboFix.exe
AV: AVG Internet Security 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2014 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG Internet Security 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Denis\AppData\Roaming\Zona
c:\users\Denis\AppData\Roaming\Zona\init.xml
c:\windows\system32\w32apiw.dll
D:\install.exe
D:\UNINSTALL.EXE
.
.
(((((((((((((((((((((((((   Files Created from 2014-01-28 to 2014-02-28  )))))))))))))))))))))))))))))))
.
.
2014-02-28 15:24 . 2014-02-28 15:24    --------    d-----w-    c:\users\UpdatusUser\AppData\Local\temp
2014-02-28 15:24 . 2014-02-28 15:24    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-02-28 13:53 . 2014-02-28 13:54    --------    d-----w-    c:\program files\CodeBlocks
2014-02-26 20:41 . 2014-02-26 20:41    40776    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2014-02-26 01:03 . 2014-02-26 01:03    --------    d-----w-    c:\windows\Migration
2014-02-22 01:01 . 2010-02-11 07:10    293376    ----a-w-    c:\windows\system32\browserchoice.exe
2014-02-21 08:36 . 2014-02-21 08:36    --------    d-----w-    c:\program files\OpenVPN
2014-02-14 13:32 . 2014-02-14 13:32    --------    d-----w-    c:\users\Denis\AppData\Local\ESN
2014-02-14 13:32 . 2014-02-14 13:32    --------    d-----w-    c:\program files\Battlelog Web Plugins
2014-02-14 13:30 . 2014-02-14 13:30    --------    d-----w-    c:\programdata\EA Core
2014-02-14 13:30 . 2014-02-18 17:32    --------    d-----w-    c:\programdata\EA Logs
2014-02-14 01:03 . 2013-12-21 08:56    454656    ----a-w-    c:\windows\system32\vbscript.dll
2014-02-12 13:28 . 2014-02-28 15:09    --------    d-----w-    c:\programdata\Spybot - Search & Destroy
2014-02-12 13:28 . 2014-02-28 15:09    --------    d-----w-    c:\program files\Spybot - Search & Destroy 2
2014-02-10 05:32 . 2014-02-10 05:32    --------    d-----w-    c:\program files\LogMeIn Hamachi
2014-02-07 12:11 . 2014-02-07 12:11    --------    d-----w-    c:\program files\GtkSharp
2014-02-07 12:10 . 2014-02-07 12:10    --------    d-----w-    c:\program files\Kepard
2014-02-03 17:44 . 2014-02-03 18:07    --------    d-----w-    c:\program files\1C Company
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-18 17:33 . 2012-12-14 10:23    139032    ----a-w-    c:\windows\system32\drivers\PnkBstrK.sys
2014-02-18 17:33 . 2012-12-14 10:23    290184    ----a-w-    c:\windows\system32\PnkBstrB.xtr
2014-02-18 17:33 . 2012-12-14 10:00    290184    ----a-w-    c:\windows\system32\PnkBstrB.exe
2014-02-18 17:32 . 2012-12-14 10:00    280904    ----a-w-    c:\windows\system32\PnkBstrB.ex0
2014-02-14 13:40 . 2012-12-14 10:00    76888    ----a-w-    c:\windows\system32\PnkBstrA.exe
2014-02-14 13:13 . 2013-03-09 16:08    138056    ----a-w-    c:\users\Denis\AppData\Roaming\PnkBstrK.sys
2014-02-10 06:04 . 2012-12-12 19:37    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-10 06:04 . 2012-12-12 19:37    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-01-19 19:46 . 2014-01-19 19:46    22808    ----a-w-    c:\windows\system32\drivers\avgidsshimx.sys
2014-01-03 08:48 . 2013-04-01 23:34    444952    ----a-w-    c:\windows\system32\wrap_oal.dll
2014-01-03 08:48 . 2013-04-01 23:34    109080    ----a-w-    c:\windows\system32\OpenAL32.dll
2013-12-03 01:02 . 2013-12-03 01:02    71680    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2013-12-03 01:02 . 2013-12-03 01:02    646144    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-03 01:02 . 2013-12-03 01:02    645120    ----a-w-    c:\windows\system32\jsIntl.dll
2013-12-03 01:02 . 2013-12-03 01:02    62464    ----a-w-    c:\windows\system32\tdc.ocx
2013-12-03 01:02 . 2013-12-03 01:02    194048    ----a-w-    c:\windows\system32\elshyph.dll
2013-12-03 01:02 . 2013-12-03 01:02    182272    ----a-w-    c:\windows\system32\msls31.dll
2013-12-03 01:01 . 2013-12-03 01:01    34816    ----a-w-    c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-03 01:01 . 2013-12-03 01:01    337408    ----a-w-    c:\windows\system32\html.iec
2013-12-03 01:01 . 2013-12-03 01:01    24576    ----a-w-    c:\windows\system32\licmgr10.dll
2013-12-03 01:01 . 2013-12-03 01:01    139264    ----a-w-    c:\windows\system32\wextract.exe
2013-12-03 01:01 . 2013-12-03 01:01    1051136    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2013-12-03 01:01 . 2013-12-03 01:01    74240    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2013-12-03 01:01 . 2013-12-03 01:01    61952    ----a-w-    c:\windows\system32\MshtmlDac.dll
2013-12-03 01:01 . 2013-12-03 01:01    36352    ----a-w-    c:\windows\system32\imgutil.dll
2013-12-03 01:01 . 2013-12-03 01:01    151552    ----a-w-    c:\windows\system32\iexpress.exe
2013-12-03 01:01 . 2013-12-03 01:01    13312    ----a-w-    c:\windows\system32\mshta.exe
2013-12-03 01:01 . 2013-12-03 01:01    111616    ----a-w-    c:\windows\system32\IEAdvpack.dll
2013-12-03 01:01 . 2013-12-03 01:01    86016    ----a-w-    c:\windows\system32\iesysprep.dll
2013-12-03 01:01 . 2013-12-03 01:01    48640    ----a-w-    c:\windows\system32\mshtmler.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20    64792    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20    64792    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20    64792    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20    64792    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20    64792    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20    64792    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20    64792    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20    64792    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20    64792    ----a-w-    c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]
"Gyazo"="c:\program files\Gyazo\GyStation.exe" [2013-10-30 2990304]
"CyberGhost"="c:\program files\CyberGhost 5\CyberGhost.EXE" [2013-12-17 361072]
"Steam"="c:\program files\Steam\steam.exe" [2014-02-19 1822400]
"uTorrent"="c:\users\Denis\AppData\Roaming\uTorrent\uTorrent.exe" [2014-02-02 905296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2014-01-22 4962320]
"vProt"="c:\program files\AVG Nation toolbar\vprot.exe" [2014-02-03 2552856]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"Kepard"="c:\program files\Kepard\Kepard.exe" [2013-12-14 746496]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-02-04 3813712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0\0sdnclean.exe
.
[HKLM\~\startupfolder\C:^Users^Denis^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GameRanger.lnk]
path=c:\users\Denis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameRanger.lnk
backup=c:\windows\pss\GameRanger.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57    959904    ----a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2013-03-14 08:23    3672640    ----a-w-    c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2014-02-04 12:56    3813712    ----a-w-    c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-06-03 13:27    19603048    ----a-r-    c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2014-02-19 23:07    1822400    ----a-w-    c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-03-12 04:32    253816    ----a-w-    c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R3 BEService;BattlEye Service;c:\program files\Common Files\BattlEye\BEService.exe [2013-07-23 49152]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-02-06 108032]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-12-14 1343400]
R4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-06-03 162408]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
R4 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [2013-06-24 754584]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2013-11-25 149272]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [2013-10-31 222520]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2013-09-09 27448]
S1 Avgdiskx;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiskx.sys [2013-11-25 120600]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2013-09-26 47928]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2013-11-25 210712]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2014-01-19 22808]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2013-10-31 176952]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2013-08-01 193848]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-10-01 37664]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-06-26 242240]
S2 avgfws;AVG Firewall;c:\program files\AVG\AVG2014\avgfws.exe [2013-09-23 1358944]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [2014-01-22 3788816]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [2013-09-23 348008]
S2 CGVPNCliService;CyberGhost VPN 5 Client Service;c:\program files\CyberGhost 5\Service.exe [2013-12-17 63600]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2014-02-04 1677648]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn Hamachi\LMIGuardianSvc.exe [2014-02-04 375056]
S2 metasploitPostgreSQL;metasploitPostgreSQL;c:\metasploit\postgresql\bin\pg_ctl.exe runservice -N metasploitPostgreSQL -D C:/metasploit/postgresql/data [x]
S2 metasploitProSvc;Metasploit Pro Service;c:\metasploit\ruby\bin\ruby.exe [2013-11-24 70239]
S2 metasploitThin;Metasploit Thin Service;c:\metasploit\ruby\bin\ruby.exe [2013-11-24 70239]
S2 metasploitWorker;Metasploit Worker;c:\metasploit\ruby\bin\ruby.exe [2013-11-24 70239]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2013-07-28 35088]
S2 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\Version9\TeamViewer_Service.exe [2013-12-17 5341536]
S2 vToolbarUpdater17.3.0;vToolbarUpdater17.3.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [2014-01-07 1770312]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2014-02-26 40776]
S3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28u.sys [2009-05-25 734208]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 27136]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-12 06:04]
.
.
------- Supplementary Scan -------
.

uInternet Settings,ProxyOverride = *.local
Trusted Zone: localhost
Trusted Zone: localhost
TCP: DhcpNameServer = 10.0.0.138
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll
FF - ProfilePath - c:\users\Denis\AppData\Roaming\Mozilla\Firefox\Profiles\ev126mw9.default\
FF - prefs.js: browser.search.selectedEngine - AVG Nation Search

FF - prefs.js: keyword.URL -
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
HKCU-Run-AVG-Secure-Search-Update_0913b - c:\users\Denis\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe
HKLM-Run-mobilegeni daemon - c:\program files\Mobogenie\DaemonProcess.exe
MSConfigStartUp-AVG_UI - c:\program files\AVG\AVG2013\avgui.exe
AddRemove-BattlEye for A2 - c:\program files\Steam\steamapps\common\Arma 2BattlEye\UnInstallBE.exe
AddRemove-Wireshark - c:\program files\Wireshark\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\metasploitPostgreSQL]
"ImagePath"="\"c:\metasploit\postgresql\bin\pg_ctl.exe\" runservice -N \"metasploitPostgreSQL\" -D \"C:/metasploit/postgresql/data\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4147680198-1992870259-3329265337-1001\Software\SecuROM\License information*]
"datasecu"=hex:47,07,e7,3b,20,51,64,53,96,ba,70,4c,b1,93,34,1c,86,cc,5b,fa,a4,
   f5,0b,2c,0f,82,4f,47,91,af,88,67,45,93,e6,55,ad,f6,1b,12,f3,2d,5b,2c,3b,b4,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-02-28  17:28:14
ComboFix-quarantined-files.txt  2014-02-28 15:28
.
Pre-Run: 49,330,348,032 bytes free
Post-Run: 49,972,641,792 bytes free
.
- - End Of File - - 4BD87867AC5DBFF6D966111FCFBAF18B
A36C5E4F47E84449FF07ED3517B43A31
 

Link to post
Share on other sites

I´m sorry, we have carneval in Cologne so my replies might take some time at the moment.

CF is a very mighty tool that has automated several functions - but it is no master solution for every malware program.

 

Trained malware removers can use it for many purposes.

 

In your case I´ve used it to take out some files that I expected to be there.

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.


If the program is already installed:

  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

 

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

Link to post
Share on other sites

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.28.11

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16518
Denis :: IVORY [administrator]

Protection: Disabled

3/2/2014 6:21:52 PM
mbam-log-2014-03-02 (18-21-52).txt

Scan type: Full scan (A:\|C:\|D:\|E:\|F:\|G:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 724820
Time elapsed: 2 hour(s), 45 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

Link to post
Share on other sites

Today i couldn't access a avg.com and virustotal for a few minutes but i could enter any other website, MBAM is constatly blocking off 188.95.50.114, if you wont reply to me any time soon ill have to format my computer, so yeah..

Link to post
Share on other sites

  • Root Admin

Since Marius is currently unavailable I will go ahead and assist you further.

 

Please download the following scanner from Kaspersky and save it to your computer: TDSSkiller

Then watch the following video on how to use the tool and make sure to temporarily disable your security applications before running TDSSkiller.



If any infection is found please make sure to choose SKIP and post back the log in case of a False Positive detection.

Once the tool has completed scanning make sure to re-enable your other security applications.
 
Link to post
Share on other sites

  • Root Admin

That did not find anything.  Please try the following

 

Please download Malwarebytes Anti-Rootkit from HERE
If needed there is a self help tutorial here: MBAR tutorial

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.