Jump to content

I'm infected by Brontok.A[18].Norbet

Dimaj

By Dimaj
in Resolved Malware Removal Logs

 Share

Recommended Posts

Dimaj

Dimaj

Posted
Posted

Hello i'm infected by this virus, 

every time i want to download something the computer restart, 

when it restart, a green page pops up.

I used dds.scr and that's what it gave to me:

DDS.txt:

DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
Internet Explorer: 11.0.9600.16518
Run by z at 14:50:29 on 2014-03-02
Microsoft Windows 7 Starter   6.1.7601.1.1252.33.1033.18.1012.582 [GMT 1:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Users\z\AppData\Local\winlogon.exe
C:\Users\z\AppData\Local\services.exe
C:\Windows\system32\ctfmon.exe
C:\Users\z\AppData\Local\lsass.exe
C:\Windows\explorer.exe
C:\Windows\system32\DllHost.exe
C:\Users\z\AppData\Local\csrss.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
mWinlogon: Shell = Explorer.exe "c:\windows\sembako-cfzjmij.exe"
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - c:\program files\bluetooth suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - c:\program files\hewlett-packard\hp support framework\resources\hpnetworkcheck\HPNetworkCheckPlugin.dll
uRun: [Google Update] "c:\users\z\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [NextLive] c:\windows\system32\rundll32.exe "c:\users\z\appdata\roaming\newnext.me\nengine.dll",EntryPoint -m l
uRun: [Tok-Cirrhatus-639] "c:\users\z\appdata\local\br2301on.exe"
uRun: [Tok-Cirrhatus] <no file>
mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [iAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe
mRun: [GfxServiceInstall] c:\windows\system32\GfxCUIServiceInstall.vbs
mRun: [AtherosBtStack] "c:\program files\bluetooth suite\BtvStack.exe"
mRun: [AthBtTray] "c:\program files\bluetooth suite\AthBtTray.exe"
mRun: [setDefault] c:\program files\hewlett-packard\hp launchbox\SetDefault.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HPOSD] c:\program files\hewlett-packard\hp on screen display\HPOSD.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [4StoryPrePatch] c:\4story\4story_fr\PrePatch.exe
mRun: [Athan] c:\program files\athan\Athan.exe
mRun: [igfxTray] c:\windows\system32
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [sysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [HP Quick Launch] c:\program files\hewlett-packard\hp quick launch\HPMSGSVC.exe
mRun: [mobilegeni daemon] c:\program files\mobogenie\DaemonProcess.exe
mRun: [bron-Spizaetus] <no file>
mRunOnce: [NCPluginUpdater] "c:\program files\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe" Update
StartupFolder: c:\users\z\appdata\roaming\microsoft\windows\start menu\programs\startup\Empty.pif
StartupFolder: c:\users\z\appdata\roaming\microsoft\windows\start menu\programs\startup\Startup.exe
uPolicies-Explorer: NoFolderOptions = dword:1
uPolicies-System: DisableRegistryTools = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - c:\program files\hewlett-packard\hp support framework\resources\hpnetworkcheck\NCLauncherFromIE.exe
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - c:\program files\bluetooth suite\IEPlugIn.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{22D03ABC-ACC7-4A68-B486-37378FC80756} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{22D03ABC-ACC7-4A68-B486-37378FC80756}\356425027596649602055726C69636 : DHCPNameServer = 109.0.66.20 109.0.66.10
TCP: Interfaces\{22D03ABC-ACC7-4A68-B486-37378FC80756}\57E69667562737964756D2071627963713 : DHCPNameServer = 193.55.96.84 193.55.97.4
TCP: Interfaces\{D24BDFE0-87E0-4667-962F-30737B637B43} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
SSODL: WebCheck - <orphaned>
mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
.
============= SERVICES / DRIVERS ===============
.
R3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\drivers\btath_bus.sys [2011-10-22 25248]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2011-12-21 197224]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-12-21 394856]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\idt\wdm\AEstSrv.exe [2013-2-10 81920]
S2 AtherosSvc;AtherosSvc;c:\program files\bluetooth suite\AdminService.exe [2011-10-22 85152]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2013-4-22 822504]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\hewlett-packard\hp support framework\HPSA_Service.exe [2012-9-27 86528]
S2 HPClientSvc;HP Client Services;c:\program files\hewlett-packard\hp client services\HPClientServices.exe [2010-10-11 246840]
S2 HPWMISVC;HPWMISVC;c:\program files\hewlett-packard\hp quick launch\HPWMISVC.exe [2012-3-5 35200]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2011-12-21 13336]
S2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2013-6-26 523944]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384]
S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files\bluetooth suite\Ath_CoexAgent.exe [2011-10-22 158880]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-5-13 30312]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\drivers\btath_flt.sys [2011-10-22 35488]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-10-22 290976]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2011-10-22 97440]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\drivers\btath_hcrp.sys [2011-10-22 147616]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\drivers\btath_lwflt.sys [2011-10-22 60064]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\drivers\btath_rcp.sys [2011-10-22 263968]
S3 BtFilter;BtFilter;c:\windows\system32\drivers\btfilter.sys [2011-10-22 445088]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\drivers\clwvd.sys [2010-7-28 27632]
S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-3-2 108032]
S3 igddim32;igddim32;c:\windows\system32\drivers\igddim32.sys [2012-10-22 1349120]
S3 igdkmd32;igdkmd32;c:\windows\system32\drivers\igdkmd32.sys [2012-10-22 435200]
S3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;c:\windows\system32\drivers\libusb0.sys [2006-5-31 29184]
S3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2013-6-26 583848]
S3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2013-6-26 197800]
S3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2013-6-26 24232]
S3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2013-6-26 20136]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2013-6-26 207528]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-5-13 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-5-13 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-5-13 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2011-5-13 114280]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2014-03-02 03:11:11 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f1f3ccfa-39a4-46bc-80df-0d03854fcfd5}\offreg.dll
2014-03-02 03:10:46 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-03-02 03:10:45 1237504 ----a-w- c:\windows\system32\msxml3.dll
2014-03-02 03:07:58 553472 ----a-w- c:\windows\system32\jscript9diag.dll
2014-03-02 00:25:05 -------- d-----w- c:\program files\AVG
2014-03-01 23:28:57 -------- d-----w- C:\0bc4e36ea3b6c293d394eca8
2014-03-01 23:23:51 7947048 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f1f3ccfa-39a4-46bc-80df-0d03854fcfd5}\mpengine.dll
2014-02-28 13:15:04 -------- d-----w- c:\users\z\appdata\local\Bron.tok-18-28
2014-02-27 10:20:10 -------- d-----w- c:\users\z\appdata\local\Bron.tok-18-27
2014-02-26 11:44:36 -------- d-----w- c:\users\z\appdata\local\Bron.tok-18-26
2014-02-25 14:52:51 -------- d-----w- C:\e9f041d51337775efdfd
2014-02-25 14:51:32 454656 ----a-w- c:\windows\system32\vbscript.dll
2014-02-25 14:31:45 -------- d-----w- c:\users\z\appdata\local\Bron.tok-18-25
2014-02-22 23:00:01 -------- d-----w- c:\users\z\appdata\local\Bron.tok-18-23
2014-02-22 22:39:56 -------- d-----w- c:\users\z\appdata\local\Bron.tok-18-22
2014-02-21 13:42:55 -------- d-----w- c:\users\z\appdata\local\Bron.tok-18-21
2014-02-20 08:48:56 -------- d-----w- c:\users\z\appdata\local\Bron.tok-18-20
2014-02-18 23:00:01 -------- d-----w- c:\users\z\appdata\local\Bron.tok-18-19
2014-02-17 23:00:01 -------- d-----w- c:\users\z\appdata\local\Bron.tok-18-18
2014-02-17 21:04:08 -------- d-----w- c:\users\z\appdata\local\Bron.tok-18-17
2014-02-14 06:42:50 -------- d-----w- c:\users\z\appdata\local\Bron.tok-18-14
2014-02-13 22:04:38 3419136 ----a-w- c:\windows\system32\d2d1.dll
2014-02-13 22:04:38 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2014-02-13 22:04:22 594944 ----a-w- c:\windows\system32\RMActivate_isv.exe
2014-02-13 22:04:21 572416 ----a-w- c:\windows\system32\RMActivate.exe
2014-02-13 22:04:21 508928 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2014-02-13 22:04:20 87040 ----a-w- c:\windows\system32\secproc_ssp.dll
2014-02-13 22:04:20 510976 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2014-02-13 22:04:20 428032 ----a-w- c:\windows\system32\secproc.dll
2014-02-13 22:04:20 423936 ----a-w- c:\windows\system32\secproc_isv.dll
2014-02-13 22:04:20 390144 ----a-w- c:\windows\system32\msdrm.dll
2014-02-13 22:04:19 87040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2014-02-12 23:00:01 -------- d-----w- c:\users\z\appdata\local\Bron.tok-18-13
2014-02-12 11:45:10 -------- d-----w- c:\users\z\appdata\local\Bron.tok-18-12
2014-02-11 12:16:57 -------- d-----w- c:\users\z\appdata\local\Bron.tok-18-11
2014-02-10 07:09:19 -------- d-----w- c:\users\z\appdata\local\Bron.tok-18-10
2014-02-09 14:23:19 -------- d-----w- c:\users\z\appdata\local\ElevatedDiagnostics
2014-02-08 23:09:38 -------- d-----w- c:\users\z\appdata\local\Bron.tok-18-9
2014-02-08 14:00:37 -------- d-----w- c:\users\z\appdata\local\Bron.tok-18-8
2014-02-06 23:00:01 -------- d-----w- c:\users\z\appdata\local\Bron.tok-18-7
2014-02-06 10:17:10 -------- d-----w- c:\users\z\appdata\local\Bron.tok-18-6
2014-02-05 09:07:09 -------- d-----w- c:\users\z\appdata\local\Bron.tok-18-5
2014-02-04 12:13:25 -------- d-----w- c:\users\z\appdata\local\Bron.tok-18-4
2014-02-03 07:59:23 -------- d-----w- c:\users\z\appdata\local\Bron.tok-18-3
2014-02-01 23:00:01 -------- d-----w- c:\users\z\appdata\local\Bron.tok-18-2
2014-02-01 11:41:32 -------- d-----w- c:\users\z\appdata\local\Bron.tok-18-1
.
==================== Find3M  ====================
.
2014-02-06 10:20:26 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-02-06 10:19:55 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-02-06 10:01:36 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-02-06 10:00:46 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-02-06 09:47:22 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-02-06 09:47:18 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-02-06 09:25:36 4244480 ----a-w- c:\windows\system32\jscript9.dll
2014-02-06 09:09:30 1964032 ----a-w- c:\windows\system32\inetcpl.cpl
2014-02-06 08:41:35 1820160 ----a-w- c:\windows\system32\wininet.dll
2014-01-30 22:12:06 10 --sh--r- c:\windows\system32\sistem.sys
2014-01-21 16:28:54 18776 ----a-w- c:\windows\system32\roboot.exe
2014-01-01 17:39:09 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-01-01 17:39:08 194048 ----a-w- c:\windows\system32\elshyph.dll
2014-01-01 17:39:03 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-01-01 17:39:03 645120 ----a-w- c:\windows\system32\jsIntl.dll
2014-01-01 17:39:03 182272 ----a-w- c:\windows\system32\msls31.dll
2014-01-01 17:39:01 62464 ----a-w- c:\windows\system32\tdc.ocx
2014-01-01 17:39:01 34816 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-01-01 17:39:00 337408 ----a-w- c:\windows\system32\html.iec
2014-01-01 17:38:57 1051136 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-01-01 17:38:55 24576 ----a-w- c:\windows\system32\licmgr10.dll
2014-01-01 17:38:54 151552 ----a-w- c:\windows\system32\iexpress.exe
2014-01-01 17:38:54 139264 ----a-w- c:\windows\system32\wextract.exe
2014-01-01 17:38:52 13312 ----a-w- c:\windows\system32\mshta.exe
2014-01-01 17:38:50 74240 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2014-01-01 17:38:50 61952 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-01-01 17:38:50 36352 ----a-w- c:\windows\system32\imgutil.dll
2014-01-01 17:38:50 111616 ----a-w- c:\windows\system32\IEAdvpack.dll
2014-01-01 17:38:49 86016 ----a-w- c:\windows\system32\iesysprep.dll
2014-01-01 17:38:49 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-12-18 05:13:56 231584 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 14:50:58,64 ===============
 
And for ATTACH.txt
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Starter 
Boot Device: \Device\HarddiskVolume1
Install Date: 29/01/2012 07:45:20
System Uptime: 02/03/2014 14:34:18 (0 hours ago)
.
Motherboard: Hewlett-Packard |  | 338D
Processor: Intel® Atom CPU N2600   @ 1.60GHz | CPU | 1600/400mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 281 GiB total, 214,313 GiB free.
D: is FIXED (NTFS) - 17 GiB total, 1,801 GiB free.
E: is FIXED (FAT32) - 0 GiB total, 0,085 GiB free.
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: 
Description: 
Device ID: ACPI\HPQ0004\3&11583659&0
Manufacturer: 
Name: 
PNP Device ID: ACPI\HPQ0004\3&11583659&0
Service: 
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer: 
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
==== System Restore Points ===================
.
RP202: 21/01/2014 10:15:51 - Windows Update
RP203: 25/01/2014 09:59:48 - Windows Update
RP204: 28/01/2014 11:46:40 - Windows Update
RP205: 31/01/2014 23:14:33 - Windows Update
RP206: 06/02/2014 21:39:03 - Windows Update
RP207: 13/02/2014 23:01:09 - Windows Update
RP208: 17/02/2014 22:20:07 - Windows Update
RP209: 25/02/2014 15:33:47 - Windows Update
RP210: 26/02/2014 22:36:23 - Windows Update
RP211: 02/03/2014 00:22:38 - Windows Update
RP212: 02/03/2014 00:28:22 - Windows Update
RP213: 02/03/2014 03:53:43 - Windows Update
.
==== Installed Programs ======================
.
7-Zip 9.20
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.4) MUI
Adobe Shockwave Player 11.6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Athan Basic 4.1
Atheros Bluetooth Suite
Atheros Driver Installation Program
Chuzzle Deluxe
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Coffret de pilotes Logitech QuickCam
CyberLink YouCam
D3DX10
Dora's World Adventure
ESU for Microsoft Windows 7 SP1
Farm Frenzy
Galerie de photos Windows Live
Google Chrome
Hewlett-Packard ACLM.NET v1.2.1.1
Hoyle Card Games
HP Auto
HP Client Services
HP Customer Experience Enhancements
HP Documentation
HP Games
HP Launch Box
HP On Screen Display
HP Power Manager
HP Quick Launch
HP Recovery Manager
HP Security Assistant
HP Setup
HP Setup Manager
HP Software Framework
HP Support Assistant
Insaniquarium Deluxe
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Rapid Storage Technology
iTunes
Junk Mail filter update
Letters from Nowhere 2
Logitech Webcam Software
Luxor HD
Mah Jong Medley
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft PowerPoint Viewer
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSVCRT
opensource
PDF Creator
PDF Writer Packages
Realtek Ethernet Controller Driver
Realtek USB 2.0 Card Reader
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
Skip-Bo - Castaway Caper
Skype™ 6.3
swMSM
Synaptics TouchPad Driver
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update Installer for WildTangent Games App
VLC media player 2.0.4
Vuze
WildTangent Games App (HP Games)
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
27/02/2014 12:36:12, Error: NetBT [4321]  - The name "WORKGROUP      :1d" could not be registered on the interface with IP address 172.16.114.170. The computer with the IP address 172.16.125.181 did not allow the name to be claimed by this computer.
27/02/2014 12:31:51, Error: NetBT [4319]  - A duplicate name has been detected on the TCP network.  The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.
26/02/2014 19:58:37, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
02/03/2014 14:47:44, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR2.
02/03/2014 14:36:34, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR1.
02/03/2014 14:35:12, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
02/03/2014 14:35:12, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
02/03/2014 14:35:10, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
02/03/2014 14:35:04, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
02/03/2014 14:34:54, Error: Microsoft-Windows-WLAN-AutoConfig [10000]  - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athihvs.dll Error Code: 21
02/03/2014 14:34:37, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  cdrom discache spldr Wanarpv6
02/03/2014 14:34:36, Error: Service Control Manager [7001]  - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error:  The dependency service or group failed to start.
02/03/2014 14:32:04, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  cdrom
02/03/2014 04:31:50, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
02/03/2014 04:29:55, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
02/03/2014 04:29:39, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
02/03/2014 04:29:39, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
02/03/2014 04:28:38, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD cdrom DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
02/03/2014 04:28:37, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
02/03/2014 04:28:37, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
02/03/2014 04:28:37, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
02/03/2014 04:28:37, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
02/03/2014 04:28:37, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
02/03/2014 04:28:37, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
02/03/2014 04:28:37, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
02/03/2014 04:28:37, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
02/03/2014 04:28:37, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
02/03/2014 04:28:37, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
02/03/2014 04:13:13, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HP Support Assistant Service service.
02/03/2014 04:10:49, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 4.5.1 for Windows 7 (KB2858725).
02/03/2014 03:36:57, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
02/03/2014 01:04:01, Error: Service Control Manager [7023]  - The Windows Time service terminated with the following error:  A system shutdown is in progress.
02/03/2014 00:16:10, Error: Service Control Manager [7023]  - The Windows Update service terminated with the following error:  %%-2147467243
.
==== End Of File ===========================
 Please help me !

 

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Hello Dimaj and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
P2P/Piracy Warning:

If you're using Peer 2 Peer software such as Vuze or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Please generate a new fresh DDS log file and post it here.

Link to post
Share on other sites
Dimaj

Dimaj

Posted
  • Author
Posted

As you recommended I uninstalled Vuze.

These are the new fresh dds log files: 

DDS:

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 11.0.9600.16428
Run by z at 17:59:52 on 2014-03-02
Microsoft Windows 7 Starter   6.1.7601.1.1252.33.1033.18.1012.330 [GMT 1:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\IDT\WDM\STacSV.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bluetooth Suite\adminservice.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\rundll32.exe
C:\Users\z\AppData\Local\winlogon.exe
C:\Users\z\AppData\Local\services.exe
C:\Users\z\AppData\Local\lsass.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CyberLink\YouCam\YCMMirage.exe
C:\Windows\explorer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Bluetooth Suite\BtvStack.exe
C:\Program Files\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Athan\Athan.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Users\z\AppData\Local\Google\Update\GoogleUpdate.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\z\AppData\Local\csrss.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
mWinlogon: Shell = Explorer.exe "c:\windows\sembako-cfzjmij.exe"
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - c:\program files\bluetooth suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - c:\program files\hewlett-packard\hp support framework\resources\hpnetworkcheck\HPNetworkCheckPlugin.dll
uRun: [Google Update] "c:\users\z\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [NextLive] c:\windows\system32\rundll32.exe "c:\users\z\appdata\roaming\newnext.me\nengine.dll",EntryPoint -m l
uRun: [Tok-Cirrhatus-639] "c:\users\z\appdata\local\br2301on.exe"
uRun: [Tok-Cirrhatus] <no file>
mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [iAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe
mRun: [GfxServiceInstall] c:\windows\system32\GfxCUIServiceInstall.vbs
mRun: [AtherosBtStack] "c:\program files\bluetooth suite\BtvStack.exe"
mRun: [AthBtTray] "c:\program files\bluetooth suite\AthBtTray.exe"
mRun: [setDefault] c:\program files\hewlett-packard\hp launchbox\SetDefault.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HPOSD] c:\program files\hewlett-packard\hp on screen display\HPOSD.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [4StoryPrePatch] c:\4story\4story_fr\PrePatch.exe
mRun: [Athan] c:\program files\athan\Athan.exe
mRun: [igfxTray] c:\windows\system32
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [sysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [HP Quick Launch] c:\program files\hewlett-packard\hp quick launch\HPMSGSVC.exe
mRun: [mobilegeni daemon] c:\program files\mobogenie\DaemonProcess.exe
mRun: [bron-Spizaetus] <no file>
mRunOnce: [NCPluginUpdater] "c:\program files\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe" Update
StartupFolder: c:\users\z\appdata\roaming\microsoft\windows\start menu\programs\startup\Empty.pif
StartupFolder: c:\users\z\appdata\roaming\microsoft\windows\start menu\programs\startup\Startup.exe
uPolicies-Explorer: NoFolderOptions = dword:1
uPolicies-System: DisableRegistryTools = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - c:\program files\hewlett-packard\hp support framework\resources\hpnetworkcheck\NCLauncherFromIE.exe
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - c:\program files\bluetooth suite\IEPlugIn.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{22D03ABC-ACC7-4A68-B486-37378FC80756} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{22D03ABC-ACC7-4A68-B486-37378FC80756}\356425027596649602055726C69636 : DHCPNameServer = 109.0.66.20 109.0.66.10
TCP: Interfaces\{22D03ABC-ACC7-4A68-B486-37378FC80756}\57E69667562737964756D2071627963713 : DHCPNameServer = 193.55.96.84 193.55.97.4
TCP: Interfaces\{D24BDFE0-87E0-4667-962F-30737B637B43} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll
SSODL: WebCheck - <orphaned>
mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
.
============= SERVICES / DRIVERS ===============
.
R2 AESTFilters;Andrea ST Filters Service;c:\program files\idt\wdm\AEstSrv.exe [2013-2-10 81920]
R2 AtherosSvc;AtherosSvc;c:\program files\bluetooth suite\AdminService.exe [2011-10-22 85152]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2013-4-22 822504]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\hewlett-packard\hp support framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPClientSvc;HP Client Services;c:\program files\hewlett-packard\hp client services\HPClientServices.exe [2010-10-11 246840]
R2 HPWMISVC;HPWMISVC;c:\program files\hewlett-packard\hp quick launch\HPWMISVC.exe [2012-3-5 35200]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2011-12-21 13336]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2013-6-26 523944]
R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files\bluetooth suite\Ath_CoexAgent.exe [2011-10-22 158880]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\drivers\btath_flt.sys [2011-10-22 35488]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-10-22 290976]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2011-10-22 97440]
R3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\drivers\btath_bus.sys [2011-10-22 25248]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\drivers\btath_hcrp.sys [2011-10-22 147616]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\drivers\btath_lwflt.sys [2011-10-22 60064]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\drivers\btath_rcp.sys [2011-10-22 263968]
R3 BtFilter;BtFilter;c:\windows\system32\drivers\btfilter.sys [2011-10-22 445088]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\drivers\clwvd.sys [2010-7-28 27632]
R3 igddim32;igddim32;c:\windows\system32\drivers\igddim32.sys [2012-10-22 1349120]
R3 igdkmd32;igdkmd32;c:\windows\system32\drivers\igdkmd32.sys [2012-10-22 435200]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2011-12-21 197224]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-12-21 394856]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2013-6-26 583848]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2013-6-26 197800]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2013-6-26 24232]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2013-6-26 20136]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2013-6-26 207528]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-5-13 30312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-1-3 108032]
S3 libusb0;LibUsb-Win32 - Kernel Driver 11/20/2005, 20051120;c:\windows\system32\drivers\libusb0.sys [2006-5-31 29184]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-5-13 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-5-13 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-5-13 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2011-5-13 114280]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2014-03-02 16:20:34 -------- d-----w- c:\windows\Migration
2014-03-02 00:25:05 -------- d-----w- c:\program files\AVG
2014-03-01 23:28:57 -------- d-----w- C:\0bc4e36ea3b6c293d394eca8
2014-03-01 23:23:51 7947048 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f1f3ccfa-39a4-46bc-80df-0d03854fcfd5}\mpengine.dll
2014-02-28 13:15:04 -------- d-----w- c:\users\z\appdata\local\Bron.tok-18-28
2014-02-27 10:20:10 -------- d-----w- c:\users\z\appdata\local\Bron.tok-18-27
2014-02-26 11:44:36 -------- d-----w- c:\users\z\appdata\local\Bron.tok-18-26
2014-02-25 14:52:51 -------- d-----w- C:\e9f041d51337775efdfd
2014-02-25 14:51:32 454656 ----a-w- c:\windows\system32\vbscript.dll
2014-02-25 14:31:45 -------- d-----w- c:\users\z\appdata\local\Bron.tok-18-25
2014-02-22 23:00:01 -------- d-----w- c:\users\z\appdata\local\Bron.tok-18-23
2014-02-22 22:39:56 -------- d-----w- c:\users\z\appdata\local\Bron.tok-18-22
2014-02-21 13:42:55 -------- d-----w- c:\users\z\appdata\local\Bron.tok-18-21
2014-02-20 08:48:56 -------- d-----w- c:\users\z\appdata\local\Bron.tok-18-20
2014-02-18 23:00:01 -------- d-----w- c:\users\z\appdata\local\Bron.tok-18-19
2014-02-17 23:00:01 -------- d-----w- c:\users\z\appdata\local\Bron.tok-18-18
2014-02-17 21:04:08 -------- d-----w- c:\users\z\appdata\local\Bron.tok-18-17
2014-02-14 06:42:50 -------- d-----w- c:\users\z\appdata\local\Bron.tok-18-14
2014-02-13 22:04:38 3419136 ----a-w- c:\windows\system32\d2d1.dll
2014-02-13 22:04:38 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2014-02-13 22:04:22 594944 ----a-w- c:\windows\system32\RMActivate_isv.exe
2014-02-13 22:04:21 572416 ----a-w- c:\windows\system32\RMActivate.exe
2014-02-13 22:04:21 508928 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2014-02-13 22:04:20 87040 ----a-w- c:\windows\system32\secproc_ssp.dll
2014-02-13 22:04:20 510976 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2014-02-13 22:04:20 428032 ----a-w- c:\windows\system32\secproc.dll
2014-02-13 22:04:20 423936 ----a-w- c:\windows\system32\secproc_isv.dll
2014-02-13 22:04:20 390144 ----a-w- c:\windows\system32\msdrm.dll
2014-02-13 22:04:19 87040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2014-02-12 23:00:01 -------- d-----w- c:\users\z\appdata\local\Bron.tok-18-13
2014-02-12 11:45:10 -------- d-----w- c:\users\z\appdata\local\Bron.tok-18-12
2014-02-11 12:16:57 -------- d-----w- c:\users\z\appdata\local\Bron.tok-18-11
2014-02-10 07:09:19 -------- d-----w- c:\users\z\appdata\local\Bron.tok-18-10
2014-02-09 14:23:19 -------- d-----w- c:\users\z\appdata\local\ElevatedDiagnostics
2014-02-08 23:09:38 -------- d-----w- c:\users\z\appdata\local\Bron.tok-18-9
2014-02-08 14:00:37 -------- d-----w- c:\users\z\appdata\local\Bron.tok-18-8
2014-02-06 23:00:01 -------- d-----w- c:\users\z\appdata\local\Bron.tok-18-7
2014-02-06 10:17:10 -------- d-----w- c:\users\z\appdata\local\Bron.tok-18-6
2014-02-05 09:07:09 -------- d-----w- c:\users\z\appdata\local\Bron.tok-18-5
2014-02-04 12:13:25 -------- d-----w- c:\users\z\appdata\local\Bron.tok-18-4
2014-02-03 07:59:23 -------- d-----w- c:\users\z\appdata\local\Bron.tok-18-3
2014-02-01 23:00:01 -------- d-----w- c:\users\z\appdata\local\Bron.tok-18-2
2014-02-01 11:41:32 -------- d-----w- c:\users\z\appdata\local\Bron.tok-18-1
.
==================== Find3M  ====================
.
2014-01-30 22:12:06 10 --sh--r- c:\windows\system32\sistem.sys
2014-01-21 16:28:54 18776 ----a-w- c:\windows\system32\roboot.exe
2014-01-01 17:39:09 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-01-01 17:39:08 194048 ----a-w- c:\windows\system32\elshyph.dll
2014-01-01 17:39:03 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-01-01 17:39:03 645120 ----a-w- c:\windows\system32\jsIntl.dll
2014-01-01 17:39:03 182272 ----a-w- c:\windows\system32\msls31.dll
2014-01-01 17:39:01 62464 ----a-w- c:\windows\system32\tdc.ocx
2014-01-01 17:39:01 34816 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-01-01 17:39:00 337408 ----a-w- c:\windows\system32\html.iec
2014-01-01 17:38:57 1051136 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-01-01 17:38:55 24576 ----a-w- c:\windows\system32\licmgr10.dll
2014-01-01 17:38:54 151552 ----a-w- c:\windows\system32\iexpress.exe
2014-01-01 17:38:54 139264 ----a-w- c:\windows\system32\wextract.exe
2014-01-01 17:38:52 13312 ----a-w- c:\windows\system32\mshta.exe
2014-01-01 17:38:50 74240 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2014-01-01 17:38:50 61952 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-01-01 17:38:50 36352 ----a-w- c:\windows\system32\imgutil.dll
2014-01-01 17:38:50 111616 ----a-w- c:\windows\system32\IEAdvpack.dll
2014-01-01 17:38:49 86016 ----a-w- c:\windows\system32\iesysprep.dll
2014-01-01 17:38:49 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-12-18 05:13:56 231584 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 18:01:40,71 ===============
 Attach: 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Starter 
Boot Device: \Device\HarddiskVolume1
Install Date: 29/01/2012 07:45:20
System Uptime: 02/03/2014 17:42:33 (1 hours ago)
.
Motherboard: Hewlett-Packard |  | 338D
Processor: Intel® Atom CPU N2600   @ 1.60GHz | CPU | 1600/400mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 281 GiB total, 214,121 GiB free.
D: is FIXED (NTFS) - 17 GiB total, 1,801 GiB free.
E: is FIXED (FAT32) - 0 GiB total, 0,085 GiB free.
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP203: 25/01/2014 09:59:48 - Windows Update
RP204: 28/01/2014 11:46:40 - Windows Update
RP205: 31/01/2014 23:14:33 - Windows Update
RP206: 06/02/2014 21:39:03 - Windows Update
RP207: 13/02/2014 23:01:09 - Windows Update
RP208: 17/02/2014 22:20:07 - Windows Update
RP209: 25/02/2014 15:33:47 - Windows Update
RP210: 26/02/2014 22:36:23 - Windows Update
RP211: 02/03/2014 00:22:38 - Windows Update
RP212: 02/03/2014 00:28:22 - Windows Update
RP213: 02/03/2014 03:53:43 - Windows Update
RP214: 02/03/2014 17:14:43 - Windows Update
.
==== Installed Programs ======================
.
7-Zip 9.20
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.4) MUI
Adobe Shockwave Player 11.6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Athan Basic 4.1
Atheros Bluetooth Suite
Atheros Driver Installation Program
Chuzzle Deluxe
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Coffret de pilotes Logitech QuickCam
CyberLink YouCam
D3DX10
Dora's World Adventure
ESU for Microsoft Windows 7 SP1
Farm Frenzy
Galerie de photos Windows Live
Google Chrome
Hewlett-Packard ACLM.NET v1.2.1.1
Hoyle Card Games
HP Auto
HP Client Services
HP Customer Experience Enhancements
HP Documentation
HP Games
HP Launch Box
HP On Screen Display
HP Power Manager
HP Quick Launch
HP Recovery Manager
HP Security Assistant
HP Setup
HP Setup Manager
HP Software Framework
HP Support Assistant
Insaniquarium Deluxe
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Rapid Storage Technology
iTunes
Junk Mail filter update
Letters from Nowhere 2
Logitech Webcam Software
Luxor HD
Mah Jong Medley
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft PowerPoint Viewer
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSVCRT
opensource
PDF Creator
PDF Writer Packages
Realtek Ethernet Controller Driver
Realtek USB 2.0 Card Reader
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
Skip-Bo - Castaway Caper
Skype™ 6.3
swMSM
Synaptics TouchPad Driver
Update Installer for WildTangent Games App
VLC media player 2.0.4
WildTangent Games App (HP Games)
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
02/03/2014 17:58:11, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR2.
02/03/2014 17:43:55, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  cdrom
02/03/2014 17:38:15, Error: Service Control Manager [7023]  - The Windows Time service terminated with the following error:  A system shutdown is in progress.
02/03/2014 15:24:56, Error: BTHUSB [17]  - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
02/03/2014 15:19:30, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
02/03/2014 14:36:34, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR1.
02/03/2014 14:35:12, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
02/03/2014 14:35:12, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
02/03/2014 14:35:10, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
02/03/2014 14:35:04, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
02/03/2014 14:34:54, Error: Microsoft-Windows-WLAN-AutoConfig [10000]  - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athihvs.dll Error Code: 21
02/03/2014 14:34:37, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  cdrom discache spldr Wanarpv6
02/03/2014 14:34:36, Error: Service Control Manager [7001]  - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error:  The dependency service or group failed to start.
.
==== End Of File ===========================
 i wait your answer
Link to post
Share on other sites
Maniac

Maniac

Posted
Posted
  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.
Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.