Jump to content


Photo
- - - - -

My laptop is an expensive doorstop


  • This topic is locked This topic is locked
20 replies to this topic

#1 mtnester

mtnester

    Regular Member

  • Honorary Members
  • PipPip
  • 52 posts

Posted 18 February 2012 - 05:15 PM

It started a few days ago with my laptop, which is what I use 90% of the time. When I did a Google search and clicked on a link I always got a 404 Not Found page. I happened to look at the address bar and it had some domain listed like puffbum or bumpuff or something weird. I immediately started a scan (Avast 6) which found nothing. I tried restoring to an earlier date but nothing happened. I restarted the laptop and that's when I discovered it had turned into a doorstop. F2 (BIOS) worked. The hidden recovery partition could not be accessed and all I got was the Windows Recovery Options, none of which solved anything, and I tried them all.

When I tried System Repair it did find (and repair) a couple of things. I cannot remember what the first one said, but the second referred to something in MBR. I also attempted the System Restore option with the result that it "successfully" restored to an earlier point in time (a few days before the "event"); however, Windows still booted only to the Windows Recovery Options window.

I tried booting from a Linux emergency disk made by the EaseUS backup program, and while the laptop booted correctly to the EaseUS program, it did not recognize either of the two cloned drives on one USB drive, nor did it recognize the backups on a different USB drive, although they were listed in the selection box in both cases.

The laptop is under warranty and Asus suggests returning it for a replacement hard drive. I haven't received an RMA yet and am more than willing to try anything suggested here.

I can't even give you all the specs for the laptop since I didn't record them anywhere other than that it is an Asus UL80VT with 4 GB memory and an NVidia discrete graphics chip as well as the onboard graphics. I can't even remember if it is Intel or AMD, but it is quad core if that helps.

Thanks!
Windows 7 Home Premium 64-bit
Gateway DX4831
8GB RAM
Intel Core i5 CPU
BIOS American Megatrends P01-A0, 11/17/2009
SMBIOS Version 2.6

#2 Elise

Elise

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 8,721 posts
  • Gender:Female
  • Location:Romania

Posted 19 February 2012 - 05:45 AM

Hello again, :)

Try this please. You will need a USB drive.

Download GETxPUD.exe to the desktop of your clean computer
  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Press Tool at the top
  • Choose Open Terminal
  • Type the following and press enter:

    dd if=/dev/sda of=mbr.bin bs=512 count=1

  • Press Enter
  • After it has finished a file will be located on your USB drive named mbr.bin
  • Remove the USB drive and insert it back in your working computer and navigate to mbr.bin, zip it up and attach it to your next reply.

This will allow me to have a look at the MasterBootRecord of your drive and see if it is infected.
regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Posted Image


#3 mtnester

mtnester

    Regular Member

  • Honorary Members
  • PipPip
  • 52 posts

Posted 20 February 2012 - 01:01 AM

I am sure this does not bode well. The unzipped file is only 1 kb.

It is attached.

Attached Files

  • Attached File  mbr.zip   643bytes   17 downloads

Windows 7 Home Premium 64-bit
Gateway DX4831
8GB RAM
Intel Core i5 CPU
BIOS American Megatrends P01-A0, 11/17/2009
SMBIOS Version 2.6

#4 Elise

Elise

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 8,721 posts
  • Gender:Female
  • Location:Romania

Posted 20 February 2012 - 04:25 AM

No worries, that is a very small file, it also shows that the MBR is infected. Rewriting it should get the laptop booting again. :)

Please right click the following link and select "save link/target as": http://noahdfear.net...eta/xPUD_MBRfix
Save the file as xPUD_mbrfix to your flashdrive.

Boot in xPUD and navigate to the flashdrive, double click on xPUD_mbrfix to run it.
When asked "What boot code do you want to write?" type: 7 (assuming that your computer has windows 7 installed, if it is vista type i) and press enter.
Type sda and press enter.
Type Y and press enter.

This will create a file called mlog.txt on your flashdrive. Post its contents in your next reply and let me know if you can boot normally in Windows now.
regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Posted Image


#5 mtnester

mtnester

    Regular Member

  • Honorary Members
  • PipPip
  • 52 posts

Posted 21 February 2012 - 12:57 AM

Wow. Are you a miracle worker, or "just" a genius??! I couldn't believe it when I saw Windows come up with my user name. There were a couple of little glitches with having a black screen a couple of times after clicking my user name, but with using the power button after each time it finally booted to my desktop.

Here is the mlog.txt you asked for:

Mon Feb 20 21:48:47 UTC 2012
User has chosen Windows 7 boot code
User has chosen drive sda
Backing up mbr to backup_sda.bin
Boot code structure before fix
/dev/sda has an x86 boot sector,
it is an unknown boot record
Boot code structure after repairing
/dev/sda has an x86 boot sector,
it is a Microsoft 7 master boot record, like the one this
program creates with the switch -7 on a hard disk device.


After getting my desktop back up I updated Avast and did a full scan. It detected 4 threats which I tried to move to quarantine. Most were successful, but one was not. The error message was that there was not enough room (??? drive has 44 GB free); anyway, I decided to just delete that file since it ended in .tmp and I figured it was a temp file anyway. Avast also suggested, and I performed, a reboot so that it could scan something else (boot? PUP? don't remember). That was taking a long time so I left it and did something else and when I returned my desktop was back up so I don't know what the result of that scan might have been. I think I may recognize the name of the file it was supposed to go to, though.

Do you need any info from those scans? It is a mystery how I got the bad stuff when I try to keep things up to date, but maybe I picked something up from a hijacked website. I do have WOT enabled as an add-on.

Anything I should do next, O Wise One?
Windows 7 Home Premium 64-bit
Gateway DX4831
8GB RAM
Intel Core i5 CPU
BIOS American Megatrends P01-A0, 11/17/2009
SMBIOS Version 2.6

#6 Elise

Elise

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 8,721 posts
  • Gender:Female
  • Location:Romania

Posted 21 February 2012 - 03:38 AM

I'm glad to hear that worked! Shouldn't take a lot of genius though for anyone working with (or rather against) the latest malware. :) Just too bad that a hardware manufacturer rather blames it on the drive...

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Posted Image


#7 mtnester

mtnester

    Regular Member

  • Honorary Members
  • PipPip
  • 52 posts

Posted 23 February 2012 - 07:35 PM

The info in DDS.txt:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Mimi at 19:17:30 on 2012-02-23
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4061.2607 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe
C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\EASEUS\Todo Backup\bin\EuWatch.exe
C:\Program Files (x86)\EASEUS\Todo Backup\bin\TrayNotify.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\explorer.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\calc.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://login.secure...il.tomarkit.com
uDefault_Page_URL = hxxp://asus.msn.com
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun: [Setwallpaper] c:\programdata\SetWallpaper.cmd
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [EaseUs Watch] "C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe"
mRun: [EaseUs Tray] "C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{8C34E6FC-3BDC-4C92-817E-E328ABE2E74B} : DhcpNameServer = 192.168.1.254
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO-X64: Search Helper - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun-x64: [Setwallpaper] c:\programdata\SetWallpaper.cmd
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [EaseUs Watch] "C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe"
mRun-x64: [EaseUs Tray] "C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 EUBAKUP;EUBAKUP;C:\Windows\system32\drivers\eubakup.sys --> C:\Windows\system32\drivers\eubakup.sys [?]
R0 EUBKMON;EUBKMON;C:\Windows\system32\drivers\EUBKMON.sys --> C:\Windows\system32\drivers\EUBKMON.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 EUDSKACS;EUDSKACS;\??\C:\Windows\system32\drivers\eudskacs.sys --> C:\Windows\system32\drivers\eudskacs.sys [?]
R1 EUFDDISK;EUFDDISK;\??\C:\Windows\system32\drivers\EuFdDisk.sys --> C:\Windows\system32\drivers\EuFdDisk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]
R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2010-2-18 14904]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-1-30 44768]
R2 EaseUS Agent;EaseUS Agent;C:\Program Files (x86)\EASEUS\Todo Backup\bin\Agent.exe [2012-2-8 60552]
R2 Guard Agent;Guard Agent;C:\Program Files (x86)\EASEUS\Todo Backup\bin\GuardAgent.exe [2012-2-8 23176]
R2 OberonGameConsoleService;Oberon Media Game Console service;C:\Program Files (x86)\ASUS\Game Park\GameConsole\OberonGameConsoleService.exe [2010-2-18 44312]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2012-2-8 14216]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2012-2-8 8456]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2008-12-8 533344]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-02-21 06:24:48 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{656CFD5E-5460-423F-8CAA-EAF225E343B3}\mpengine.dll
2012-02-10 16:44:03 -------- d-----w- C:\Users\Mimi\AppData\Roaming\Asus WebStorage
2012-02-10 03:24:38 -------- d-----w- C:\ProgramData\Tarma Installer
2012-02-09 07:11:00 -------- d-----w- C:\Program Files (x86)\IrfanView
2012-02-09 05:49:56 -------- d-----w- C:\Users\Mimi\AppData\Roaming\IrfanView
2012-02-08 23:24:48 44680 ----a-w- C:\Windows\System32\drivers\eubakup.sys
2012-02-08 23:24:48 19592 ----a-w- C:\Windows\System32\drivers\eudskacs.sys
2012-02-08 23:24:48 189576 ----a-w- C:\Windows\System32\drivers\EuFdDisk.sys
2012-02-08 23:24:47 50312 ----a-w- C:\Windows\System32\drivers\EUBKMON.sys
2012-02-08 23:22:54 25224 ----a-w- C:\Windows\System32\fbnative.exe
2012-02-08 23:15:30 3321728 ----a-w- C:\Windows\System32\BootMan.exe
2012-02-08 23:15:30 19840 ----a-w- C:\Windows\SysWow64\EuEpmGdi.dll
2012-02-08 23:15:30 16256 ----a-w- C:\Windows\System32\EuEpmGdi.dll
2012-02-08 23:15:29 9096 ----a-w- C:\Windows\System32\EuGdiDrv.sys
2012-02-08 23:15:29 86408 ----a-w- C:\Windows\SysWow64\setupempdrv03.exe
2012-02-08 23:15:29 8456 ----a-w- C:\Windows\SysWow64\EuGdiDrv.sys
2012-02-08 23:15:29 2469760 ----a-w- C:\Windows\SysWow64\BootMan.exe
2012-02-08 23:15:29 16776 ----a-w- C:\Windows\System32\epmntdrv.sys
2012-02-08 23:15:29 14216 ----a-w- C:\Windows\SysWow64\epmntdrv.sys
2012-02-08 23:15:29 100232 ----a-w- C:\Windows\System32\setupempdrvx64.exe
2012-02-08 23:15:25 -------- d-----w- C:\Program Files (x86)\EASEUS
2012-02-07 19:30:28 -------- d-----w- C:\Program Files (x86)\PDFlite
2012-02-07 19:29:39 -------- d-----w- C:\Program Files (x86)\Yahoo!
2012-02-04 05:15:18 -------- d-----w- C:\Users\Mimi\AppData\Roaming\OpenOffice.org
2012-02-04 04:18:41 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3
2012-02-04 04:17:30 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-02-02 05:59:35 -------- d-----w- C:\Windows\SysWow64\Wat
2012-02-02 05:59:35 -------- d-----w- C:\Windows\System32\Wat
2012-02-02 03:05:48 14336 ----a-w- C:\Windows\System32\drivers\sffp_sd.sys
2012-02-02 02:58:04 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2012-02-02 02:58:04 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2012-02-02 02:58:04 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2012-02-02 02:58:04 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2012-02-02 02:58:04 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2012-02-02 02:58:04 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2012-02-02 02:58:03 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2012-02-02 02:58:03 444752 ----a-w- C:\Windows\System32\mscoree.dll
2012-02-02 02:58:03 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2012-02-02 02:58:02 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2012-02-02 02:18:45 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-02-02 01:25:34 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2012-02-02 01:25:33 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2012-02-02 00:51:19 102400 ----a-w- C:\Windows\System32\drivers\dfsc.sys
2012-02-02 00:51:14 6144 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2012-02-02 00:51:14 6144 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2012-02-02 00:51:05 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2012-02-02 00:49:59 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2012-02-02 00:48:59 94208 ----a-w- C:\Program Files (x86)\Common Files\System\Ole DB\msdaosp.dll
2012-02-02 00:46:54 720896 ----a-w- C:\Windows\System32\odbc32.dll
2012-02-02 00:46:53 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2012-02-02 00:46:53 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll
2012-02-02 00:46:53 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
2012-02-02 00:46:53 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
2012-02-02 00:46:53 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2012-02-02 00:46:53 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
2012-02-02 00:46:53 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
2012-02-02 00:46:53 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
2012-02-02 00:46:53 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2012-02-02 00:36:22 5507968 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-02-02 00:36:21 3957120 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-02-02 00:36:20 3902336 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-02-01 23:43:18 1739160 ----a-w- C:\Windows\System32\ntdll.dll
2012-02-01 23:43:18 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-02-01 23:43:17 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2012-02-01 23:43:16 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2012-02-01 23:40:21 77312 ----a-w- C:\Windows\System32\packager.dll
2012-02-01 23:40:21 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-02-01 23:34:56 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-02-01 23:34:56 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-02-01 23:33:56 139264 ----a-w- C:\Windows\System32\cabview.dll
2012-02-01 23:33:56 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
2012-02-01 02:01:50 -------- d-----w- C:\Users\Mimi\AppData\Local\Microsoft Games
2012-01-31 16:27:30 -------- d-----w- C:\Users\Mimi\AppData\Local\Diagnostics
2012-01-31 05:00:26 -------- d-----w- C:\Users\Mimi\AppData\Local\Seven Zip
2012-01-31 04:46:45 -------- d-----w- C:\Program Files (x86)\Foxit Software
2012-01-31 04:09:23 66904 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-01-31 04:09:23 591192 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-01-31 04:09:01 41184 ----a-w- C:\Windows\avastSS.scr
2012-01-31 04:08:52 -------- d-----w- C:\ProgramData\AVAST Software
2012-01-31 04:08:52 -------- d-----w- C:\Program Files\AVAST Software
2012-01-31 03:58:18 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-31 03:49:58 -------- d-----w- C:\Users\Mimi\AppData\Local\SRS Labs
2012-01-31 03:48:52 -------- d-----w- C:\Users\Mimi\AppData\Local\Power2Go
2012-01-31 03:48:48 -------- d-----w- C:\Users\Mimi\AppData\Local\VirtualStore
2012-01-31 03:45:56 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
2012-01-31 03:45:56 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
2012-01-31 03:45:13 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-01-31 03:44:34 -------- d-----w- C:\Program Files (x86)\Microsoft
2012-01-31 03:44:14 -------- d-----w- C:\Program Files (x86)\Windows Live SkyDrive
2012-01-31 03:43:28 4865408 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\7e7f4c881ccdfca\Silverlight.2.0.exe
2012-01-31 03:43:11 74520 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\747941201ccdfca\DSETUP.dll
2012-01-31 03:43:11 484632 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\747941201ccdfca\DXSETUP.exe
2012-01-31 03:43:11 1670936 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\747941201ccdfca\dsetup32.dll
2012-01-31 03:42:31 140779848 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\wlcE484.tmp
2012-01-31 03:42:23 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
.
==================== Find3M ====================
.
2012-01-14 04:02:25 3143168 ----a-w- C:\Windows\System32\win32k.sys
2011-12-28 03:59:11 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-12-16 08:45:22 1197568 ----a-w- C:\Windows\System32\wininet.dll
2011-12-16 08:42:13 634368 ----a-w- C:\Windows\System32\msvcrt.dll
2011-12-16 08:41:26 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-12-16 08:02:26 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-12-16 07:59:17 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2011-12-16 07:58:33 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-12-16 07:26:35 482816 ----a-w- C:\Windows\System32\html.iec
2011-12-16 06:49:33 386048 ----a-w- C:\Windows\SysWow64\html.iec
2011-12-16 06:43:48 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-12-16 06:15:25 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 19:22:21.36 ===============

Will get back to you as soon as possible for further information or instructions. Thanks!

Attached Files


Windows 7 Home Premium 64-bit
Gateway DX4831
8GB RAM
Intel Core i5 CPU
BIOS American Megatrends P01-A0, 11/17/2009
SMBIOS Version 2.6

#8 Elise

Elise

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 8,721 posts
  • Gender:Female
  • Location:Romania

Posted 24 February 2012 - 05:29 AM

Hi again, lets see what else may be hiding itself there. :)

COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.
regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Posted Image


#9 mtnester

mtnester

    Regular Member

  • Honorary Members
  • PipPip
  • 52 posts

Posted 24 February 2012 - 03:50 PM

Okay, here is the Combofix log.

ComboFix 12-02-23.01 - Mimi 02/24/2012 15:27:45.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4061.2624 [GMT -5:00]
Running from: c:\users\Mimi\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.dat
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
D:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-01-24 to 2012-02-24 )))))))))))))))))))))))))))))))
.
.
2012-02-24 20:36 . 2012-02-24 20:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-24 00:31 . 2012-02-24 00:31 -------- d-----w- c:\program files (x86)\7-Zip
2012-02-21 06:24 . 2012-01-17 09:39 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{656CFD5E-5460-423F-8CAA-EAF225E343B3}\mpengine.dll
2012-02-21 03:25 . 2012-02-21 03:25 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-02-21 03:24 . 2012-02-21 03:24 -------- d-----w- c:\program files (x86)\Java
2012-02-09 07:11 . 2012-02-09 07:11 -------- d-----w- c:\program files (x86)\IrfanView
2012-02-08 23:24 . 2011-10-22 03:46 189576 ----a-w- c:\windows\system32\drivers\EuFdDisk.sys
2012-02-08 23:24 . 2011-10-22 03:46 19592 ----a-w- c:\windows\system32\drivers\eudskacs.sys
2012-02-08 23:24 . 2011-10-22 03:46 44680 ----a-w- c:\windows\system32\drivers\eubakup.sys
2012-02-08 23:24 . 2011-10-22 03:46 50312 ----a-w- c:\windows\system32\drivers\EUBKMON.sys
2012-02-08 23:22 . 2011-10-22 03:47 25224 ----a-w- c:\windows\system32\fbnative.exe
2012-02-08 23:15 . 2011-09-07 22:06 3321728 ----a-w- c:\windows\system32\BootMan.exe
2012-02-08 23:15 . 2011-07-29 18:54 19840 ----a-w- c:\windows\SysWow64\EuEpmGdi.dll
2012-02-08 23:15 . 2011-07-29 18:54 16256 ----a-w- c:\windows\system32\EuEpmGdi.dll
2012-02-08 23:15 . 2011-09-09 23:23 2469760 ----a-w- c:\windows\SysWow64\BootMan.exe
2012-02-08 23:15 . 2011-07-29 18:54 9096 ----a-w- c:\windows\system32\EuGdiDrv.sys
2012-02-08 23:15 . 2011-07-29 18:54 86408 ----a-w- c:\windows\SysWow64\setupempdrv03.exe
2012-02-08 23:15 . 2011-07-29 18:54 8456 ----a-w- c:\windows\SysWow64\EuGdiDrv.sys
2012-02-08 23:15 . 2011-07-29 18:54 16776 ----a-w- c:\windows\system32\epmntdrv.sys
2012-02-08 23:15 . 2011-07-29 18:54 14216 ----a-w- c:\windows\SysWow64\epmntdrv.sys
2012-02-08 23:15 . 2011-07-29 18:54 100232 ----a-w- c:\windows\system32\setupempdrvx64.exe
2012-02-08 23:15 . 2012-02-08 23:22 -------- d-----w- c:\program files (x86)\EASEUS
2012-02-07 19:30 . 2012-02-07 20:33 -------- d-----w- c:\program files (x86)\PDFlite
2012-02-07 19:29 . 2012-02-07 19:31 -------- d-----w- c:\programdata\Yahoo!
2012-02-07 19:29 . 2012-02-07 19:31 -------- d-----w- c:\program files (x86)\Yahoo!
2012-02-04 04:18 . 2012-02-11 22:27 -------- d-----w- c:\program files (x86)\OpenOffice.org 3
2012-02-04 04:17 . 2012-02-21 03:24 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-02 05:59 . 2012-02-02 05:59 -------- d-----w- c:\windows\SysWow64\Wat
2012-02-02 05:59 . 2012-02-02 05:59 -------- d-----w- c:\windows\system32\Wat
2012-02-02 03:05 . 2009-10-10 03:17 14336 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2012-02-02 02:58 . 2009-11-25 17:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2012-02-02 02:58 . 2009-11-25 17:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2012-02-02 02:58 . 2009-11-25 17:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2012-02-02 02:58 . 2009-11-25 17:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2012-02-02 02:58 . 2009-11-25 17:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2012-02-02 02:58 . 2009-11-25 17:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-02-02 02:58 . 2009-11-25 17:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
2012-02-02 02:58 . 2009-11-25 17:47 444752 ----a-w- c:\windows\system32\mscoree.dll
2012-02-02 02:58 . 2009-11-25 17:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2012-02-02 02:58 . 2009-11-25 17:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
2012-02-02 01:25 . 2010-03-04 04:40 184832 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2012-02-02 01:25 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys
2012-02-02 00:51 . 2011-04-27 02:57 102400 ----a-w- c:\windows\system32\drivers\dfsc.sys
2012-02-02 00:51 . 2011-08-15 05:08 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2012-02-02 00:51 . 2011-08-15 04:25 6144 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
2012-02-02 00:51 . 2011-10-26 05:19 43520 ----a-w- c:\windows\system32\csrsrv.dll
2012-02-02 00:49 . 2010-11-02 05:18 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2012-02-02 00:48 . 2011-06-15 09:04 86016 ----a-w- c:\windows\SysWow64\odbccu32.dll
2012-02-02 00:46 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll
2012-02-02 00:46 . 2010-10-16 05:16 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2012-02-02 00:46 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2012-02-02 00:46 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-02-02 00:46 . 2010-10-16 05:16 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2012-02-02 00:46 . 2010-10-16 04:34 573440 ----a-w- c:\windows\SysWow64\odbc32.dll
2012-02-02 00:46 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2012-02-02 00:46 . 2010-10-16 04:33 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2012-02-02 00:46 . 2010-10-16 04:33 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-02-02 00:46 . 2010-10-16 04:33 208896 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2012-02-02 00:36 . 2011-06-23 05:29 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-02-02 00:36 . 2011-06-23 04:38 3957120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-02-02 00:36 . 2011-06-23 04:38 3902336 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-02-01 23:43 . 2011-11-17 07:14 1739160 ----a-w- c:\windows\system32\ntdll.dll
2012-02-01 23:43 . 2011-11-17 05:41 1292592 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-02-01 23:43 . 2010-08-27 06:14 236032 ----a-w- c:\windows\system32\srvsvc.dll
2012-02-01 23:43 . 2010-08-27 05:46 9728 ----a-w- c:\windows\SysWow64\sscore.dll
2012-02-01 23:40 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll
2012-02-01 23:40 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-02-01 23:34 . 2009-12-29 08:03 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-02-01 23:34 . 2009-12-29 06:55 172032 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-02-01 23:33 . 2010-01-09 07:19 139264 ----a-w- c:\windows\system32\cabview.dll
2012-02-01 23:33 . 2010-01-09 06:52 132608 ----a-w- c:\windows\SysWow64\cabview.dll
2012-01-31 04:46 . 2012-01-31 04:46 -------- d-----w- c:\program files (x86)\Foxit Software
2012-01-31 04:09 . 2011-11-28 17:51 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-01-31 04:09 . 2011-11-28 17:53 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-01-31 04:09 . 2011-11-28 18:01 256960 ----a-w- c:\windows\system32\aswBoot.exe
2012-01-31 04:09 . 2011-11-28 17:54 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-01-31 04:09 . 2011-11-28 17:52 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-01-31 04:09 . 2011-11-28 17:52 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-01-31 04:09 . 2011-11-28 17:52 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-01-31 04:09 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2012-01-31 04:09 . 2011-11-28 18:01 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-01-31 04:08 . 2012-02-11 22:27 -------- d-----w- c:\programdata\AVAST Software
2012-01-31 04:08 . 2012-02-11 22:27 -------- d-----w- c:\program files\AVAST Software
2012-01-31 03:58 . 2012-01-29 10:10 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-31 03:46 . 2012-01-31 03:46 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2012-01-31 03:45 . 2006-11-29 18:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2012-01-31 03:45 . 2006-11-29 18:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2012-01-31 03:45 . 2012-01-31 03:45 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2012-01-31 03:44 . 2012-01-31 05:03 -------- d-----w- c:\program files (x86)\Microsoft
2012-01-31 03:44 . 2012-01-31 03:44 -------- d-----w- c:\program files (x86)\Windows Live SkyDrive
2012-01-31 03:43 . 2012-01-31 03:47 -------- d-----w- c:\program files (x86)\Windows Live
2012-01-31 03:42 . 2012-01-31 03:42 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2012-01-31 03:41 . 2012-01-31 03:49 -------- d-----w- C:\ASUS.DAT
2012-01-31 03:41 . 2012-02-21 03:06 -------- d-----w- c:\users\Mimi
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-08-17 6859392]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-08-20 170624]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"EaseUs Watch"="c:\program files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe" [2011-10-22 70792]
"EaseUs Tray"="c:\program files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe" [2011-10-22 743560]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe [2010-2-18 12862]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-2-18 156880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
IME File REG_SZ IMSC12.IME
.
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [x]
S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [x]
S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 EaseUS Agent;EaseUS Agent;c:\program files (x86)\EaseUS\Todo Backup\bin\Agent.exe [2011-10-22 60552]
S2 Guard Agent;Guard Agent;c:\program files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [2011-10-22 23176]
S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files (x86)\Asus\Game Park\GameConsole\OberonGameConsoleService.exe [2009-09-15 44312]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EeeStorageBackup"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2009-11-26 1732608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-05 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-05 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-05 365592]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-28 16336488]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-07-30 617856]
"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = https://login.secure...il.tomarkit.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.5.1 64.134.255.2 64.134.255.10
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
Toolbar-Locked - (no file)
AddRemove-ASUS_UL_Series_Screensaver - c:\windows\system32\ASUS_UL_Series_Screensaver.scr
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Hotkey\Atouch64.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
.
**************************************************************************
.
Completion time: 2012-02-24 15:44:24 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-24 20:44
.
Pre-Run: 48,515,694,592 bytes free
Post-Run: 47,882,342,400 bytes free
.
- - End Of File - - 9CFA2129CF93D04DD42929FCC5556574

I'm going to try to go to the desktop thread if my battery will last long enough. I forgot to charge it after last night.
Windows 7 Home Premium 64-bit
Gateway DX4831
8GB RAM
Intel Core i5 CPU
BIOS American Megatrends P01-A0, 11/17/2009
SMBIOS Version 2.6

#10 Elise

Elise

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 8,721 posts
  • Gender:Female
  • Location:Romania

Posted 24 February 2012 - 04:14 PM

That looks excellent! Do you have any problem left?

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
  • Download the latest version of Java Runtime Environment (JRE) Version 7u3.
  • Look for "JDK 7u3 (JDK or JRE).
  • Click the "Download JRE" button at the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Select "Windows x86 Offline" and click on jre-7-windows-i586.exe
  • Save it to your desktop
  • Close any programs you may have running - especially your web browser.
  • Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).
  • Reboot your computer once all Java components are removed.
  • Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.


MALWAREBYTES ANTIMALWARE
-------------------------------------------
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Posted Image


#11 mtnester

mtnester

    Regular Member

  • Honorary Members
  • PipPip
  • 52 posts

Posted 26 February 2012 - 07:06 PM

[quote name='elise025' timestamp='1330118045' post='530240']
Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name). [/quote]

Sorry for the newbie questions, but how do you "uninstall" older versions of Java if nothing appears in Programs in the Control Panel? Should I just delete the progra folder? And what happens if I install a program that includes an older version of Java? Will that create any problems with the Java I'm going to install now? Thanks. I'll take care of this part before going on to the next part of your post.
Windows 7 Home Premium 64-bit
Gateway DX4831
8GB RAM
Intel Core i5 CPU
BIOS American Megatrends P01-A0, 11/17/2009
SMBIOS Version 2.6

#12 Elise

Elise

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 8,721 posts
  • Gender:Female
  • Location:Romania

Posted 27 February 2012 - 01:44 AM

Then just leave it alone. The Java installer will uninstall more recent older versions anyway. :)
If you install a program that can run with an older version it will automatically detect you have a newer version installed and not install the older version.

I'll wait for the MBAM log.
regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Posted Image


#13 mtnester

mtnester

    Regular Member

  • Honorary Members
  • PipPip
  • 52 posts

Posted 28 February 2012 - 12:07 AM

I am so happy to finally be online in my own house. Good news after the 3.5 hour Malwarebytes scan. Here it is.

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Database version: v2012.02.28.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Mimi :: MIMI-ASUS [administrator]
2/27/2012 8:28:53 PM
mbam-log-2012-02-27 (20-28-53).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 881692
Time elapsed: 3 hour(s), 32 minute(s), 8 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
**************************

Do you have any further suggestions or instructions for me? I am so appreciative of your time and effort in successfully saving me from having to lose my laptop for who knows how long while Asus installed an unnecessary new hard drive!
Windows 7 Home Premium 64-bit
Gateway DX4831
8GB RAM
Intel Core i5 CPU
BIOS American Megatrends P01-A0, 11/17/2009
SMBIOS Version 2.6

#14 Elise

Elise

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 8,721 posts
  • Gender:Female
  • Location:Romania

Posted 28 February 2012 - 03:27 AM

I'm glad to hear things are working fine now! :)
Lets do one last scan before calling it clean.

ESET ONLINE SCANNER
----------------------------
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Posted Image


#15 mtnester

mtnester

    Regular Member

  • Honorary Members
  • PipPip
  • 52 posts

Posted 29 February 2012 - 07:26 PM

The light at the end of the tunnel!

Here is the report you requested. It looks as though a lot of the identified threats are due to things included in downloads from cnet, which I thought was supposed to be "safe." I was also surprised to note that multiple threats were identified in \Sun\Java\Deployment\cache\6.0\. Isn't that what I just downloaded for my desktop (but didn't install due to an older version in OpenOfficeOrg). I'm wondering how there could be a threat in a Java file.

How does the list look to you?
Windows 7 Home Premium 64-bit
Gateway DX4831
8GB RAM
Intel Core i5 CPU
BIOS American Megatrends P01-A0, 11/17/2009
SMBIOS Version 2.6

#16 Elise

Elise

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 8,721 posts
  • Gender:Female
  • Location:Romania

Posted 01 March 2012 - 02:33 AM

Sorry, but I don't see the log. :) However from your description no need to either. The cache objects you mention do not belong to Java itself, but rather to sites that use Java (compare it with cookies). Not all CNET downloads are recommended; while you won't find outright malware there some apps that are considered adware/undesirable can be downloaded there. However none of them is outright malicious.

ALL CLEAN
--------------
Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :)

Please do the following to remove the remaining programs from your PC:
  • Delete the tools used during the disinfection:
  • Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.
Please read these advices, in order to prevent reinfecting your PC:
  • Install and update the following programs regularly:
    • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.
    Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.
Some more links you might find of interest:
Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Posted Image


#17 mtnester

mtnester

    Regular Member

  • Honorary Members
  • PipPip
  • 52 posts

Posted 14 March 2012 - 10:13 PM

Finally. I read through everything associated with the four steps you gave. I have already been doing everything except the outbound firewall. I will choose one of those, hopefully shortly. I still need to read the pages associated with the "more links" you listed, which I plan to do during my trip the next two weeks.

Thank you so much for your help, particularly in saving me from having to have my hard drive replaced and possibly not having my laptop back in time for this trip. That would have been a disaster indeed. As I mentioned earlier, you are a genius!
Windows 7 Home Premium 64-bit
Gateway DX4831
8GB RAM
Intel Core i5 CPU
BIOS American Megatrends P01-A0, 11/17/2009
SMBIOS Version 2.6

#18 mtnester

mtnester

    Regular Member

  • Honorary Members
  • PipPip
  • 52 posts

Posted 15 March 2012 - 12:01 AM

Okay, maybe I spoke too soon about the "all clear." When I just connected to the internet, Avast gave me a popup notice that it couldn't download the virus definitions. I also couldn't update the program version. I then tried checking the real-time shields and couldn't even get the program to switch to the applicable screen to show me whether or not the shields were working.

Do you think another "baddie" got through? I'm afraid to even connect to the internet since it seems I don't have real-time protection. I ran a scan but no threats were found. (sigh)
Windows 7 Home Premium 64-bit
Gateway DX4831
8GB RAM
Intel Core i5 CPU
BIOS American Megatrends P01-A0, 11/17/2009
SMBIOS Version 2.6

#19 Elise

Elise

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 8,721 posts
  • Gender:Female
  • Location:Romania

Posted 15 March 2012 - 01:56 AM

It is more likely that Avast got corrupted. Can you uninstall it and then reinstall and see if that works?
regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Posted Image


#20 mtnester

mtnester

    Regular Member

  • Honorary Members
  • PipPip
  • 52 posts

Posted 15 March 2012 - 07:32 PM

Whew. That did it. Thanks. Sorry I'm so paranoid, but that's the way it goes. lol
Windows 7 Home Premium 64-bit
Gateway DX4831
8GB RAM
Intel Core i5 CPU
BIOS American Megatrends P01-A0, 11/17/2009
SMBIOS Version 2.6




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users