Jump to content


Photo
- - - - -

Trojan.PornDialer Found


  • This topic is locked This topic is locked
18 replies to this topic

#1 awesomerock

awesomerock

    New Member

  • Members
  • Pip
  • 12 posts

Posted 05 May 2013 - 08:44 PM

Hi guys,

I frequently run MBAM and lately I have been coming across a Trojan.PornDialer. MBAM quarantines it and reports that it has been successfully removed. However, it has come back 3 times in the past 3 weeks.

I am not noticing any strange computer behaviour (no pop-ups, redirects, or slowness). I am not sure what to do.... just keep removing the file everytime it is discovered?

I have been to another forum to see if they could help and we ran ComboFix and a few other tools that seemed to get rid of it. But... here I am infected again.

I have not visited any suspicious sites nor do I do any torrenting.

Thanks for any help you guys can provide!

Here is the MBAM report:

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connect (Trojan.PornDialer) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)


Here are the other logs from dds as requested:


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 20/03/2013 2:07:16 AM
System Uptime: 05/05/2013 2:59:43 PM (7 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. | | SABERTOOTH X79
Processor: Intel® Core™ i7-3930K CPU @ 3.20GHz | LGA2011 | 3201/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 2794 GiB total, 1988.093 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 2794 GiB total, 2453.481 GiB free.
G: is FIXED (NTFS) - 400 GiB total, 224.257 GiB free.
H: is FIXED (NTFS) - 932 GiB total, 194.298 GiB free.
I: is FIXED (NTFS) - 10 GiB total, 8.029 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP159: 04/05/2013 10:57:36 AM - ComboFix created restore point
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop Elements 2.0
Adobe Reader XI (11.0.02)
AI Suite II
Ampeg SVX UNO
AmpliTube 2 DUO
AmpliTube 3 version 3.10.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Asmedia ASM104x USB 3.0 Host Controller Driver
Asmedia ASM106x SATA Host Controller Driver
Avid Audio Drivers (x64)
Avid Pro Tools Creative Collection 8.0.4
Avid Pro Tools LE 8.0.4cs2
Bonjour
CinemaNow
Custom Shop version 1.1.0
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Digidesign 7.x Factory Update Patch 8.0.1
Digidesign ElevenRack Driver 1.0.8 (x64)
Digidesign Factory Bundle 8.0
EWQL Orchestra
FileZilla Client 3.6.0.2
Free DigiRack Plug-Ins 8.0.3
GIMP 2.8.4
Google Chrome
Google Update Helper
IK Multimedia Authorization Manager version 1.0.9
iLok Client Helper
Intel® Management Engine Components
Intel® Network Connections 17.2.154.0
Intel® Trusted Connect Service Client
Interlok driver setup x64
iTunes
LG Burning Tool
LG CyberLink LabelPrint
LG CyberLink Media Suite
LG CyberLink MediaEspresso
LG CyberLink MediaShow
LG CyberLink PowerDVD
LG CyberLink PowerProducer
License Support
LightScribe System Software
LIMBO
Malwarebytes Anti-Malware version 1.75.0.1300
marvell 91xx driver
Microsoft .NET Framework 4.5
Microsoft Office 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
minimoog-v Original 2.5.3
Mozilla Firefox 20.0.1 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 17.0.5 (x86 en-US)
Native Instruments Absynth 5
Native Instruments Absynth Twilights
Native Instruments Controller Editor
Native Instruments Komplete Synths
Native Instruments Kore Player
Native Instruments Maschine
Native Instruments Maschine Controller
Native Instruments Maschine Controller Driver
Native Instruments Maschine Controller MK2 Driver
Native Instruments Maschine Factory Content
Native Instruments Maschine Factory Content 1.5
Native Instruments Maschine Mikro Driver
Native Instruments Maschine Mikro MK2 Driver
Native Instruments Massive
Native Instruments Reaktor 5
Native Instruments Reaktor 5 Factory Content
Native Instruments Reaktor Animated Circuits
Native Instruments Service Center
Native Instruments Transistor Punch
Notepad++
NVIDIA 3D Vision Controller Driver 314.07
NVIDIA 3D Vision Driver 314.07
NVIDIA Control Panel 314.07
NVIDIA Graphics Driver 314.07
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.1031
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.12.12
NVIDIA Update Components
oZone3D.Net FurMark v1.8.2
Play Update 3.0.46
QL Stormdrum 2
QuickTime
Realtek High Definition Audio Driver
Safari
Security Update for Microsoft .NET Framework 4.5 (KB2737083)
Security Update for Microsoft .NET Framework 4.5 (KB2742613)
Security Update for Microsoft .NET Framework 4.5 (KB2789648)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2760762) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Skype Click to Call
Skype™ 6.3
Steam
SUPERAntiSpyware
T-RackS 3 Brickwall Limiter version 3.5.1
T-RackS 3 Classic Clipper version 3.5.1
T-RackS 3 Classic Compressor version 3.5.1
T-RackS 3 Vintage Compressor 670 version 3.5.1
T-RackS 3 Vintage Program EQ 1A version 3.5.1
T-RackS CS version 4.0.0
TrueCrypt
Update for Microsoft .NET Framework 4.5 (KB2750147)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Visual C++ 64-bit Redistributables
Visual C++ Redistributables
VLC media player 2.0.6
Warframe
Waves Complete V7r16
Waves Complete V9r10
.
==== Event Viewer Messages From Past Week ========
.
30/04/2013 7:15:20 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
30/04/2013 7:15:02 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
28/04/2013 9:53:50 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR4.
28/04/2013 1:08:43 AM, Error: Service Control Manager [7023] - The Windows Time service terminated with the following error: A system shutdown is in progress.
05/05/2013 3:20:03 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
05/05/2013 3:01:32 PM, Error: Service Control Manager [7022] - The AsusFanControlService service hung on starting.
04/05/2013 10:55:16 AM, Error: Service Control Manager [7034] - The Skype C2C Service service terminated unexpectedly. It has done this 1 time(s).
02/05/2013 10:31:22 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
02/05/2013 10:31:22 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================



DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537
Run by George at 21:31:27 on 2013-05-05
Microsoft Windows 7 Professional 6.1.7601.1.1252.2.1033.18.16326.11619 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.14\AsusFanControlService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\SysWOW64\LxrSII1s.exe
C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\TrueCrypt\TrueCrypt.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [TrueCrypt] "C:\Program Files\TrueCrypt\TrueCrypt.exe" /q preferences /a logon /a favorites
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{00412563-F8CD-42E3-886E-B5B0620B4C22} : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\8ij29gyg.default\
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\PACE Anti-Piracy\iLok\NPPaceILok.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll
.
============= SERVICES / DRIVERS ===============
.
R?2 AsusFanControlService;AsusFanControlService;C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.14\AsusFanControlService.exe [2013-3-27 1457152]
R0 asahci64;asahci64;C:\Windows\System32\drivers\asahci64.sys [2012-1-6 49760]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R0 mv91cons;Marvell 91xx Config Device Driver;C:\Windows\System32\drivers\mv91cons.sys [2011-9-21 25904]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [2012-6-1 920736]
R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [2012-6-1 951936]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [2013-3-27 149120]
R2 DigiNet;Digidesign Ethernet Support;C:\Windows\System32\drivers\diginet.sys [2013-3-25 21520]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-7-27 636952]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-6-5 190824]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-3-20 166720]
R2 LxrSII1d;Secure II Driver;C:\Windows\System32\drivers\LxrSII1d.sys [2013-3-29 63064]
R2 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2013-1-17 6383920]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 130008]
R2 PaceLicenseDServices;PACE License Services;C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2012-11-19 2928128]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-4-15 3289208]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-2-9 383264]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-11-3 130536]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-11-3 395752]
R3 DGUSBAP;Service for Digidesign Mbox2 (WDM);C:\Windows\System32\drivers\dgmbx2.sys [2010-8-30 192528]
R3 gbxavs;Maschine Midi;C:\Windows\System32\drivers\gbxavs.sys [2011-7-7 357968]
R3 gbxusb_svc;Maschine Controller;C:\Windows\System32\drivers\gbxusb.sys [2011-7-7 68688]
R3 iLokDrvr;Usb Driver;C:\Windows\System32\drivers\iLokDrvr.sys [2012-11-17 24728]
R3 MBX2DFU;Digidesign Mbox 2 Firmware Updater;C:\Windows\System32\drivers\dgmbx2fu.sys [2010-8-30 31120]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2013/03/20 05:19:48;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-4-20 241648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 dalwdmservice;dal service;C:\Windows\System32\drivers\Dalwdm.sys [2013-3-24 139792]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 gbxavs_x64;gbxavs_x64;C:\Windows\System32\drivers\gbxavs_x64.sys [2009-10-8 45136]
S3 gbxusb_x64;gbxusb_x64;C:\Windows\System32\drivers\gbxusb_x64.sys [2009-10-8 300624]
S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;C:\Windows\System32\drivers\mbx2midk.sys [2013-3-24 32400]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-20 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-3-20 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-3-20 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-3-20 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2013-05-05 21:36:58 -------- d-----w- C:\Users\George\AppData\Roaming\com.bby.cinemanowca
2013-05-05 21:36:56 -------- d-----w- C:\Program Files (x86)\CinemaNow
2013-05-05 00:59:15 9317456 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{906FC919-B068-437D-A2C8-C0A58FEA2098}\mpengine.dll
2013-05-04 14:57:38 -------- d-sh--w- C:\$RECYCLE.BIN
2013-05-04 01:09:04 9317456 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-03 02:29:15 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2013-05-03 02:29:14 -------- d-----w- C:\Program Files (x86)\Steam
2013-04-30 23:27:56 32 ----a-w- C:\Users\George\AppData\Roaming\msregsvv.dll
2013-04-24 02:07:41 972264 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-04-24 02:07:41 905296 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{70B5BF01-4660-4791-9B47-EA030DEC9E78}\gapaengine.dll
2013-04-23 22:49:56 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-13 01:11:13 -------- d-----w- C:\Program Files (x86)\Cisco Systems
2013-04-12 20:17:13 -------- d-----w- C:\Users\George\.thumbnails
2013-04-12 20:14:10 -------- d-----w- C:\Users\George\AppData\Local\fontconfig
2013-04-12 20:14:09 -------- d-----w- C:\Users\George\AppData\Local\gegl-0.2
2013-04-12 20:14:09 -------- d-----w- C:\Users\George\.gimp-2.8
2013-04-12 20:12:52 -------- d-----w- C:\Program Files\GIMP 2
2013-04-12 19:50:30 306688 ----a-w- C:\Windows\IsUninst.exe
2013-04-12 14:15:46 -------- d-----w- C:\ProgramData\Cisco Systems
2013-04-10 19:26:48 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-04-10 19:26:34 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2013-04-10 19:26:30 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-04-10 19:26:28 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-04-10 19:26:27 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-04-10 19:26:26 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-04-10 19:26:26 112640 ----a-w- C:\Windows\System32\smss.exe
2013-04-10 19:26:25 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-04-09 16:41:45 -------- d-----w- C:\Users\George\AppData\Roaming\SUPERAntiSpyware.com
2013-04-09 16:41:24 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2013-04-09 16:41:24 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2013-04-07 20:34:17 -------- d-----w- C:\Users\George\AppData\Roaming\TrueCrypt
.
==================== Find3M ====================
.
2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-21 16:03:10 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-21 16:03:10 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-04-05 22:38:46 231376 ----a-w- C:\Windows\System32\drivers\truecrypt.sys
2013-04-04 18:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-03-20 09:18:39 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2013-03-20 09:18:39 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll
2013-03-20 07:35:02 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2013-03-20 07:35:02 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-03-20 07:35:02 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-03-20 07:33:38 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-03-20 07:33:38 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-03-20 07:33:38 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-03-20 07:33:38 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-03-20 07:33:38 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-03-20 07:33:38 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-03-20 07:33:38 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-03-20 07:31:31 750592 ----a-w- C:\Windows\System32\win32spl.dll
2013-03-20 07:31:31 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-03-20 07:30:51 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-03-20 07:30:51 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-03-20 07:30:05 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2013-03-20 07:30:05 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2013-03-20 07:30:05 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2013-03-20 07:30:05 1882624 ----a-w- C:\Windows\System32\msxml3.dll
2013-03-20 07:30:05 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2013-03-20 07:30:05 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2013-03-20 07:29:45 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2013-03-20 07:29:45 46080 ----a-w- C:\Windows\System32\atmlib.dll
2013-03-20 07:29:45 367616 ----a-w- C:\Windows\System32\atmfd.dll
2013-03-20 07:29:45 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2013-03-20 07:29:45 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2013-03-20 07:29:45 100864 ----a-w- C:\Windows\System32\fontsub.dll
2013-03-20 07:29:26 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-03-20 07:29:26 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-03-20 07:28:28 478208 ----a-w- C:\Windows\System32\dpnet.dll
2013-03-20 07:28:28 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2013-03-20 07:28:13 95744 ----a-w- C:\Windows\System32\synceng.dll
2013-03-20 07:28:13 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2013-03-20 07:27:00 715776 ----a-w- C:\Windows\System32\kerberos.dll
2013-03-20 07:27:00 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2013-03-20 07:26:44 59392 ----a-w- C:\Windows\System32\browcli.dll
2013-03-20 07:26:44 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2013-03-20 07:26:44 136704 ----a-w- C:\Windows\System32\browser.dll
2013-03-20 07:26:13 956928 ----a-w- C:\Windows\System32\localspl.dll
2013-03-20 07:25:41 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2013-03-20 07:25:41 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2013-03-20 07:25:23 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2013-03-20 07:25:23 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2013-03-20 07:25:23 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2013-03-20 07:25:13 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2013-03-20 07:25:02 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2013-03-20 07:23:11 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-03-20 07:23:11 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2013-03-20 07:23:11 5120 ----a-w- C:\Windows\System32\wmi.dll
2013-03-20 07:23:11 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2013-03-20 07:23:11 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-03-20 07:23:00 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2013-03-20 07:23:00 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2013-03-20 07:23:00 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2013-03-20 07:22:50 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-03-20 07:22:40 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2013-03-20 07:22:40 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2013-03-20 07:22:31 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2013-03-20 07:22:31 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-03-20 07:22:19 395776 ----a-w- C:\Windows\System32\webio.dll
2013-03-20 07:22:19 314880 ----a-w- C:\Windows\SysWow64\webio.dll
2013-03-20 07:22:07 1572864 ----a-w- C:\Windows\System32\quartz.dll
2013-03-20 07:22:07 1328128 ----a-w- C:\Windows\SysWow64\quartz.dll
2013-03-20 07:21:56 77312 ----a-w- C:\Windows\System32\packager.dll
2013-03-20 07:21:56 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2013-03-20 07:21:23 723456 ----a-w- C:\Windows\System32\EncDec.dll
2013-03-20 07:21:23 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2013-03-20 07:19:57 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2013-03-20 07:18:54 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2013-03-20 07:18:54 850944 ----a-w- C:\Windows\SysWow64\sbe.dll
2013-03-20 07:18:54 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2013-03-20 07:18:54 259072 ----a-w- C:\Windows\System32\mpg2splt.ax
2013-03-20 07:18:54 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2013-03-20 07:18:54 1118720 ----a-w- C:\Windows\System32\sbe.dll
2013-02-21 10:30:16 1766912 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-02-21 10:29:39 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-02-21 10:29:37 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-02-21 10:29:37 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-02-21 10:15:07 2240512 ----a-w- C:\Windows\System32\wininet.dll
2013-02-21 10:14:09 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-02-21 10:14:05 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-02-21 10:14:05 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-02-19 12:01:03 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-02-19 11:42:14 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-02-19 11:10:53 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-02-19 10:51:18 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-02-12 04:12:05 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-02-10 01:04:31 6393120 ----a-w- C:\Windows\System32\nvcpl.dll
.
============= FINISH: 21:31:54.34 ===============

#2 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 06 May 2013 - 05:05 AM

Hello awesomerock and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:
  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Step 1

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.


Step 2

  • Download on the desktop RogueKiller
  • Quit all programs
  • Start RogueKiller.exe
  • Wait until Prescan has finished ...
  • Click on Scan. Click on Report and copy/paste the content of the notepad in your next reply.


In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • RogueKiller log

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#3 awesomerock

awesomerock

    New Member

  • Members
  • Pip
  • 12 posts

Posted 06 May 2013 - 06:38 PM

Hi Maniac,

Thanks for the help! Here are the scans you requested:


Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.06.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
George :: GEORGE-PC [administrator]

06/05/2013 7:28:40 PM
mbam-log-2013-05-06 (19-28-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 239409
Time elapsed: 2 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : George [Admin rights]
Mode : Scan -- Date : 05/06/2013 19:34:27
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3000DM001-1CH166 ATA Device +++++
--- User ---
[MBR] 0086f36f0b7bc8b257f89fc226376c3d
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 2097152 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST3000DM001-1CH166 ATA Device +++++
--- User ---
[MBR] 0086f36f0b7bc8b257f89fc226376c3d
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 2097152 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: Seagate FA GoFlex Desk USB Device +++++
--- User ---
[MBR] ff0b517702293986d40468d89de9ed93
[BSP] 5cab7fac78b6fe5301595cea6da44b25 : Empty MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo
Error reading LL1 MBR!
Error reading LL2 MBR!

Finished : << RKreport[1]_S_05062013_02d1934.txt >>
RKreport[1]_S_05062013_02d1934.txt

#4 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 07 May 2013 - 03:41 AM

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#5 awesomerock

awesomerock

    New Member

  • Members
  • Pip
  • 12 posts

Posted 07 May 2013 - 07:19 PM

Hi Maniac,

Here is the ComboFix log you requested:


ComboFix 13-05-07.02 - George 07/05/2013 18:49:57.2.12 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.2.1033.18.16326.14089 [GMT -4:00]
Running from: c:\users\George\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\George\AppData\Roaming\msregsvv.dll
.
.
((((((((((((((((((((((((( Files Created from 2013-04-07 to 2013-05-07 )))))))))))))))))))))))))))))))
.
.
2013-05-07 22:53 . 2013-05-07 22:53 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-05-07 22:53 . 2013-05-07 22:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-28 14:56 . 2013-05-02 13:14 -------- d-----w- c:\users\George\AppData\Roaming\vlc
2013-04-24 02:07 . 2013-04-24 02:07 905296 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{70B5BF01-4660-4791-9B47-EA030DEC9E78}\gapaengine.dll
2013-04-24 02:07 . 2012-10-23 11:04 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-04-23 22:49 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-21 15:39 . 2013-04-21 15:40 -------- d-----w- c:\program files (x86)\Safari
2013-04-13 01:11 . 2013-05-05 19:16 -------- d-----w- c:\program files (x86)\Cisco Systems
2013-04-12 20:17 . 2013-04-12 20:17 -------- d-----w- c:\users\George\.thumbnails
2013-04-12 20:14 . 2013-04-12 20:14 -------- d-----w- c:\users\George\AppData\Local\fontconfig
2013-04-12 20:14 . 2013-05-01 01:43 -------- d-----w- c:\users\George\.gimp-2.8
2013-04-12 20:14 . 2013-04-12 20:14 -------- d-----w- c:\users\George\AppData\Local\gegl-0.2
2013-04-12 20:12 . 2013-04-12 20:13 -------- d-----w- c:\program files\GIMP 2
2013-04-12 19:50 . 1998-10-29 20:45 306688 ----a-w- c:\windows\IsUninst.exe
2013-04-12 14:15 . 2013-04-12 14:15 -------- d-----w- c:\programdata\Cisco Systems
2013-04-10 19:26 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-04-10 19:26 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-10 19:26 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-10 19:26 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-04-10 19:26 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-04-10 19:26 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-10 19:26 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-04-10 19:26 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-04-09 16:41 . 2013-04-09 16:41 -------- d-----w- c:\users\George\AppData\Roaming\SUPERAntiSpyware.com
2013-04-09 16:41 . 2013-04-09 16:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-04-09 16:41 . 2013-04-09 16:41 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-02 15:29 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-21 16:03 . 2013-04-05 15:09 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-21 16:03 . 2013-04-05 15:09 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-11 03:24 . 2013-03-20 08:19 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-04-05 22:38 . 2013-04-05 22:38 231376 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2013-04-04 18:50 . 2013-03-26 13:31 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-20 09:18 . 2013-03-20 09:18 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2013-03-20 09:18 . 2013-03-20 09:18 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll
2013-03-20 08:14 . 2013-03-20 08:14 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-03-20 08:14 . 2013-03-20 08:14 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-03-20 08:14 . 2013-03-20 08:14 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-03-20 08:14 . 2013-03-20 08:14 81408 ----a-w- c:\windows\system32\icardie.dll
2013-03-20 08:14 . 2013-03-20 08:14 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-03-20 08:14 . 2013-03-20 08:14 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-03-20 08:14 . 2013-03-20 08:14 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-20 08:14 . 2013-03-20 08:14 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-03-20 08:14 . 2013-03-20 08:14 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-03-20 08:14 . 2013-03-20 08:14 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-03-20 08:14 . 2013-03-20 08:14 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-03-20 08:14 . 2013-03-20 08:14 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-03-20 08:14 . 2013-03-20 08:14 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-03-20 08:14 . 2013-03-20 08:14 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-03-20 08:14 . 2013-03-20 08:14 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-03-20 08:14 . 2013-03-20 08:14 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-03-20 08:14 . 2013-03-20 08:14 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-03-20 08:14 . 2013-03-20 08:14 441856 ----a-w- c:\windows\system32\html.iec
2013-03-20 08:14 . 2013-03-20 08:14 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-03-20 08:14 . 2013-03-20 08:14 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-03-20 08:14 . 2013-03-20 08:14 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-03-20 08:14 . 2013-03-20 08:14 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-20 08:14 . 2013-03-20 08:14 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-03-20 08:14 . 2013-03-20 08:14 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-03-20 08:14 . 2013-03-20 08:14 235008 ----a-w- c:\windows\system32\url.dll
2013-03-20 08:14 . 2013-03-20 08:14 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-03-20 08:14 . 2013-03-20 08:14 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-03-20 08:14 . 2013-03-20 08:14 216064 ----a-w- c:\windows\system32\msls31.dll
2013-03-20 08:14 . 2013-03-20 08:14 197120 ----a-w- c:\windows\system32\msrating.dll
2013-03-20 08:14 . 2013-03-20 08:14 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-03-20 08:14 . 2013-03-20 08:14 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-03-20 08:14 . 2013-03-20 08:14 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-03-20 08:14 . 2013-03-20 08:14 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-03-20 08:14 . 2013-03-20 08:14 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-20 08:14 . 2013-03-20 08:14 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-03-20 08:14 . 2013-03-20 08:14 149504 ----a-w- c:\windows\system32\occache.dll
2013-03-20 08:14 . 2013-03-20 08:14 144896 ----a-w- c:\windows\system32\wextract.exe
2013-03-20 08:14 . 2013-03-20 08:14 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-03-20 08:14 . 2013-03-20 08:14 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-03-20 08:14 . 2013-03-20 08:14 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-03-20 08:14 . 2013-03-20 08:14 13824 ----a-w- c:\windows\system32\mshta.exe
2013-03-20 08:14 . 2013-03-20 08:14 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-03-20 08:14 . 2013-03-20 08:14 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-03-20 08:14 . 2013-03-20 08:14 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-03-20 08:14 . 2013-03-20 08:14 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-03-20 08:14 . 2013-03-20 08:14 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-03-20 08:14 . 2013-03-20 08:14 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-03-20 08:14 . 2013-03-20 08:14 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-20 08:14 . 2013-03-20 08:14 102912 ----a-w- c:\windows\system32\inseng.dll
2013-03-20 07:35 . 2013-03-20 07:35 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2013-03-20 07:35 . 2013-03-20 07:35 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-03-20 07:35 . 2013-03-20 07:35 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-03-20 07:33 . 2013-03-20 07:33 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-03-20 07:33 . 2013-03-20 07:33 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-03-20 07:33 . 2013-03-20 07:33 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-03-20 07:33 . 2013-03-20 07:33 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-03-20 07:33 . 2013-03-20 07:33 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-03-20 07:33 . 2013-03-20 07:33 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-03-20 07:33 . 2013-03-20 07:33 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-03-20 07:31 . 2013-03-20 07:31 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-03-20 07:31 . 2013-03-20 07:31 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-03-20 07:30 . 2013-03-20 07:30 307200 ----a-w- c:\windows\system32\ncrypt.dll
2013-03-20 07:30 . 2013-03-20 07:30 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-03-20 07:30 . 2013-03-20 07:30 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2013-03-20 07:30 . 2013-03-20 07:30 2048 ----a-w- c:\windows\system32\msxml3r.dll
2013-03-20 07:30 . 2013-03-20 07:30 2002432 ----a-w- c:\windows\system32\msxml6.dll
2013-03-20 07:30 . 2013-03-20 07:30 1882624 ----a-w- c:\windows\system32\msxml3.dll
2013-03-20 07:30 . 2013-03-20 07:30 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2013-03-20 07:30 . 2013-03-20 07:30 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2013-03-20 07:29 . 2013-03-20 07:29 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2013-03-20 07:29 . 2013-03-20 07:29 46080 ----a-w- c:\windows\system32\atmlib.dll
2013-03-20 07:29 . 2013-03-20 07:29 367616 ----a-w- c:\windows\system32\atmfd.dll
2013-03-20 07:29 . 2013-03-20 07:29 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2013-03-20 07:29 . 2013-03-20 07:29 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2013-03-20 07:29 . 2013-03-20 07:29 100864 ----a-w- c:\windows\system32\fontsub.dll
2013-03-20 07:29 . 2013-03-20 07:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-03-20 07:29 . 2013-03-20 07:29 2048 ----a-w- c:\windows\system32\tzres.dll
2013-03-20 07:28 . 2013-03-20 07:28 478208 ----a-w- c:\windows\system32\dpnet.dll
2013-03-20 07:28 . 2013-03-20 07:28 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2013-03-20 07:28 . 2013-03-20 07:28 95744 ----a-w- c:\windows\system32\synceng.dll
2013-03-20 07:28 . 2013-03-20 07:28 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2013-03-20 07:27 . 2013-03-20 07:27 715776 ----a-w- c:\windows\system32\kerberos.dll
2013-03-20 07:27 . 2013-03-20 07:27 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2013-03-20 07:26 . 2013-03-20 07:26 73216 ----a-w- c:\windows\system32\netapi32.dll
2013-03-20 07:26 . 2013-03-20 07:26 59392 ----a-w- c:\windows\system32\browcli.dll
2013-03-20 07:26 . 2013-03-20 07:26 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2013-03-20 07:26 . 2013-03-20 07:26 136704 ----a-w- c:\windows\system32\browser.dll
2013-03-20 07:26 . 2013-03-20 07:26 956928 ----a-w- c:\windows\system32\localspl.dll
2013-03-20 07:25 . 2013-03-20 07:25 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-03-20 07:25 . 2013-03-20 07:25 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2013-03-20 07:25 . 2013-03-20 07:25 1133568 ----a-w- c:\windows\system32\cdosys.dll
2013-03-20 07:25 . 2013-03-20 07:25 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-03-04 2741616]
"TrueCrypt"="c:\program files\TrueCrypt\TrueCrypt.exe" [2013-04-05 1516496]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-05-03 1635752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-12-15 103720]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2011-03-30 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2011-09-28 75048]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"DigidesignMMERefresh"="c:\program files (x86)\Digidesign\Drivers\MMERefresh.exe" [2010-06-16 77824]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2013-4-12 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
2;2 AsusFanControlService;AsusFanControlService [x]
R2 CLKMSVC10_38F51D56;CyberLink Product - 2013/03/20 05:19;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-04-20 241648]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-09 123856]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-04-15 3289208]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 dalwdmservice;dal service;c:\windows\system32\drivers\dalwdm.sys [2009-12-19 139792]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 gbxavs_x64;gbxavs_x64;c:\windows\system32\Drivers\gbxavs_x64.sys [2009-10-08 45136]
R3 gbxusb_x64;gbxusb_x64;c:\windows\system32\Drivers\gbxusb_x64.sys [2009-10-08 300624]
R3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [2009-12-19 32400]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-03-20 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys [2012-01-06 49760]
S0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\DRIVERS\mv91cons.sys [2011-09-21 25904]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [2012-06-01 920736]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [2012-06-01 951936]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [2012-02-17 149120]
S2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys [2009-12-19 21520]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-07-27 636952]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2012-06-05 190824]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2012-07-23 166720]
S2 LxrSII1d;Secure II Driver;c:\windows\System32\Drivers\LxrSII1d.sys [2009-12-30 63064]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2013-01-17 6383920]
S2 PaceLicenseDServices;PACE License Services;c:\program files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2012-11-19 2928128]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-02-09 383264]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-11-03 130536]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-11-03 395752]
S3 DGUSBAP;Service for Digidesign Mbox2 (WDM);c:\windows\system32\DRIVERS\dgmbx2.sys [2010-08-30 192528]
S3 gbxavs;Maschine Midi;c:\windows\system32\Drivers\gbxavs.sys [2011-07-07 357968]
S3 gbxusb_svc;Maschine Controller;c:\windows\system32\Drivers\gbxusb.sys [2011-07-07 68688]
S3 iLokDrvr;Usb Driver;c:\windows\system32\DRIVERS\iLokDrvr.sys [2012-11-17 24728]
S3 MBX2DFU;Digidesign Mbox 2 Firmware Updater;c:\windows\system32\DRIVERS\dgmbx2fu.sys [2010-08-30 31120]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_38F51D56
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 16:29 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-10 12:51 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-05 16:03]
.
2013-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-23 05:46]
.
2013-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-23 05:46]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-06-12 6548112]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.ca/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\George\AppData\Roaming\Mozilla\Firefox\Profiles\8ij29gyg.default\
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Native Instruments Maschine Controller Driver - c:\programdata\{B49C92CB-1A73-4A41-A84C-5091582E7AA8}\Maschine Controller Driver Setup PC.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-05-07 18:54:45
ComboFix-quarantined-files.txt 2013-05-07 22:54
ComboFix2.txt 2013-04-30 23:16
.
Pre-Run: 2,134,064,726,016 bytes free
Post-Run: 2,133,759,225,856 bytes free
.
- - End Of File - - 025C9235306983DAC4D2234624B3B753

#6 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 08 May 2013 - 02:28 AM

Could you please compress for me the following folder: C:\Qoobox\Quarantine and to upload it somewhere, for example at www.mediafire.com . Next, send me a download link via PM.
http://windows.micro...files-zip-files

Thanks in advance! :)
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#7 awesomerock

awesomerock

    New Member

  • Members
  • Pip
  • 12 posts

Posted 08 May 2013 - 05:12 PM

PM sent. Thanks again.

#8 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 09 May 2013 - 04:16 AM

Thanks! :)

Please scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the Posted Image to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#9 awesomerock

awesomerock

    New Member

  • Members
  • Pip
  • 12 posts

Posted 10 May 2013 - 11:55 PM

Hi Maniac,

Here is the info you requested from the ESET Scan:


C:\ASUSDrivers\Software\MSU\Win8\MSUSetup.exe Win32/PrcView application cleaned by deleting - quarantined
C:\ASUSDrivers\Software\MSU\XP_Vista_Win7\MSUSetup.exe Win32/PrcView application cleaned by deleting - quarantined

#10 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 11 May 2013 - 06:50 AM

How are things now?
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#11 awesomerock

awesomerock

    New Member

  • Members
  • Pip
  • 12 posts

Posted 11 May 2013 - 10:12 AM

It seems to be running ok... do you think those quarantined files are needed though? They look as if they are ASUS drivers or something.

#12 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 12 May 2013 - 09:11 AM

I just want to check it. Glad I could help! :)

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Next, uninstall ESET Online Scanner.

Some malware prevention tips:
users.telenet.be/bluepatchy/miekiemoes/prevention.html


Safe surfing! :)
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#13 awesomerock

awesomerock

    New Member

  • Members
  • Pip
  • 12 posts

Posted 12 May 2013 - 10:41 AM

Do you think those two files that Eset removed are needed by my system maybe? Maybe they were a false positive?

#14 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 12 May 2013 - 02:40 PM

If you mean with needed like important system files: no, they could be something additional.

I do not think that is a false alarm because they were found with a precise definition, which means that there is a special update to the database on this type of threat. They are not detected by technology that involves malicious code.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#15 awesomerock

awesomerock

    New Member

  • Members
  • Pip
  • 12 posts

Posted 12 May 2013 - 04:41 PM

OK thanks. For ESET, I do not see an uninstall option in the scanner. Should I just uninstall from Window's Uninstall Programs?

#16 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 13 May 2013 - 12:09 PM

Yes, please.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#17 awesomerock

awesomerock

    New Member

  • Members
  • Pip
  • 12 posts

Posted 14 May 2013 - 09:29 PM

Thanks again Maniac!

#18 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 15 May 2013 - 04:32 AM

You're welcome! :)
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#19 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 18 May 2013 - 05:16 PM

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users