Jump to content


Photo
- - - - -

"HRUPPROG.DIE.NOW"


  • This topic is locked This topic is locked
16 replies to this topic

#1 Waxingcrescent

Waxingcrescent

    New Member

  • Members
  • Pip
  • 8 posts

Posted 22 June 2013 - 03:23 AM

So I woke up this morning and booted up the computer. And instantly after starting up it opens "C:\documents" which included HRUPPROG.DIE.NOW and a text file which had the number 100.

 

After googling a little I found the stickied thread here, downloaded the Anti-Malware and did as told. After rebooting the HRUPPROG files we're still there so I'm doing as told and made this Thread. I hope to get help soon as the stuff read about this googling is making me worry.

 

Here is the Attach.txt

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 30.3.2011 12:43:40
System Uptime: 22.6.2013 11:05:17 (0 hours ago)
.
Motherboard: IBM | | IBM
Processor: Intel® Pentium® 4 CPU 3.40GHz | LGA775/PSC/TJS | 3391/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 50 GiB total, 6,235 GiB free.
D: is FIXED (NTFS) - 99 GiB total, 89,952 GiB free.
E: is FIXED (NTFS) - 233 GiB total, 200,553 GiB free.
F: is FIXED (FAT32) - 466 GiB total, 114,148 GiB free.
G: is CDROM ()
H: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\NSC1200\5&244C37A5&0
Manufacturer:
Name:
PNP Device ID: ACPI\NSC1200\5&244C37A5&0
Service:
.
Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}
Description: ATI Technologies, Inc. 3D RAGE PRO AGP
Device ID: ROOT\DISPLAY\0000
Manufacturer: ATI Technologies, Inc.
Name: ATI Technologies, Inc. 3D RAGE PRO AGP
PNP Device ID: ROOT\DISPLAY\0000
Service: atirage3
.
==== System Restore Points ===================
.
RP1265: 11.6.2013 17:27:11 - Software Distribution Service 3.0
RP1266: 12.6.2013 14:17:30 - Software Distribution Service 3.0
RP1267: 12.6.2013 17:28:36 - Software Distribution Service 3.0
RP1268: 14.6.2013 11:52:40 - Software Distribution Service 3.0
RP1269: 14.6.2013 12:47:07 - Asennettu SpyHunter
RP1270: 14.6.2013 14:05:18 - Poistettu SpyHunter
RP1271: 14.6.2013 14:05:36 - Installed SpyHunter
RP1272: 14.6.2013 14:09:29 - Removed SpyHunter
RP1273: 14.6.2013 14:10:50 - Installed SpyHunter
RP1274: 14.6.2013 14:13:22 - Removed SpyHunter
RP1275: 14.6.2013 14:14:49 - Installed SpyHunter
RP1276: 14.6.2013 14:17:22 - Removed SpyHunter
RP1277: 14.6.2013 14:19:47 - Installed SpyHunter
RP1278: 14.6.2013 14:38:33 - Removed SpyHunter
RP1279: 14.6.2013 14:44:33 - Asennettu SpyHunter
RP1280: 14.6.2013 15:06:16 - Poistettu SpyHunter
RP1281: 14.6.2013 15:18:10 - avast! Free Antivirus Asennus
RP1282: 14.6.2013 17:02:57 - Software Distribution Service 3.0
RP1283: 15.6.2013 17:24:30 - Software Distribution Service 3.0
RP1284: 16.6.2013 17:23:47 - Software Distribution Service 3.0
RP1285: 17.6.2013 17:23:02 - Software Distribution Service 3.0
RP1286: 18.6.2013 17:24:26 - Software Distribution Service 3.0
RP1287: 19.6.2013 14:58:04 - Removed Aeria Ignite
RP1288: 19.6.2013 16:24:19 - Software Distribution Service 3.0
RP1289: 19.6.2013 17:07:15 - Software Distribution Service 3.0
RP1290: 20.6.2013 12:04:23 - Installed Hi-Rez Studios Games
RP1291: 20.6.2013 12:08:22 - Installed DirectX
RP1292: 20.6.2013 17:29:42 - Software Distribution Service 3.0
RP1293: 21.6.2013 17:29:16 - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
7-Zip 9.20
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Reader XI - Suomi
Akamai NetSession Interface
µTorrent
avast! Free Antivirus
Bamboo Dock
BOSS
BrowserProtect
Bundled software uninstaller
CCleaner
Combined Community Codec Pack 2011-11-11
Counter-Strike
DAEMON Tools Lite
DAEMON Tools Ultra
Day of Defeat
Dedicated Server
Deus Ex
Devil May Cry 3 Special Edition
Dota 2
Dropbox
Google Chrome
Google Update Helper
HF pAppLoc version 0.8
Hi-Rez Studios Authenticate and Update Service
Hotfix-päivitys Windows XP:lle (KB2443685)
Hotfix-päivitys Windows XP:lle (KB2570791)
Hotfix-päivitys Windows XP:lle (KB2633952)
Hotfix-päivitys Windows XP:lle (KB2756822)
Hotfix-päivitys Windows XP:lle (KB2779562)
Hotfix-päivitys Windows XP:lle (KB952287)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB976002-v5)
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
Java 7 Update 21
Java Auto Updater
Malwarebytes Anti-Malware versio 1.75.0.1300
McAfee Security Scan Plus
MeldaProduction MFreeEffectsBundle 7
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FIN
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FIN
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 Language Pack - fin
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5:n kielitukipaketti - FI
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile FIN Language Pack
Microsoft .NET Framework 4 Client Profilen suomen kielipaketti
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended FIN Language Pack
Microsoft .NET Framework 4 Extendedin suomen kielipaketti
Microsoft Antimalware Service FI-FI Language Pack
Microsoft Application Error Reporting
Microsoft Chart Controls for Microsoft .NET Framework 3.5
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office File Validation Add-In
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Client FI-FI Language Pack
Microsoft Security Essentials
Microsoft Software Update for Web Folders (English) 12
Microsoft Windows Application Compatibility Database
Microsoft Windowsin Tietoturvapäivitys (KB2564958)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
mIRC
Mozilla Firefox 9.0.1 (x86 fi)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA-ohjauspaneeli 266.58
NVIDIA Grafiikkaohjain 266.58
NVIDIA Install Application
NVIDIA nView 135.50
NVIDIA nView Desktop Manager
NVIDIA PhysX
NVIDIA PhysX-järjestelmäohjelmisto 9.10.0514
Oblivion
Oblivion - Horse Armor Pack
Oblivion - Knights of the Nine
Oblivion - Mehrunes Razor
Oblivion - Orrery
Oblivion - Spell Tomes
Oblivion - Thieves Den
Oblivion - Vile Lair
Oblivion - Wizard's Tower
Oblivion mod manager 1.1.12
“Œ•û_—ì•_ ‘ÌŒ±”Å ver 0.01a
OpenAL
Opera 12.15
piaip AppLocale
Päivitys Windows Internet Explorer 8:lle (KB976662)
Päivitys Windows XP:lle (KB2141007)
Päivitys Windows XP:lle (KB2345886)
Päivitys Windows XP:lle (KB2541763)
Päivitys Windows XP:lle (KB2607712)
Päivitys Windows XP:lle (KB2616676)
Päivitys Windows XP:lle (KB2641690)
Päivitys Windows XP:lle (KB2661254-v2)
Päivitys Windows XP:lle (KB2718704)
Päivitys Windows XP:lle (KB2736233)
Päivitys Windows XP:lle (KB2749655)
Päivitys Windows XP:lle (KB898461)
Päivitys Windows XP:lle (KB951978)
Päivitys Windows XP:lle (KB955759)
Päivitys Windows XP:lle (KB961503)
Päivitys Windows XP:lle (KB968389)
Päivitys Windows XP:lle (KB971029)
Päivitys Windows XP:lle (KB971737)
Päivitys Windows XP:lle (KB973687)
Prince of Persia T2T
Razer Game Booster
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profilen suomen kielipaketti (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profilen suomen kielipaketti (KB2518870)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Skype™ 6.3
Steam
Suojauspäivitys ohjelmistolle Windows XP (KB941569)
Suojauspäivitys Windows Internet Explorer 8:lle (KB2482017)
Suojauspäivitys Windows Internet Explorer 8:lle (KB2497640)
Suojauspäivitys Windows Internet Explorer 8:lle (KB2510531)
Suojauspäivitys Windows Internet Explorer 8:lle (KB2530548)
Suojauspäivitys Windows Internet Explorer 8:lle (KB2544521)
Suojauspäivitys Windows Internet Explorer 8:lle (KB2559049)
Suojauspäivitys Windows Internet Explorer 8:lle (KB2586448)
Suojauspäivitys Windows Internet Explorer 8:lle (KB2618444)
Suojauspäivitys Windows Internet Explorer 8:lle (KB2647516)
Suojauspäivitys Windows Internet Explorer 8:lle (KB2675157)
Suojauspäivitys Windows Internet Explorer 8:lle (KB2699988)
Suojauspäivitys Windows Internet Explorer 8:lle (KB2722913)
Suojauspäivitys Windows Internet Explorer 8:lle (KB2744842)
Suojauspäivitys Windows Internet Explorer 8:lle (KB2761465)
Suojauspäivitys Windows Internet Explorer 8:lle (KB2792100)
Suojauspäivitys Windows Internet Explorer 8:lle (KB2797052)
Suojauspäivitys Windows Internet Explorer 8:lle (KB2799329)
Suojauspäivitys Windows Internet Explorer 8:lle (KB2809289)
Suojauspäivitys Windows Internet Explorer 8:lle (KB2817183)
Suojauspäivitys Windows Internet Explorer 8:lle (KB2829530)
Suojauspäivitys Windows Internet Explorer 8:lle (KB2838727)
Suojauspäivitys Windows Internet Explorer 8:lle (KB2847204)
Suojauspäivitys Windows Internet Explorer 8:lle (KB981332)
Suojauspäivitys Windows Media Playerille (KB2378111)
Suojauspäivitys Windows Media Playerille (KB975558)
Suojauspäivitys Windows Media Playerille (KB978695)
Suojauspäivitys Windows XP:lle (KB2079403)
Suojauspäivitys Windows XP:lle (KB2115168)
Suojauspäivitys Windows XP:lle (KB2121546)
Suojauspäivitys Windows XP:lle (KB2229593)
Suojauspäivitys Windows XP:lle (KB2259922)
Suojauspäivitys Windows XP:lle (KB2296011)
Suojauspäivitys Windows XP:lle (KB2347290)
Suojauspäivitys Windows XP:lle (KB2360937)
Suojauspäivitys Windows XP:lle (KB2387149)
Suojauspäivitys Windows XP:lle (KB2393802)
Suojauspäivitys Windows XP:lle (KB2412687)
Suojauspäivitys Windows XP:lle (KB2419632)
Suojauspäivitys Windows XP:lle (KB2423089)
Suojauspäivitys Windows XP:lle (KB2440591)
Suojauspäivitys Windows XP:lle (KB2443105)
Suojauspäivitys Windows XP:lle (KB2476490)
Suojauspäivitys Windows XP:lle (KB2476687)
Suojauspäivitys Windows XP:lle (KB2478960)
Suojauspäivitys Windows XP:lle (KB2478971)
Suojauspäivitys Windows XP:lle (KB2479628)
Suojauspäivitys Windows XP:lle (KB2479943)
Suojauspäivitys Windows XP:lle (KB2483185)
Suojauspäivitys Windows XP:lle (KB2485376)
Suojauspäivitys Windows XP:lle (KB2485663)
Suojauspäivitys Windows XP:lle (KB2503658)
Suojauspäivitys Windows XP:lle (KB2503665)
Suojauspäivitys Windows XP:lle (KB2506212)
Suojauspäivitys Windows XP:lle (KB2506223)
Suojauspäivitys Windows XP:lle (KB2507618)
Suojauspäivitys Windows XP:lle (KB2507938)
Suojauspäivitys Windows XP:lle (KB2508272)
Suojauspäivitys Windows XP:lle (KB2508429)
Suojauspäivitys Windows XP:lle (KB2509553)
Suojauspäivitys Windows XP:lle (KB2511455)
Suojauspäivitys Windows XP:lle (KB2524375)
Suojauspäivitys Windows XP:lle (KB2535512)
Suojauspäivitys Windows XP:lle (KB2536276-v2)
Suojauspäivitys Windows XP:lle (KB2536276)
Suojauspäivitys Windows XP:lle (KB2544893-v2)
Suojauspäivitys Windows XP:lle (KB2544893)
Suojauspäivitys Windows XP:lle (KB2555917)
Suojauspäivitys Windows XP:lle (KB2562937)
Suojauspäivitys Windows XP:lle (KB2566454)
Suojauspäivitys Windows XP:lle (KB2567053)
Suojauspäivitys Windows XP:lle (KB2567680)
Suojauspäivitys Windows XP:lle (KB2570222)
Suojauspäivitys Windows XP:lle (KB2570947)
Suojauspäivitys Windows XP:lle (KB2584146)
Suojauspäivitys Windows XP:lle (KB2585542)
Suojauspäivitys Windows XP:lle (KB2592799)
Suojauspäivitys Windows XP:lle (KB2598479)
Suojauspäivitys Windows XP:lle (KB2603381)
Suojauspäivitys Windows XP:lle (KB2618451)
Suojauspäivitys Windows XP:lle (KB2619339)
Suojauspäivitys Windows XP:lle (KB2620712)
Suojauspäivitys Windows XP:lle (KB2621440)
Suojauspäivitys Windows XP:lle (KB2624667)
Suojauspäivitys Windows XP:lle (KB2631813)
Suojauspäivitys Windows XP:lle (KB2633171)
Suojauspäivitys Windows XP:lle (KB2639417)
Suojauspäivitys Windows XP:lle (KB2641653)
Suojauspäivitys Windows XP:lle (KB2646524)
Suojauspäivitys Windows XP:lle (KB2647518)
Suojauspäivitys Windows XP:lle (KB2653956)
Suojauspäivitys Windows XP:lle (KB2655992)
Suojauspäivitys Windows XP:lle (KB2659262)
Suojauspäivitys Windows XP:lle (KB2660465)
Suojauspäivitys Windows XP:lle (KB2661637)
Suojauspäivitys Windows XP:lle (KB2676562)
Suojauspäivitys Windows XP:lle (KB2685939)
Suojauspäivitys Windows XP:lle (KB2686509)
Suojauspäivitys Windows XP:lle (KB2691442)
Suojauspäivitys Windows XP:lle (KB2695962)
Suojauspäivitys Windows XP:lle (KB2698365)
Suojauspäivitys Windows XP:lle (KB2705219)
Suojauspäivitys Windows XP:lle (KB2707511)
Suojauspäivitys Windows XP:lle (KB2709162)
Suojauspäivitys Windows XP:lle (KB2712808)
Suojauspäivitys Windows XP:lle (KB2718523)
Suojauspäivitys Windows XP:lle (KB2719985)
Suojauspäivitys Windows XP:lle (KB2723135)
Suojauspäivitys Windows XP:lle (KB2724197)
Suojauspäivitys Windows XP:lle (KB2727528)
Suojauspäivitys Windows XP:lle (KB2731847)
Suojauspäivitys Windows XP:lle (KB2753842-v2)
Suojauspäivitys Windows XP:lle (KB2753842)
Suojauspäivitys Windows XP:lle (KB2757638)
Suojauspäivitys Windows XP:lle (KB2758857)
Suojauspäivitys Windows XP:lle (KB2761226)
Suojauspäivitys Windows XP:lle (KB2770660)
Suojauspäivitys Windows XP:lle (KB2778344)
Suojauspäivitys Windows XP:lle (KB2779030)
Suojauspäivitys Windows XP:lle (KB2780091)
Suojauspäivitys Windows XP:lle (KB2799494)
Suojauspäivitys Windows XP:lle (KB2802968)
Suojauspäivitys Windows XP:lle (KB2807986)
Suojauspäivitys Windows XP:lle (KB2808735)
Suojauspäivitys Windows XP:lle (KB2813170)
Suojauspäivitys Windows XP:lle (KB2820197)
Suojauspäivitys Windows XP:lle (KB2820917)
Suojauspäivitys Windows XP:lle (KB2829361)
Suojauspäivitys Windows XP:lle (KB2839229)
Suojauspäivitys Windows XP:lle (KB923561)
Suojauspäivitys Windows XP:lle (KB923789)
Suojauspäivitys Windows XP:lle (KB970430)
Suojauspäivitys Windows XP:lle (KB972270)
Suojauspäivitys Windows XP:lle (KB973525)
Suojauspäivitys Windows XP:lle (KB975254)
Suojauspäivitys Windows XP:lle (KB975467)
Suojauspäivitys Windows XP:lle (KB975560)
Suojauspäivitys Windows XP:lle (KB975562)
Suojauspäivitys Windows XP:lle (KB975713)
Suojauspäivitys Windows XP:lle (KB977816)
Suojauspäivitys Windows XP:lle (KB977914)
Suojauspäivitys Windows XP:lle (KB978338)
Suojauspäivitys Windows XP:lle (KB978542)
Suojauspäivitys Windows XP:lle (KB978601)
Suojauspäivitys Windows XP:lle (KB978706)
Suojauspäivitys Windows XP:lle (KB979309)
Suojauspäivitys Windows XP:lle (KB979482)
Suojauspäivitys Windows XP:lle (KB979687)
Suojauspäivitys Windows XP:lle (KB980195)
Suojauspäivitys Windows XP:lle (KB980232)
Suojauspäivitys Windows XP:lle (KB980436)
Suojauspäivitys Windows XP:lle (KB981322)
Suojauspäivitys Windows XP:lle (KB981997)
Suojauspäivitys Windows XP:lle (KB982132)
Suojauspäivitys Windows XP:lle (KB982214)
Suojauspäivitys Windows XP:lle (KB982665)
TeamSpeak 3 Client
Unofficial Oblivion Patch v3.4.3
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Live ID Sign-in Assistant
WinRAR 4.00 (32-bit)
VLC media player 2.0.6
XML Paper Specification Shared Components Language Pack 1.0
YTD Video Downloader 4.0
.
==== Event Viewer Messages From Past Week ========
.
22.6.2013 11:06:26, error: Service Control Manager [7000] - Palvelua DUALSHOCK3 Controller HID Minidriver (USB) Beta ei voi käynnistää. Virhekoodi on Palvelua ei voi käynnistää, koska se on poistettu käytöstä tai siihen ei liity käytössä olevia laitteita.
22.6.2013 10:14:49, error: Service Control Manager [7000] - Palvelua DUALSHOCK3 Controller HID Minidriver (USB) Beta ei voi käynnistää. Virhekoodi on Palvelua ei voi käynnistää, koska se on poistettu käytöstä tai siihen ei liity käytössä olevia laitteita.
19.6.2013 17:16:50, error: Service Control Manager [7000] - Palvelua DUALSHOCK3 Controller HID Minidriver (USB) Beta ei voi käynnistää. Virhekoodi on Palvelua ei voi käynnistää, koska se on poistettu käytöstä tai siihen ei liity käytössä olevia laitteita.
19.6.2013 16:31:41, error: Service Control Manager [7000] - Palvelua DUALSHOCK3 Controller HID Minidriver (USB) Beta ei voi käynnistää. Virhekoodi on Palvelua ei voi käynnistää, koska se on poistettu käytöstä tai siihen ei liity käytössä olevia laitteita.
19.6.2013 16:03:02, error: Service Control Manager [7000] - Palvelua DUALSHOCK3 Controller HID Minidriver (USB) Beta ei voi käynnistää. Virhekoodi on Palvelua ei voi käynnistää, koska se on poistettu käytöstä tai siihen ei liity käytössä olevia laitteita.
19.6.2013 15:44:10, error: Service Control Manager [7000] - Palvelua DUALSHOCK3 Controller HID Minidriver (USB) Beta ei voi käynnistää. Virhekoodi on Palvelua ei voi käynnistää, koska se on poistettu käytöstä tai siihen ei liity käytössä olevia laitteita.
19.6.2013 15:29:07, error: Service Control Manager [7000] - Palvelua DUALSHOCK3 Controller HID Minidriver (USB) Beta ei voi käynnistää. Virhekoodi on Palvelua ei voi käynnistää, koska se on poistettu käytöstä tai siihen ei liity käytössä olevia laitteita.
19.6.2013 15:20:35, error: Service Control Manager [7000] - Palvelua DUALSHOCK3 Controller HID Minidriver (USB) Beta ei voi käynnistää. Virhekoodi on Palvelua ei voi käynnistää, koska se on poistettu käytöstä tai siihen ei liity käytössä olevia laitteita.
.
==== End Of File ===========================

 

 

 

And here is the dds.txt

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.21.2
Run by Käyttäjä at 11:11:15 on 2013-06-22
Microsoft Windows XP Professional 5.1.2600.3.1252.358.1035.18.2045.957 [GMT 3:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
C:\Program Files\Hi-Rez Studios\HiPatchService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Documents and Settings\Käyttäjä\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Documents and Settings\Käyttäjä\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Käyttäjä\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.

uProxyOverride = <local>
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} -
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} -
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [MediaGet2] c:\documents and settings\käyttäjä\local settings\application data\mediaget2\mediaget.exe --minimized
uRun: [Akamai NetSession Interface] "c:\documents and settings\käyttäjä\local settings\application data\akamai\netsession_win.exe"
uRun: [DAEMON Tools Lite] "d:\daemon tools lite\DTLite.exe" -autorun
uRun: [DAEMON Tools Ultra Agent] "c:\program files\daemon tools ultra\DTAgent.exe" -autorun
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\kyttj~1\kynnis~1\ohjelmat\kynnis~1\dropbox.lnk - c:\documents and settings\käyttäjä\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\kynnis~1\ohjelmat\kynnis~1\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.285\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: ForceClassicControlPanel = dword:1
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe


TCP: NameServer = 62.241.198.246 62.241.198.245
TCP: Interfaces\{E51F6B59-8549-4628-885A-6D16836651D2} : DHCPNameServer = 62.241.198.246 62.241.198.245
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\docume~1\alluse~1\applic~1\browse~1\261339~1.144\{c16c1~1\browse~1.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.116\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\käyttäjä\application data\mozilla\firefox\profiles\1opcxgf4.default\
.
============= SERVICES / DRIVERS ===============
.
P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files\hi-rez studios\HiPatchService.exe [2013-6-20 9216]
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-6-14 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-6-14 174664]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 195296]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-6-14 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-6-14 368944]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2013-4-14 242240]
R1 MpKsl87123e27;MpKsl87123e27;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b2dc96a8-77b8-4145-a54b-1f3956f49a4a}\MpKsl87123e27.sys [2013-6-22 29904]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-6-14 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-6-14 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-6-14 46808]
R2 BrowserProtect;BrowserProtect;c:\documents and settings\all users\application data\browserprotect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2013-6-4 3085264]
R3 Disc Soft Bus Service;Disc Soft Bus Service;c:\program files\daemon tools ultra\DiscSoftBusService.exe [2013-5-23 632352]
R3 dtscsibus;DAEMON Tools Virtual SCSI Bus;c:\windows\system32\drivers\dtscsibus.sys [2013-5-26 24704]
S1 mowfegbz;mowfegbz;\??\c:\windows\system32\drivers\mowfegbz.sys --> c:\windows\system32\drivers\mowfegbz.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 dualshock3;DUALSHOCK3 Controller HID Minidriver (USB) Beta;c:\windows\system32\drivers\dualshock3.sys [2012-1-24 11392]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-4-19 161384]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2011-9-1 33792]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.285\McCHSvc.exe [2012-9-5 234776]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\drivers\s1039bus.sys [2011-12-10 98672]
S3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\drivers\s1039mdfl.sys [2011-12-10 14960]
S3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\drivers\s1039mdm.sys [2011-12-10 124016]
S3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1039mgmt.sys [2011-12-10 117872]
S3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1039nd5.sys [2011-12-10 25456]
S3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\drivers\s1039obex.sys [2011-12-10 113904]
S3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1039unic.sys [2011-12-10 123504]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-06-22 08:06:47 60872 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b2dc96a8-77b8-4145-a54b-1f3956f49a4a}\offreg.dll
2013-06-22 08:06:16 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b2dc96a8-77b8-4145-a54b-1f3956f49a4a}\MpKsl87123e27.sys
2013-06-22 07:49:24 -------- d-----w- c:\documents and settings\käyttäjä\application data\Malwarebytes
2013-06-22 07:48:51 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-06-22 07:48:45 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-21 14:29:21 7068072 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b2dc96a8-77b8-4145-a54b-1f3956f49a4a}\mpengine.dll
2013-06-20 14:29:55 7068072 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-06-20 09:08:42 -------- d-----w- c:\program files\Microsoft Chart Controls
2013-06-20 09:06:50 -------- d-----w- C:\Documents
2013-06-20 09:04:26 -------- d-----w- c:\program files\Hi-Rez Studios
2013-06-19 11:40:41 -------- d-----w- c:\documents and settings\all users\application data\Hi-Rez Studios
2013-06-19 11:21:53 -------- d-----w- C:\ProgramData
2013-06-19 10:46:19 -------- d-----w- C:\AeriaGames
2013-06-17 20:11:30 163328 ----a-w- c:\windows\system32\FlashPlayerUpdateService.exe
2013-06-17 20:11:26 -------- d-----w- c:\documents and settings\käyttäjä\application data\File Scout
2013-06-14 12:19:48 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-14 12:19:48 174664 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-14 12:19:47 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-06-14 12:19:46 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-06-14 12:18:52 41664 ----a-w- c:\windows\avastSS.scr
2013-06-14 12:18:10 -------- d-----w- c:\program files\AVAST Software
2013-06-14 12:17:52 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2013-06-14 11:44:34 -------- d-----w- c:\program files\Enigma Software Group
2013-06-14 11:43:45 -------- d-----w- c:\windows\46B04D534E344388B6EE80FAB66AEF9B.TMP
2013-06-14 11:08:01 -------- d-----w- c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2013-06-14 09:46:07 -------- d-----w- c:\windows\E89498D814304A2BA76A4A71326981E9.TMP
2013-06-13 18:49:31 -------- d-----w- c:\documents and settings\käyttäjä\application data\TS3Client
2013-06-11 09:46:41 -------- d-----w- c:\program files\TeamSpeak 3 Client
2013-06-06 15:54:29 -------- d-----w- c:\program files\Dropbox
2013-06-06 15:52:26 -------- d-----w- c:\documents and settings\käyttäjä\application data\Dropbox
2013-06-06 15:28:36 -------- d-----w- c:\documents and settings\all users\application data\McAfee Security Scan
2013-06-06 15:28:24 -------- d-----w- c:\program files\McAfee Security Scan
2013-06-03 11:07:42 -------- d-----w- c:\documents and settings\käyttäjä\application data\ShanghaiAlice
2013-05-27 16:40:23 -------- d-----w- c:\windows\system32\xlive
2013-05-27 16:40:13 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2013-05-26 10:39:58 -------- d-----w- c:\documents and settings\all users\application data\BrowserProtect
2013-05-26 10:39:48 -------- d-----w- c:\documents and settings\käyttäjä\application data\BabSolution
2013-05-26 10:39:07 -------- d-----w- c:\documents and settings\käyttäjä\application data\Babylon
2013-05-26 10:39:07 -------- d-----w- c:\documents and settings\all users\application data\Babylon
2013-05-26 10:38:49 24704 ----a-w- c:\windows\system32\drivers\dtscsibus.sys
2013-05-26 10:38:42 -------- d-----w- c:\documents and settings\käyttäjä\application data\DAEMON Tools Ultra
2013-05-26 10:38:22 -------- d-----w- c:\program files\DAEMON Tools Ultra
2013-05-26 10:37:44 -------- d-----w- c:\documents and settings\all users\application data\DAEMON Tools Ultra
2013-05-26 10:21:24 -------- d-----w- C:\Gamez
2013-05-26 10:08:18 -------- d-----w- c:\documents and settings\käyttäjä\application data\Skype
2013-05-26 10:08:08 -------- d-----r- c:\program files\Skype
2013-05-25 22:52:09 -------- d-----w- c:\documents and settings\all users\application data\ASign
2013-05-25 22:14:18 -------- d-----w- c:\documents and settings\käyttäjä\application data\Nitroplus
.
==================== Find3M ====================
.
2013-06-12 15:57:23 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-12 15:57:23 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-25 22:27:28 1174979 ----a-w- c:\windows\apppatch\unins000.exe
2013-05-25 13:18:27 139832 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-05-25 13:17:43 281768 ----a-w- c:\windows\system32\PnkBstrB.xtr
2013-05-25 13:17:43 281768 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-05-22 15:26:12 281768 ----a-w- c:\windows\system32\PnkBstrB.ex0
2013-05-07 22:27:13 920064 ----a-w- c:\windows\system32\wininet.dll
2013-05-07 22:27:12 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-07 22:27:12 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-07 21:53:29 385024 ----a-w- c:\windows\system32\html.iec
2013-05-03 05:39:10 2152448 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-03 05:39:10 2031104 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-05-02 15:28:50 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-18 12:32:21 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-04-12 14:01:35 1876608 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 02:35:08 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
============= FINISH: 11:12:49,17 ===============

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.21.2
Run by Käyttäjä at 11:11:15 on 2013-06-22
Microsoft Windows XP Professional 5.1.2600.3.1252.358.1035.18.2045.957 [GMT 3:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
C:\Program Files\Hi-Rez Studios\HiPatchService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Documents and Settings\Käyttäjä\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Documents and Settings\Käyttäjä\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Käyttäjä\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.

uProxyOverride = <local>
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} -
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} -
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [MediaGet2] c:\documents and settings\käyttäjä\local settings\application data\mediaget2\mediaget.exe --minimized
uRun: [Akamai NetSession Interface] "c:\documents and settings\käyttäjä\local settings\application data\akamai\netsession_win.exe"
uRun: [DAEMON Tools Lite] "d:\daemon tools lite\DTLite.exe" -autorun
uRun: [DAEMON Tools Ultra Agent] "c:\program files\daemon tools ultra\DTAgent.exe" -autorun
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\kyttj~1\kynnis~1\ohjelmat\kynnis~1\dropbox.lnk - c:\documents and settings\käyttäjä\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\kynnis~1\ohjelmat\kynnis~1\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.285\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: ForceClassicControlPanel = dword:1
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe


TCP: NameServer = 62.241.198.246 62.241.198.245
TCP: Interfaces\{E51F6B59-8549-4628-885A-6D16836651D2} : DHCPNameServer = 62.241.198.246 62.241.198.245
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\docume~1\alluse~1\applic~1\browse~1\261339~1.144\{c16c1~1\browse~1.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.116\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\käyttäjä\application data\mozilla\firefox\profiles\1opcxgf4.default\
.
============= SERVICES / DRIVERS ===============
.
P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files\hi-rez studios\HiPatchService.exe [2013-6-20 9216]
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-6-14 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-6-14 174664]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 195296]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-6-14 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-6-14 368944]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2013-4-14 242240]
R1 MpKsl87123e27;MpKsl87123e27;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b2dc96a8-77b8-4145-a54b-1f3956f49a4a}\MpKsl87123e27.sys [2013-6-22 29904]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-6-14 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-6-14 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-6-14 46808]
R2 BrowserProtect;BrowserProtect;c:\documents and settings\all users\application data\browserprotect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2013-6-4 3085264]
R3 Disc Soft Bus Service;Disc Soft Bus Service;c:\program files\daemon tools ultra\DiscSoftBusService.exe [2013-5-23 632352]
R3 dtscsibus;DAEMON Tools Virtual SCSI Bus;c:\windows\system32\drivers\dtscsibus.sys [2013-5-26 24704]
S1 mowfegbz;mowfegbz;\??\c:\windows\system32\drivers\mowfegbz.sys --> c:\windows\system32\drivers\mowfegbz.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 dualshock3;DUALSHOCK3 Controller HID Minidriver (USB) Beta;c:\windows\system32\drivers\dualshock3.sys [2012-1-24 11392]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-4-19 161384]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2011-9-1 33792]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.285\McCHSvc.exe [2012-9-5 234776]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\drivers\s1039bus.sys [2011-12-10 98672]
S3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\drivers\s1039mdfl.sys [2011-12-10 14960]
S3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\drivers\s1039mdm.sys [2011-12-10 124016]
S3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1039mgmt.sys [2011-12-10 117872]
S3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1039nd5.sys [2011-12-10 25456]
S3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\drivers\s1039obex.sys [2011-12-10 113904]
S3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1039unic.sys [2011-12-10 123504]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-06-22 08:06:47 60872 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b2dc96a8-77b8-4145-a54b-1f3956f49a4a}\offreg.dll
2013-06-22 08:06:16 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b2dc96a8-77b8-4145-a54b-1f3956f49a4a}\MpKsl87123e27.sys
2013-06-22 07:49:24 -------- d-----w- c:\documents and settings\käyttäjä\application data\Malwarebytes
2013-06-22 07:48:51 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-06-22 07:48:45 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-21 14:29:21 7068072 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b2dc96a8-77b8-4145-a54b-1f3956f49a4a}\mpengine.dll
2013-06-20 14:29:55 7068072 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-06-20 09:08:42 -------- d-----w- c:\program files\Microsoft Chart Controls
2013-06-20 09:06:50 -------- d-----w- C:\Documents
2013-06-20 09:04:26 -------- d-----w- c:\program files\Hi-Rez Studios
2013-06-19 11:40:41 -------- d-----w- c:\documents and settings\all users\application data\Hi-Rez Studios
2013-06-19 11:21:53 -------- d-----w- C:\ProgramData
2013-06-19 10:46:19 -------- d-----w- C:\AeriaGames
2013-06-17 20:11:30 163328 ----a-w- c:\windows\system32\FlashPlayerUpdateService.exe
2013-06-17 20:11:26 -------- d-----w- c:\documents and settings\käyttäjä\application data\File Scout
2013-06-14 12:19:48 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-14 12:19:48 174664 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-14 12:19:47 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-06-14 12:19:46 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-06-14 12:18:52 41664 ----a-w- c:\windows\avastSS.scr
2013-06-14 12:18:10 -------- d-----w- c:\program files\AVAST Software
2013-06-14 12:17:52 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2013-06-14 11:44:34 -------- d-----w- c:\program files\Enigma Software Group
2013-06-14 11:43:45 -------- d-----w- c:\windows\46B04D534E344388B6EE80FAB66AEF9B.TMP
2013-06-14 11:08:01 -------- d-----w- c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2013-06-14 09:46:07 -------- d-----w- c:\windows\E89498D814304A2BA76A4A71326981E9.TMP
2013-06-13 18:49:31 -------- d-----w- c:\documents and settings\käyttäjä\application data\TS3Client
2013-06-11 09:46:41 -------- d-----w- c:\program files\TeamSpeak 3 Client
2013-06-06 15:54:29 -------- d-----w- c:\program files\Dropbox
2013-06-06 15:52:26 -------- d-----w- c:\documents and settings\käyttäjä\application data\Dropbox
2013-06-06 15:28:36 -------- d-----w- c:\documents and settings\all users\application data\McAfee Security Scan
2013-06-06 15:28:24 -------- d-----w- c:\program files\McAfee Security Scan
2013-06-03 11:07:42 -------- d-----w- c:\documents and settings\käyttäjä\application data\ShanghaiAlice
2013-05-27 16:40:23 -------- d-----w- c:\windows\system32\xlive
2013-05-27 16:40:13 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2013-05-26 10:39:58 -------- d-----w- c:\documents and settings\all users\application data\BrowserProtect
2013-05-26 10:39:48 -------- d-----w- c:\documents and settings\käyttäjä\application data\BabSolution
2013-05-26 10:39:07 -------- d-----w- c:\documents and settings\käyttäjä\application data\Babylon
2013-05-26 10:39:07 -------- d-----w- c:\documents and settings\all users\application data\Babylon
2013-05-26 10:38:49 24704 ----a-w- c:\windows\system32\drivers\dtscsibus.sys
2013-05-26 10:38:42 -------- d-----w- c:\documents and settings\käyttäjä\application data\DAEMON Tools Ultra
2013-05-26 10:38:22 -------- d-----w- c:\program files\DAEMON Tools Ultra
2013-05-26 10:37:44 -------- d-----w- c:\documents and settings\all users\application data\DAEMON Tools Ultra
2013-05-26 10:21:24 -------- d-----w- C:\Gamez
2013-05-26 10:08:18 -------- d-----w- c:\documents and settings\käyttäjä\application data\Skype
2013-05-26 10:08:08 -------- d-----r- c:\program files\Skype
2013-05-25 22:52:09 -------- d-----w- c:\documents and settings\all users\application data\ASign
2013-05-25 22:14:18 -------- d-----w- c:\documents and settings\käyttäjä\application data\Nitroplus
.
==================== Find3M ====================
.
2013-06-12 15:57:23 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-12 15:57:23 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-25 22:27:28 1174979 ----a-w- c:\windows\apppatch\unins000.exe
2013-05-25 13:18:27 139832 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-05-25 13:17:43 281768 ----a-w- c:\windows\system32\PnkBstrB.xtr
2013-05-25 13:17:43 281768 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-05-22 15:26:12 281768 ----a-w- c:\windows\system32\PnkBstrB.ex0
2013-05-07 22:27:13 920064 ----a-w- c:\windows\system32\wininet.dll
2013-05-07 22:27:12 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-07 22:27:12 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-07 21:53:29 385024 ----a-w- c:\windows\system32\html.iec
2013-05-03 05:39:10 2152448 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-03 05:39:10 2031104 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-05-02 15:28:50 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-18 12:32:21 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-04-12 14:01:35 1876608 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 02:35:08 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
============= FINISH: 11:12:49,17 ===============
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.21.2
Run by Käyttäjä at 11:11:15 on 2013-06-22
Microsoft Windows XP Professional 5.1.2600.3.1252.358.1035.18.2045.957 [GMT 3:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
C:\Program Files\Hi-Rez Studios\HiPatchService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Documents and Settings\Käyttäjä\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Documents and Settings\Käyttäjä\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Käyttäjä\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.

uProxyOverride = <local>
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} -
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} -
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [MediaGet2] c:\documents and settings\käyttäjä\local settings\application data\mediaget2\mediaget.exe --minimized
uRun: [Akamai NetSession Interface] "c:\documents and settings\käyttäjä\local settings\application data\akamai\netsession_win.exe"
uRun: [DAEMON Tools Lite] "d:\daemon tools lite\DTLite.exe" -autorun
uRun: [DAEMON Tools Ultra Agent] "c:\program files\daemon tools ultra\DTAgent.exe" -autorun
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\kyttj~1\kynnis~1\ohjelmat\kynnis~1\dropbox.lnk - c:\documents and settings\käyttäjä\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\kynnis~1\ohjelmat\kynnis~1\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.285\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: ForceClassicControlPanel = dword:1
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe


TCP: NameServer = 62.241.198.246 62.241.198.245
TCP: Interfaces\{E51F6B59-8549-4628-885A-6D16836651D2} : DHCPNameServer = 62.241.198.246 62.241.198.245
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\docume~1\alluse~1\applic~1\browse~1\261339~1.144\{c16c1~1\browse~1.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.116\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\käyttäjä\application data\mozilla\firefox\profiles\1opcxgf4.default\
.
============= SERVICES / DRIVERS ===============
.
P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files\hi-rez studios\HiPatchService.exe [2013-6-20 9216]
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-6-14 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-6-14 174664]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 195296]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-6-14 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-6-14 368944]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2013-4-14 242240]
R1 MpKsl87123e27;MpKsl87123e27;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b2dc96a8-77b8-4145-a54b-1f3956f49a4a}\MpKsl87123e27.sys [2013-6-22 29904]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-6-14 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-6-14 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-6-14 46808]
R2 BrowserProtect;BrowserProtect;c:\documents and settings\all users\application data\browserprotect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2013-6-4 3085264]
R3 Disc Soft Bus Service;Disc Soft Bus Service;c:\program files\daemon tools ultra\DiscSoftBusService.exe [2013-5-23 632352]
R3 dtscsibus;DAEMON Tools Virtual SCSI Bus;c:\windows\system32\drivers\dtscsibus.sys [2013-5-26 24704]
S1 mowfegbz;mowfegbz;\??\c:\windows\system32\drivers\mowfegbz.sys --> c:\windows\system32\drivers\mowfegbz.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 dualshock3;DUALSHOCK3 Controller HID Minidriver (USB) Beta;c:\windows\system32\drivers\dualshock3.sys [2012-1-24 11392]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-4-19 161384]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2011-9-1 33792]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.285\McCHSvc.exe [2012-9-5 234776]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\drivers\s1039bus.sys [2011-12-10 98672]
S3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\drivers\s1039mdfl.sys [2011-12-10 14960]
S3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\drivers\s1039mdm.sys [2011-12-10 124016]
S3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1039mgmt.sys [2011-12-10 117872]
S3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1039nd5.sys [2011-12-10 25456]
S3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\drivers\s1039obex.sys [2011-12-10 113904]
S3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1039unic.sys [2011-12-10 123504]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-06-22 08:06:47 60872 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b2dc96a8-77b8-4145-a54b-1f3956f49a4a}\offreg.dll
2013-06-22 08:06:16 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b2dc96a8-77b8-4145-a54b-1f3956f49a4a}\MpKsl87123e27.sys
2013-06-22 07:49:24 -------- d-----w- c:\documents and settings\käyttäjä\application data\Malwarebytes
2013-06-22 07:48:51 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-06-22 07:48:45 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-21 14:29:21 7068072 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b2dc96a8-77b8-4145-a54b-1f3956f49a4a}\mpengine.dll
2013-06-20 14:29:55 7068072 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-06-20 09:08:42 -------- d-----w- c:\program files\Microsoft Chart Controls
2013-06-20 09:06:50 -------- d-----w- C:\Documents
2013-06-20 09:04:26 -------- d-----w- c:\program files\Hi-Rez Studios
2013-06-19 11:40:41 -------- d-----w- c:\documents and settings\all users\application data\Hi-Rez Studios
2013-06-19 11:21:53 -------- d-----w- C:\ProgramData
2013-06-19 10:46:19 -------- d-----w- C:\AeriaGames
2013-06-17 20:11:30 163328 ----a-w- c:\windows\system32\FlashPlayerUpdateService.exe
2013-06-17 20:11:26 -------- d-----w- c:\documents and settings\käyttäjä\application data\File Scout
2013-06-14 12:19:48 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-14 12:19:48 174664 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-14 12:19:47 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-06-14 12:19:46 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-06-14 12:18:52 41664 ----a-w- c:\windows\avastSS.scr
2013-06-14 12:18:10 -------- d-----w- c:\program files\AVAST Software
2013-06-14 12:17:52 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2013-06-14 11:44:34 -------- d-----w- c:\program files\Enigma Software Group
2013-06-14 11:43:45 -------- d-----w- c:\windows\46B04D534E344388B6EE80FAB66AEF9B.TMP
2013-06-14 11:08:01 -------- d-----w- c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2013-06-14 09:46:07 -------- d-----w- c:\windows\E89498D814304A2BA76A4A71326981E9.TMP
2013-06-13 18:49:31 -------- d-----w- c:\documents and settings\käyttäjä\application data\TS3Client
2013-06-11 09:46:41 -------- d-----w- c:\program files\TeamSpeak 3 Client
2013-06-06 15:54:29 -------- d-----w- c:\program files\Dropbox
2013-06-06 15:52:26 -------- d-----w- c:\documents and settings\käyttäjä\application data\Dropbox
2013-06-06 15:28:36 -------- d-----w- c:\documents and settings\all users\application data\McAfee Security Scan
2013-06-06 15:28:24 -------- d-----w- c:\program files\McAfee Security Scan
2013-06-03 11:07:42 -------- d-----w- c:\documents and settings\käyttäjä\application data\ShanghaiAlice
2013-05-27 16:40:23 -------- d-----w- c:\windows\system32\xlive
2013-05-27 16:40:13 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2013-05-26 10:39:58 -------- d-----w- c:\documents and settings\all users\application data\BrowserProtect
2013-05-26 10:39:48 -------- d-----w- c:\documents and settings\käyttäjä\application data\BabSolution
2013-05-26 10:39:07 -------- d-----w- c:\documents and settings\käyttäjä\application data\Babylon
2013-05-26 10:39:07 -------- d-----w- c:\documents and settings\all users\application data\Babylon
2013-05-26 10:38:49 24704 ----a-w- c:\windows\system32\drivers\dtscsibus.sys
2013-05-26 10:38:42 -------- d-----w- c:\documents and settings\käyttäjä\application data\DAEMON Tools Ultra
2013-05-26 10:38:22 -------- d-----w- c:\program files\DAEMON Tools Ultra
2013-05-26 10:37:44 -------- d-----w- c:\documents and settings\all users\application data\DAEMON Tools Ultra
2013-05-26 10:21:24 -------- d-----w- C:\Gamez
2013-05-26 10:08:18 -------- d-----w- c:\documents and settings\käyttäjä\application data\Skype
2013-05-26 10:08:08 -------- d-----r- c:\program files\Skype
2013-05-25 22:52:09 -------- d-----w- c:\documents and settings\all users\application data\ASign
2013-05-25 22:14:18 -------- d-----w- c:\documents and settings\käyttäjä\application data\Nitroplus
.
==================== Find3M ====================
.
2013-06-12 15:57:23 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-12 15:57:23 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-25 22:27:28 1174979 ----a-w- c:\windows\apppatch\unins000.exe
2013-05-25 13:18:27 139832 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-05-25 13:17:43 281768 ----a-w- c:\windows\system32\PnkBstrB.xtr
2013-05-25 13:17:43 281768 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-05-22 15:26:12 281768 ----a-w- c:\windows\system32\PnkBstrB.ex0
2013-05-07 22:27:13 920064 ----a-w- c:\windows\system32\wininet.dll
2013-05-07 22:27:12 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-07 22:27:12 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-07 21:53:29 385024 ----a-w- c:\windows\system32\html.iec
2013-05-03 05:39:10 2152448 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-03 05:39:10 2031104 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-05-02 15:28:50 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-18 12:32:21 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-04-12 14:01:35 1876608 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 02:35:08 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
============= FINISH: 11:12:49,17 ===============



#2 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,404 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 22 June 2013 - 06:45 AM

Hello Waxingcrescent and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:
  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Step 1

I notice that you are using more than one antivirus program.
  • avast! Free Antivirus
  • Microsoft Security Essentials
This is very dangerous, as multiple Antivirus programs can interfere with one another and actually allow more viruses to get through. It is important that only one antivirus program is running realtime protection. I recommend you to keep avast! Free Antivirus .

Also, please uninstall this application: µTorrent .

Finally, restart your computer.


Step 2

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
Step 4
  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.


Step 5
  • Download on the desktop RogueKiller
  • Quit all programs
  • Start RogueKiller.exe
  • Wait until Prescan has finished ...
  • Click on Scan. Click on Report and copy/paste the content of the notepad in your next reply.
In your next reply, post the following log files:
  • Junkware Removal Tool log
  • AdwCleaner log
  • Malwarebytes' Anti-Malware log
  • RogueKiller log
  • a new fresh DDS log

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#3 Waxingcrescent

Waxingcrescent

    New Member

  • Members
  • Pip
  • 8 posts

Posted 22 June 2013 - 08:23 AM

Here they are.

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Microsoft Windows XP x86
Ran by K„ytt„j„ on la 22.06.2013 at 15:42:03,12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{806C1D1B-7631-4AF7-BCD2-AC25A6F0F976}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\ytd video downloader"
Successfully deleted: [Folder] "C:\WINDOWS\system32\ai_recyclebin"



~~~ FireFox

Successfully deleted: [File] C:\Documents and Settings\K„ytt„j„\Application Data\mozilla\firefox\profiles\1opcxgf4.default\invalidprefs.js





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on la 22.06.2013 at 15:46:06,18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

# AdwCleaner v2.303 - Logfile created 06/22/2013 at 15:52:08
# Updated 08/06/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Käyttäjä - KALEVO
# Boot Mode : Normal
# Running from : D:\Säädetääs tää balrog nyt\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v9.0.1 (fi)

File : C:\Documents and Settings\Käyttäjä\Application Data\Mozilla\Firefox\Profiles\1opcxgf4.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v27.0.1453.116

File : C:\Documents and Settings\Käyttäjä\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v12.15.1748.0

File : C:\Documents and Settings\Käyttäjä\Application Data\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [358 octets] - [22/06/2013 13:37:31]
AdwCleaner[S2].txt - [9667 octets] - [22/06/2013 13:39:38]
AdwCleaner[S3].txt - [1128 octets] - [22/06/2013 15:52:08]

########## EOF - C:\AdwCleaner[S3].txt - [1188 octets] ##########

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Tietokantaversio: v2013.06.22.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Käyttäjä :: KALEVO [järjestelmänvalvoja]

22.6.2013 15:59:37
mbam-log-2013-06-22 (15-59-37).txt

Tarkistustyyppi: Pikatarkistus
Tarkistussuodattimia valittu: Muisti | Käynnistys | Rekisteri | Tietojärjestelmä | Heuristinen/Ylimäärinen | Heuristinen/Shuriken | Mahdollisesti haitallinen ohjelma | Mahdollisesti haitallinen muutos
Käytöstä poistetut tarkistusvalinnat: Vertaisverkko (Peer-to-Peer)
Tarkistettuja kohteita: 218988
Kulunut aika: 11 minuutti(a), 25 sekunti(a)

Epäilyttäviä muistiprosesseja: 0
(Ei haitallisia kohteita)

Epäilyttäviä muistimoduuleja: 0
(Ei haitallisia kohteita)

Epäilyttäviä rekisteriavaimia: 0
(Ei haitallisia kohteita)

Epäilyttäviä rekisteriarvoja: 0
(Ei haitallisia kohteita)

Epäilyttäviä rekisterikohteita: 0
(Ei haitallisia kohteita)

Epäilyttäviä kansioita: 0
(Ei haitallisia kohteita)

Epäilyttäviä tiedostoja: 0
(Ei haitallisia kohteita)

(loppu)

 

 

RogueKiller V8.6.1 [Jun 19 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Käyttäjä [Admin rights]
Mode : Scan -- Date : 06/22/2013 16:17:41
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost
127.0.0.1 activate.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: HDT722516DLA380 41N3148LEN +++++
--- User ---
[MBR] 4dc7de83604acf95d894e4681c15cd62
[BSP] 86a1d96a16b0d0f21fa050c54406b100 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 51199 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 104856255 | Size: 101418 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: HDT722516DLA380 41N3148LEN +++++
--- User ---
[MBR] e4630627ce5bb90f9a333d0fbb7278d3
[BSP] deea64bc8810fd8c994ebf3f77e44202 : Legit.B MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 238472 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_06222013_161741.txt >>
 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.25.2
Run by Käyttäjä at 16:19:24 on 2013-06-22
Microsoft Windows XP Professional 5.1.2600.3.1252.358.1035.18.2045.1251 [GMT 3:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Program Files\Hi-Rez Studios\HiPatchService.exe
C:\Documents and Settings\Käyttäjä\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe
C:\Documents and Settings\Käyttäjä\Application Data\Dropbox\bin\Dropbox.exe
C:\Documents and Settings\Käyttäjä\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.

uProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [MediaGet2] c:\documents and settings\käyttäjä\local settings\application data\mediaget2\mediaget.exe --minimized
uRun: [Akamai NetSession Interface] "c:\documents and settings\käyttäjä\local settings\application data\akamai\netsession_win.exe"
uRun: [DAEMON Tools Lite] "d:\daemon tools lite\DTLite.exe" -autorun
uRun: [DAEMON Tools Ultra Agent] "c:\program files\daemon tools ultra\DTAgent.exe" -autorun
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\kyttj~1\kynnis~1\ohjelmat\kynnis~1\dropbox.lnk - c:\documents and settings\käyttäjä\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\kyttj~1\kynnis~1\ohjelmat\kynnis~1\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\kynnis~1\ohjelmat\kynnis~1\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.285\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: ForceClassicControlPanel = dword:1
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe


TCP: NameServer = 62.241.198.246 62.241.198.245
TCP: Interfaces\{E51F6B59-8549-4628-885A-6D16836651D2} : DHCPNameServer = 62.241.198.246 62.241.198.245
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.116\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\käyttäjä\application data\mozilla\firefox\profiles\1opcxgf4.default\
.
============= SERVICES / DRIVERS ===============
.
P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files\hi-rez studios\HiPatchService.exe [2013-6-20 9216]
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-2-8 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-2-8 245048]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-2-8 96568]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-2-8 39224]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-3-29 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-3-1 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-2-8 170808]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-3-21 182072]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2013-4-14 242240]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2013-5-14 4937264]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2013-4-18 283136]
R3 Disc Soft Bus Service;Disc Soft Bus Service;c:\program files\daemon tools ultra\DiscSoftBusService.exe [2013-5-23 632352]
R3 dtscsibus;DAEMON Tools Virtual SCSI Bus;c:\windows\system32\drivers\dtscsibus.sys [2013-5-26 24704]
S1 mowfegbz;mowfegbz;\??\c:\windows\system32\drivers\mowfegbz.sys --> c:\windows\system32\drivers\mowfegbz.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 dualshock3;DUALSHOCK3 Controller HID Minidriver (USB) Beta;c:\windows\system32\drivers\dualshock3.sys [2012-1-24 11392]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-4-19 161384]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2011-9-1 33792]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.285\McCHSvc.exe [2012-9-5 234776]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\drivers\s1039bus.sys [2011-12-10 98672]
S3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\drivers\s1039mdfl.sys [2011-12-10 14960]
S3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\drivers\s1039mdm.sys [2011-12-10 124016]
S3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1039mgmt.sys [2011-12-10 117872]
S3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1039nd5.sys [2011-12-10 25456]
S3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\drivers\s1039obex.sys [2011-12-10 113904]
S3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1039unic.sys [2011-12-10 123504]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-06-22 12:41:59 -------- d-----w- c:\windows\ERUNT
2013-06-22 12:41:11 -------- d-----w- C:\JRT
2013-06-22 10:10:01 -------- d-----w- c:\documents and settings\käyttäjä\application data\AVG2013
2013-06-22 10:09:06 -------- d-----w- c:\documents and settings\käyttäjä\application data\TuneUp Software
2013-06-22 10:08:05 -------- d--h--w- C:\$AVG
2013-06-22 10:08:04 -------- d-----w- c:\documents and settings\all users\application data\AVG2013
2013-06-22 08:58:43 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-06-22 08:58:38 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-22 08:51:10 -------- d-----w- c:\windows\system32\appmgmt
2013-06-22 08:30:23 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes' Anti-Malware (portable)
2013-06-22 07:49:24 -------- d-----w- c:\documents and settings\käyttäjä\application data\Malwarebytes
2013-06-22 07:48:51 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-06-22 07:48:45 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-20 09:08:42 -------- d-----w- c:\program files\Microsoft Chart Controls
2013-06-20 09:06:50 -------- d-----w- C:\Documents
2013-06-20 09:04:26 -------- d-----w- c:\program files\Hi-Rez Studios
2013-06-19 11:40:41 -------- d-----w- c:\documents and settings\all users\application data\Hi-Rez Studios
2013-06-19 11:21:53 -------- d-----w- C:\ProgramData
2013-06-19 10:46:19 -------- d-----w- C:\AeriaGames
2013-06-17 20:11:30 163328 ----a-w- c:\windows\system32\FlashPlayerUpdateService.exe
2013-06-14 12:18:10 -------- d-----w- c:\program files\AVAST Software
2013-06-14 12:17:52 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2013-06-14 11:44:34 -------- d-----w- c:\program files\Enigma Software Group
2013-06-14 11:43:45 -------- d-----w- c:\windows\46B04D534E344388B6EE80FAB66AEF9B.TMP
2013-06-14 11:08:01 -------- d-----w- c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2013-06-14 09:46:07 -------- d-----w- c:\windows\E89498D814304A2BA76A4A71326981E9.TMP
2013-06-13 18:49:31 -------- d-----w- c:\documents and settings\käyttäjä\application data\TS3Client
2013-06-11 09:46:41 -------- d-----w- c:\program files\TeamSpeak 3 Client
2013-06-06 15:54:29 -------- d-----w- c:\program files\Dropbox
2013-06-06 15:52:26 -------- d-----w- c:\documents and settings\käyttäjä\application data\Dropbox
2013-06-06 15:28:36 -------- d-----w- c:\documents and settings\all users\application data\McAfee Security Scan
2013-06-06 15:28:24 -------- d-----w- c:\program files\McAfee Security Scan
2013-06-03 11:07:42 -------- d-----w- c:\documents and settings\käyttäjä\application data\ShanghaiAlice
2013-05-27 16:40:23 -------- d-----w- c:\windows\system32\xlive
2013-05-27 16:40:13 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2013-05-26 10:38:49 24704 ----a-w- c:\windows\system32\drivers\dtscsibus.sys
2013-05-26 10:38:42 -------- d-----w- c:\documents and settings\käyttäjä\application data\DAEMON Tools Ultra
2013-05-26 10:38:22 -------- d-----w- c:\program files\DAEMON Tools Ultra
2013-05-26 10:37:44 -------- d-----w- c:\documents and settings\all users\application data\DAEMON Tools Ultra
2013-05-26 10:21:24 -------- d-----w- C:\Gamez
2013-05-26 10:08:18 -------- d-----w- c:\documents and settings\käyttäjä\application data\Skype
2013-05-26 10:08:08 -------- d-----r- c:\program files\Skype
2013-05-25 22:52:09 -------- d-----w- c:\documents and settings\all users\application data\ASign
2013-05-25 22:14:18 -------- d-----w- c:\documents and settings\käyttäjä\application data\Nitroplus
.
==================== Find3M ====================
.
2013-06-22 08:58:18 867240 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-06-22 08:58:17 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-12 15:57:23 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-12 15:57:23 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-25 22:27:28 1174979 ----a-w- c:\windows\apppatch\unins000.exe
2013-05-25 13:18:27 139832 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-05-25 13:17:43 281768 ----a-w- c:\windows\system32\PnkBstrB.xtr
2013-05-25 13:17:43 281768 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-05-22 15:26:12 281768 ----a-w- c:\windows\system32\PnkBstrB.ex0
2013-05-07 22:27:13 920064 ----a-w- c:\windows\system32\wininet.dll
2013-05-07 22:27:12 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-07 22:27:12 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-07 21:53:29 385024 ----a-w- c:\windows\system32\html.iec
2013-05-03 05:39:10 2152448 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-03 05:39:10 2031104 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-05-02 15:28:50 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-18 12:32:21 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-04-12 14:01:35 1876608 ----a-w- c:\windows\system32\win32k.sys
2013-03-28 23:53:48 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
.
============= FINISH: 16:19:37,57 ===============

 



#4 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,404 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 22 June 2013 - 09:21 AM

Any progress?
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#5 Waxingcrescent

Waxingcrescent

    New Member

  • Members
  • Pip
  • 8 posts

Posted 22 June 2013 - 10:22 AM

HRUPPROG.DIE.NOW and the txt file still show up when I reboot. Other than that haven't noticed anything happening yet.



#6 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,404 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 22 June 2013 - 10:30 AM

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#7 Waxingcrescent

Waxingcrescent

    New Member

  • Members
  • Pip
  • 8 posts

Posted 22 June 2013 - 11:10 AM

ComboFix 13-06-22.01 - Käyttäjä 22.06.2013 18:59:56.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.358.1035.18.2045.1566 [GMT 3:00]
Sijainti: d:\sõõdetõõs tõõ balrog nyt\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Käyttäjä\Application Data\Microsoft\~DFK51c46c3.tmp
c:\documents and settings\Käyttäjä\Application Data\Microsoft\1eaadjc.dll
c:\documents and settings\Käyttäjä\Application Data\Microsoft\bass.dll
c:\documents and settings\Käyttäjä\Application Data\Microsoft\kfgresk.dll
c:\documents and settings\Käyttäjä\Application Data\Microsoft\mjcriu.dll
c:\documents and settings\Käyttäjä\Application Data\Microsoft\peaadje.dll
c:\documents and settings\Käyttäjä\Application Data\Microsoft\qwadjb.dll
c:\documents and settings\Käyttäjä\Application Data\Microsoft\rsaadjd.dll
c:\windows\apppatch\AppLoc.exe
c:\windows\apppatch\AppLocA.exe
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\apppatch\unins000.dat
c:\windows\apppatch\unins000.exe
E:\install.exe
.
.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2013-05-22 to 2013-06-22 )))))))))))))))))
.
.
2013-06-22 12:41 . 2013-06-22 12:41 -------- d-----w- c:\windows\ERUNT
2013-06-22 12:41 . 2013-06-22 12:41 -------- d-----w- C:\JRT
2013-06-22 10:10 . 2013-06-22 10:10 -------- d-----w- c:\documents and settings\Käyttäjä\Application Data\AVG2013
2013-06-22 10:09 . 2013-06-22 10:09 -------- d-----w- c:\documents and settings\Käyttäjä\Application Data\TuneUp Software
2013-06-22 10:08 . 2013-06-22 10:08 -------- d-----w- C:\$AVG
2013-06-22 10:08 . 2013-06-22 10:09 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2013
2013-06-22 10:04 . 2013-06-22 10:38 -------- d-----w- c:\documents and settings\Käyttäjä\Local Settings\Application Data\Avg2013
2013-06-22 10:04 . 2013-06-22 10:04 -------- d-----w- c:\documents and settings\Käyttäjä\Local Settings\Application Data\MFAData
2013-06-22 09:10 . 2013-06-22 09:11 -------- d-----w- c:\program files\ERUNT
2013-06-22 08:58 . 2013-06-22 08:58 -------- d-----w- c:\program files\Common Files\Java
2013-06-22 08:58 . 2013-06-22 08:58 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-06-22 08:58 . 2013-06-22 08:58 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-22 08:30 . 2013-06-22 08:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-06-22 07:49 . 2013-06-22 07:49 -------- d-----w- c:\documents and settings\Käyttäjä\Application Data\Malwarebytes
2013-06-22 07:48 . 2013-06-22 07:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-06-22 07:48 . 2013-04-04 11:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-20 09:08 . 2013-06-20 09:08 -------- d-----w- c:\program files\Microsoft Chart Controls
2013-06-20 09:06 . 2013-06-20 09:07 -------- d-----w- C:\Documents
2013-06-20 09:04 . 2013-06-20 09:04 -------- d-----w- c:\program files\Hi-Rez Studios
2013-06-19 11:40 . 2013-06-20 09:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Hi-Rez Studios
2013-06-19 11:21 . 2013-06-19 11:21 -------- d-----w- C:\ProgramData
2013-06-19 10:46 . 2013-06-19 10:47 -------- d-----w- c:\documents and settings\Käyttäjä\Local Settings\Application Data\Akamai
2013-06-19 10:46 . 2013-06-19 10:46 -------- d-----w- C:\AeriaGames
2013-06-17 20:11 . 2013-05-28 13:05 163328 ----a-w- c:\windows\system32\FlashPlayerUpdateService.exe
2013-06-14 12:19 . 2013-05-09 08:58 229648 ----a-w- c:\windows\system32\aswBoot.exe
2013-06-14 12:18 . 2013-06-14 12:18 -------- d-----w- c:\program files\AVAST Software
2013-06-14 12:17 . 2013-06-22 10:20 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2013-06-14 11:44 . 2013-06-14 11:44 -------- d-----w- c:\program files\Enigma Software Group
2013-06-14 11:43 . 2013-06-14 12:06 -------- d-----w- c:\windows\46B04D534E344388B6EE80FAB66AEF9B.TMP
2013-06-14 11:08 . 2013-06-14 11:38 -------- d-----w- c:\windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2013-06-14 09:46 . 2013-06-14 11:05 -------- d-----w- c:\windows\E89498D814304A2BA76A4A71326981E9.TMP
2013-06-13 18:49 . 2013-06-18 12:59 -------- d-----w- c:\documents and settings\Käyttäjä\Application Data\TS3Client
2013-06-11 09:46 . 2013-06-11 09:46 -------- d-----w- c:\program files\TeamSpeak 3 Client
2013-06-08 15:48 . 2013-06-08 15:48 -------- d-----w- c:\documents and settings\Käyttäjä\Local Settings\Application Data\Razer
2013-06-08 11:50 . 2013-06-08 11:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Razer
2013-06-08 11:50 . 2013-06-08 11:50 -------- d-----w- c:\program files\Razer
2013-06-08 00:51 . 2013-06-08 00:51 -------- d-----w- c:\documents and settings\Kõyttõjõ
2013-06-06 15:54 . 2013-06-06 15:54 -------- d-----w- c:\program files\Dropbox
2013-06-06 15:52 . 2013-06-22 15:20 -------- d-----w- c:\documents and settings\Käyttäjä\Application Data\Dropbox
2013-06-06 15:28 . 2013-06-06 15:28 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2013-06-06 15:28 . 2013-06-06 15:28 -------- d-----w- c:\program files\McAfee Security Scan
2013-06-03 11:07 . 2013-06-03 11:07 -------- d-----w- c:\documents and settings\Käyttäjä\Application Data\ShanghaiAlice
2013-05-27 16:51 . 2013-05-27 16:51 -------- d-----w- c:\documents and settings\Käyttäjä\Local Settings\Application Data\NBGI
2013-05-27 16:40 . 2013-05-27 16:40 -------- d-----w- c:\windows\system32\xlive
2013-05-27 16:40 . 2013-05-27 16:40 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2013-05-26 10:43 . 2013-05-26 10:43 -------- d-----w- c:\documents and settings\Käyttäjä\Local Settings\Application Data\DTClient
2013-05-26 10:39 . 2013-05-26 10:39 -------- d-----w- c:\documents and settings\LocalService\Application Data\DAEMON Tools Ultra
2013-05-26 10:38 . 2013-05-26 10:38 24704 ----a-w- c:\windows\system32\drivers\dtscsibus.sys
2013-05-26 10:38 . 2013-05-26 10:39 -------- d-----w- c:\documents and settings\Käyttäjä\Application Data\DAEMON Tools Ultra
2013-05-26 10:38 . 2013-05-26 10:38 -------- d-----w- c:\program files\DAEMON Tools Ultra
2013-05-26 10:37 . 2013-05-26 10:38 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Ultra
2013-05-26 10:21 . 2013-06-19 13:17 -------- d-----w- C:\Gamez
2013-05-26 10:08 . 2013-06-22 12:41 -------- d-----w- c:\documents and settings\Käyttäjä\Application Data\Skype
2013-05-26 10:08 . 2013-05-26 10:08 -------- d-----w- c:\program files\Common Files\Skype
2013-05-26 10:08 . 2013-05-26 10:08 -------- d-----r- c:\program files\Skype
2013-05-25 22:52 . 2013-05-25 22:52 -------- d-----w- c:\documents and settings\All Users\Application Data\ASign
2013-05-25 22:14 . 2013-05-25 22:14 -------- d-----w- c:\documents and settings\Käyttäjä\Application Data\Nitroplus
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-22 08:58 . 2012-06-20 16:19 867240 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-06-22 08:58 . 2011-04-01 14:55 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-12 15:57 . 2012-04-13 10:49 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-12 15:57 . 2011-05-17 10:30 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-27 17:13 . 2009-08-18 08:30 564632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\wlidui.dll
2013-05-27 17:13 . 2009-08-18 08:24 22240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-25 13:18 . 2011-05-30 13:32 139832 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-05-25 13:17 . 2011-05-30 13:51 281768 ----a-w- c:\windows\system32\PnkBstrB.xtr
2013-05-25 13:17 . 2011-05-30 13:31 281768 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-05-22 15:26 . 2011-05-30 13:31 281768 ----a-w- c:\windows\system32\PnkBstrB.ex0
2013-05-07 22:27 . 2010-01-05 12:32 920064 ----a-w- c:\windows\system32\wininet.dll
2013-05-07 22:27 . 2010-01-05 12:31 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-07 22:27 . 2010-01-05 12:31 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-07 21:53 . 2010-01-05 12:31 385024 ----a-w- c:\windows\system32\html.iec
2013-05-03 05:39 . 2010-01-05 12:35 2152448 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-03 05:39 . 2009-08-04 17:23 2031104 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-05-02 15:28 . 2011-03-31 12:30 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-18 12:32 . 2013-04-14 07:39 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-04-12 14:01 . 2010-01-05 12:35 1876608 ----a-w- c:\windows\system32\win32k.sys
2013-03-28 23:53 . 2013-03-28 23:53 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2012-01-30 12:39 . 2011-04-01 10:43 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-01-05 . 0DE6E64FFFCEB9D65FE4DAD3BDE081BE . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 130736 ----a-w- c:\documents and settings\Käyttäjä\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 130736 ----a-w- c:\documents and settings\Käyttäjä\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 130736 ----a-w- c:\documents and settings\Käyttäjä\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-05 17:17 130736 ----a-w- c:\documents and settings\Käyttäjä\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\documents and settings\Käyttäjä\Local Settings\Application Data\Akamai\netsession_win.exe" [2013-01-26 4480768]
"DAEMON Tools Lite"="d:\daemon tools lite\DTLite.exe" [2013-03-14 3672640]
"DAEMON Tools Ultra Agent"="c:\program files\DAEMON Tools Ultra\DTAgent.exe" [2013-05-23 3123744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-07 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-04-28 4408368]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2010-01-05 128512]
.
c:\documents and settings\Käyttäjä\Käynnistä-valikko\Ohjelmat\Käynnistys\
Dropbox.lnk - c:\documents and settings\Käyttäjä\Application Data\Dropbox\bin\Dropbox.exe /systemstartup [2013-6-5 27370808]
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow [2005-10-20 38912]
.
c:\documents and settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.285\SSScheduler.exe [2012-9-5 271808]
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\java.exe"=
"c:\\Documents and Settings\\Käyttäjä\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Hikihyry\\SteamApps\\common\\dota 2 beta\\dota.exe"=
"d:\\Hikihyry\\SteamApps\\common\\Half-Life\\hl.exe"=
"c:\\Documents and Settings\\Käyttäjä\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Steam\\SteamApps\\lari1994\\dedicated server\\hlds.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57964:TCP"= 57964:TCP:Pando Media Booster
"57964:UDP"= 57964:UDP:Pando Media Booster
"1039:TCP"= 1039:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files\Hi-Rez Studios\HiPatchService.exe [20.6.2013 12:04 9216]
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [8.2.2013 4:37 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [8.2.2013 4:37 245048]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [8.2.2013 4:37 39224]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [29.3.2013 2:53 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [1.3.2013 10:32 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [8.2.2013 4:37 170808]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [21.3.2013 3:08 182072]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [14.4.2013 10:39 242240]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [18.4.2013 4:34 283136]
R3 Disc Soft Bus Service;Disc Soft Bus Service;c:\program files\DAEMON Tools Ultra\DiscSoftBusService.exe [23.5.2013 14:32 632352]
R3 dtscsibus;DAEMON Tools Virtual SCSI Bus;c:\windows\system32\drivers\dtscsibus.sys [26.5.2013 13:38 24704]
S1 mowfegbz;mowfegbz;\??\c:\windows\system32\drivers\mowfegbz.sys --> c:\windows\system32\drivers\mowfegbz.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [14.5.2013 0:54 4937264]
S2 dualshock3;DUALSHOCK3 Controller HID Minidriver (USB) Beta;c:\windows\system32\drivers\dualshock3.sys [24.1.2012 16:21 11392]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [19.4.2013 15:14 161384]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [1.9.2011 16:07 33792]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.285\McCHSvc.exe [5.9.2012 18:56 234776]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 s1039bus;Sony Ericsson Device 1039 driver (WDM);c:\windows\system32\drivers\s1039bus.sys [10.12.2011 4:35 98672]
S3 s1039mdfl;Sony Ericsson Device 1039 USB WMC Modem Filter;c:\windows\system32\drivers\s1039mdfl.sys [10.12.2011 4:35 14960]
S3 s1039mdm;Sony Ericsson Device 1039 USB WMC Modem Driver;c:\windows\system32\drivers\s1039mdm.sys [10.12.2011 4:35 124016]
S3 s1039mgmt;Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1039mgmt.sys [10.12.2011 4:35 117872]
S3 s1039nd5;Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1039nd5.sys [10.12.2011 4:35 25456]
S3 s1039obex;Sony Ericsson Device 1039 USB WMC OBEX Interface;c:\windows\system32\drivers\s1039obex.sys [10.12.2011 4:35 113904]
S3 s1039unic;Sony Ericsson Device 1039 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1039unic.sys [10.12.2011 4:35 123504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-20 15:21 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
'Ajoitetut tehtävät'-kansion sisältö
.
2013-06-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 13:05]
.
2013-06-22 c:\windows\Tasks\AdobeFlashPlayerUpdate 2.job
- c:\windows\system32\FlashPlayerUpdateService.exe [2013-06-17 13:05]
.
2013-06-22 c:\windows\Tasks\AdobeFlashPlayerUpdate.job
- c:\windows\system32\FlashPlayerUpdateService.exe [2013-06-17 13:05]
.
2013-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2000-12-31 21:15]
.
2013-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2000-12-31 21:15]
.
.
------- Täydentävä tarkistus -------
.

uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 62.241.198.246 62.241.198.245
FF - ProfilePath - c:\documents and settings\Käyttäjä\Application Data\Mozilla\Firefox\Profiles\1opcxgf4.default\
.
- - - - POISTETUT JÄMÄRIVIT - - - -
.
HKCU-Run-MediaGet2 - c:\documents and settings\Käyttäjä\Local Settings\Application Data\MediaGet2\mediaget.exe
HKLM-Run-UnlockerAssistant - c:\program files\Unlocker\UnlockerAssistant.exe
AddRemove-MeldaProduction MFreeEffectsBundle 7 - d:\hoh\SAMPLES\Plugins\Effects\MFreeEffectsBundle 7\setup.exe
AddRemove-Unofficial Oblivion Patch_is1 - c:\gamez\Oblivion\Unofficial Oblivion Patch\unins000.exe
AddRemove-uTorrent - c:\program files\uTorrent\uTorrent.exe
AddRemove-{9143B17E-BBDE-4EA7-A4E3-20D384D9C8A5}_is1 - c:\windows\AppPatch\unins000.exe
AddRemove-“Œ•û_—ì•_ ‘ÌŒ±”Å_is1 - c:\gamez\Touhou\Touhou 13\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-22 19:05
Windows 5.1.2600 Service Pack 3 NTFS
.
tarkistaa piilotettuja prosesseja ...
.
tarkistaa piilotettuja käynnistysarvoja ...
.
tarkistaa piilotettuja tiedostoja ...
.
tarkistus on valmis
piilotetut tiedostot: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LUKITUT REKISTERIAVAIMET ---------------------
.
[HKEY_USERS\S-1-5-21-583907252-2000478354-1177238915-1003\Software\SecuROM\License information*]
"datasecu"=hex:04,a3,c7,12,24,14,eb,62,8f,c1,a9,8a,a3,2e,b6,7c,ca,86,48,41,87,
b0,b2,6f,85,96,53,0e,5d,44,d6,0b,fc,9a,44,3a,17,42,cd,62,2a,2b,58,af,cd,42,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*]
"b049C053C7D38EE4AB9A00CB3B5D2472"="C?\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\PUBPLACE.HTT"
.
Valmistumisajankohta: 2013-06-22 19:08:08
ComboFix-quarantined-files.txt 2013-06-22 16:08
.
Ennen ajoa: 10 408 132 608 tavua vapaana
Ajon jälkeen: 11 438 690 304 tavua vapaana
.
WindowsXP-KB310994-SP2-Pro-BootDisk-FIN.EXE
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 2A44C8A2D0C194F1506428505BD31FAE
6573D157A3DFFD65292C07911AC353A2



#8 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,404 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 22 June 2013 - 12:21 PM

Please open www.virustotal.com and upload this file:
c:\windows\system32\sfcfiles.dll

If ask you to reanalyse the file, please confirm. Wait until scan finished and copy/paste the URL in your next reply.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#9 Waxingcrescent

Waxingcrescent

    New Member

  • Members
  • Pip
  • 8 posts

Posted 22 June 2013 - 02:11 PM

https://www.virustot...sis/1371928108/



#10 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,404 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 23 June 2013 - 04:57 AM

Good! :)

Please scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#11 Waxingcrescent

Waxingcrescent

    New Member

  • Members
  • Pip
  • 8 posts

Posted 23 June 2013 - 10:14 AM

C:\Documents and Settings\Käyttäjä\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\41\24159169-380586c8 multiple threats cleaned by deleting - quarantined
C:\Documents and Settings\Käyttäjä\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\53\3925b535-6a76414d multiple threats cleaned by deleting - quarantined
C:\Documents and Settings\Käyttäjä\Omat tiedostot\Downloads\SpyHunter 4.12.13.4202_inamsoftwares.com_onhax.com_softexellence.com.rar a variant of Win32/HackTool.Patcher.T application deleted - quarantined
C:\Program Files\Enigma Software Group\SpyHunter\Patch\SND.rar a variant of Win32/HackTool.Patcher.T application deleted - quarantined
C:\Program Files\Enigma Software Group\SpyHunter\Patch\SND\patch.exe a variant of Win32/HackTool.Patcher.T application cleaned by deleting - quarantined
C:\System Volume Information\_restore{2ABC3CFE-7EDB-483A-911A-AE06198072C1}\RP1298\A0111893.exe a variant of Win32/Somoto.A application cleaned by deleting - quarantined
C:\System Volume Information\_restore{2ABC3CFE-7EDB-483A-911A-AE06198072C1}\RP1298\A0111905.dll a variant of Win32/bProtector.A application cleaned by deleting - quarantined
C:\System Volume Information\_restore{2ABC3CFE-7EDB-483A-911A-AE06198072C1}\RP1298\A0111909.exe a variant of Win32/bProtector.A application cleaned by deleting - quarantined
C:\System Volume Information\_restore{2ABC3CFE-7EDB-483A-911A-AE06198072C1}\RP1298\A0111910.exe a variant of Win32/bProtector.A application cleaned by deleting - quarantined
C:\System Volume Information\_restore{2ABC3CFE-7EDB-483A-911A-AE06198072C1}\RP1298\A0111945.exe a variant of Win32/Bundled.Toolbar.Ask.C application cleaned by deleting - quarantined



#12 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,404 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 23 June 2013 - 10:17 AM

javaicon.gif Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older versions of Java components and upgrade the application.

Upgrading Java :
Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, then click Remove JRE.
  • Run the built-in uninstallers for all copies of java listed
  • Click the Next button
  • Click the Next button again
  • Click the Java Manual Download link
  • A browser window will open with the Java download page
  • Click the Windows Offline (32-bit) or Windows Offline (64-bit) link to download Java (based on your browser type)
  • Run the installer
  • Close JavaRa

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#13 Waxingcrescent

Waxingcrescent

    New Member

  • Members
  • Pip
  • 8 posts

Posted 24 June 2013 - 03:34 AM

Anything else?



#14 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,404 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 24 June 2013 - 07:14 AM

How are things now?
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#15 Waxingcrescent

Waxingcrescent

    New Member

  • Members
  • Pip
  • 8 posts

Posted 27 June 2013 - 02:12 AM

No more HRUPPROG on startup. Thanks man.



#16 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,404 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 27 June 2013 - 02:20 AM

Glad I could help! :)

Step 1
  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
Step 2
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Uninstall
  • Confirm with Yes
Step 3

Please uninstall ESET Online Scanner and manually delete JavaRa


Step 4

Some malware prevention tips:
users.telenet.be/bluepatchy/miekiemoes/prevention.html


Safe surfing! :)
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#17 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 28 June 2013 - 03:47 PM

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users